Solved issue with POST in vulnerable components lesson
This commit is contained in:
		| @ -4,9 +4,9 @@ import com.thoughtworks.xstream.XStream; | ||||
| import org.owasp.webgoat.assignments.AssignmentEndpoint; | ||||
| import org.owasp.webgoat.assignments.AssignmentPath; | ||||
| import org.owasp.webgoat.assignments.AttackResult; | ||||
| import org.springframework.web.bind.annotation.RequestBody; | ||||
| import org.springframework.web.bind.annotation.RequestMapping; | ||||
| import org.springframework.web.bind.annotation.RequestMethod; | ||||
| import org.springframework.web.bind.annotation.RequestParam; | ||||
| import org.springframework.web.bind.annotation.ResponseBody; | ||||
|  | ||||
| import java.io.IOException; | ||||
| @ -49,11 +49,11 @@ import java.io.IOException; | ||||
| public class VulnerableComponentsLesson extends AssignmentEndpoint { | ||||
|  | ||||
| 	@RequestMapping(method = RequestMethod.POST) | ||||
| 	public @ResponseBody AttackResult completed(@RequestBody String payload) throws IOException { | ||||
| 	public @ResponseBody AttackResult completed(@RequestParam String payload) throws IOException { | ||||
| 		String process = "open"; 		 | ||||
| 		String arguments = "/Applications/Calculator.app";		 | ||||
| 		 | ||||
| 		String payload2 = "<sorted-set>" + | ||||
| 		String payload2 = "<sorted-set>" +   | ||||
| 						 "<string>foo</string>" + | ||||
| 						 "<dynamic-proxy>" +  | ||||
| 						 "<interface>java.lang.Comparable</interface>" + | ||||
|  | ||||
| @ -131,35 +131,23 @@ | ||||
| 		<!-- include content here, or can be placed in another location. Content will be presented via asciidocs files, | ||||
| 		which you put in src/main/resources/plugin/lessonplans/{lang}/{fileName}.adoc --> | ||||
| 		<div class="adoc-content" th:replace="doc:VulnerableComponents_content5.adoc"></div> | ||||
| 		<div class="attack-container"> | ||||
| 			<!-- using attack-form class on your form, will allow your request to be ajaxified and stay within the display framework for webgoat --> | ||||
| 			<div id="lessonContent"> | ||||
| 				<!-- using attack-form class on your form will allow your request to be ajaxified and stay within the display framework for webgoat --> | ||||
| 				<!-- you can write your own custom forms, but standard form submission will take you to your endpoint and outside of the WebGoat framework --> | ||||
| 				<!-- of course, you can write your own ajax submission /handling in your own javascript if you like --> | ||||
| 				<form class="attack-form" accept-charset="UNKNOWN" | ||||
| 					  method="POST" name="form" | ||||
| 					  action="/WebGoat/VulnerableComponents/attack1" | ||||
| 					  enctype="application/json;charset=UTF-8"> | ||||
| 							Enter Your XML payload: <input name="payload" value="" type="TEXT"/><input | ||||
| 								name="SUBMIT" value="Go!" type="SUBMIT"/> | ||||
| 				</form> | ||||
| 				<!-- do not remove the two following div's, this is where your feedback/output will land --> | ||||
| 				<div class="attack-feedback"></div> | ||||
| 				<div class="attack-output"></div> | ||||
| 				<!-- ... of course, you can move them if you want to, but that will not look consistent to other lessons --> | ||||
| 			</div> | ||||
|  | ||||
| 		</div> | ||||
|  | ||||
|  | ||||
|  | ||||
| 		<div class="attack-container"> | ||||
| 			<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div> | ||||
| 			<!-- using attack-form class on your form will allow your request to be ajaxified and stay within the display framework for webgoat --> | ||||
|             <!-- you can write your own custom forms, but standard form submission will take you to your endpoint and outside of the WebGoat framework --> | ||||
|             <!-- of course, you can write your own ajax submission /handling in your own javascript if you like --> | ||||
|  | ||||
| 			<form class="attack-form" accept-charset="UNKNOWN" | ||||
| 				method="POST" name="form" | ||||
| 				action="/WebGoat/VulnerableComponents/attack1" | ||||
| 				enctype="application/json;charset=UTF-8"> | ||||
| 				<div id="lessonContent"> | ||||
| 					<form accept-charset="UNKNOWN" method="POST" name="form" | ||||
| 						action="#attack/307/100" enctype=""> | ||||
| 						Enter Your XML payload: <input name="payload" value="" type="TEXT"/><input | ||||
| 							name="SUBMIT" value="Go!" type="SUBMIT"/> | ||||
| 					</form> | ||||
| 				</div> | ||||
| 			</form> | ||||
| 			<!-- do not remove the two following div's, this is where your feedback/output will land --> | ||||
| 			<div class="attack-feedback"></div> | ||||
| 			<div class="attack-output"></div> | ||||
|  | ||||
		Reference in New Issue
	
	Block a user