Solved issue with POST in vulnerable components lesson
This commit is contained in:
Nanne Baars
parent
8d3b028acc
commit
65d728dfff
@ -4,9 +4,9 @@ import com.thoughtworks.xstream.XStream;
|
|||||||
import org.owasp.webgoat.assignments.AssignmentEndpoint;
|
import org.owasp.webgoat.assignments.AssignmentEndpoint;
|
||||||
import org.owasp.webgoat.assignments.AssignmentPath;
|
import org.owasp.webgoat.assignments.AssignmentPath;
|
||||||
import org.owasp.webgoat.assignments.AttackResult;
|
import org.owasp.webgoat.assignments.AttackResult;
|
||||||
import org.springframework.web.bind.annotation.RequestBody;
|
|
||||||
import org.springframework.web.bind.annotation.RequestMapping;
|
import org.springframework.web.bind.annotation.RequestMapping;
|
||||||
import org.springframework.web.bind.annotation.RequestMethod;
|
import org.springframework.web.bind.annotation.RequestMethod;
|
||||||
|
import org.springframework.web.bind.annotation.RequestParam;
|
||||||
import org.springframework.web.bind.annotation.ResponseBody;
|
import org.springframework.web.bind.annotation.ResponseBody;
|
||||||
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
@ -49,7 +49,7 @@ import java.io.IOException;
|
|||||||
public class VulnerableComponentsLesson extends AssignmentEndpoint {
|
public class VulnerableComponentsLesson extends AssignmentEndpoint {
|
||||||
|
|
||||||
@RequestMapping(method = RequestMethod.POST)
|
@RequestMapping(method = RequestMethod.POST)
|
||||||
public @ResponseBody AttackResult completed(@RequestBody String payload) throws IOException {
|
public @ResponseBody AttackResult completed(@RequestParam String payload) throws IOException {
|
||||||
String process = "open";
|
String process = "open";
|
||||||
String arguments = "/Applications/Calculator.app";
|
String arguments = "/Applications/Calculator.app";
|
||||||
|
|
||||||
|
|||||||
@ -131,35 +131,23 @@
|
|||||||
<!-- include content here, or can be placed in another location. Content will be presented via asciidocs files,
|
<!-- include content here, or can be placed in another location. Content will be presented via asciidocs files,
|
||||||
which you put in src/main/resources/plugin/lessonplans/{lang}/{fileName}.adoc -->
|
which you put in src/main/resources/plugin/lessonplans/{lang}/{fileName}.adoc -->
|
||||||
<div class="adoc-content" th:replace="doc:VulnerableComponents_content5.adoc"></div>
|
<div class="adoc-content" th:replace="doc:VulnerableComponents_content5.adoc"></div>
|
||||||
<div class="attack-container">
|
|
||||||
<!-- using attack-form class on your form, will allow your request to be ajaxified and stay within the display framework for webgoat -->
|
|
||||||
<div id="lessonContent">
|
|
||||||
<!-- using attack-form class on your form will allow your request to be ajaxified and stay within the display framework for webgoat -->
|
|
||||||
<!-- you can write your own custom forms, but standard form submission will take you to your endpoint and outside of the WebGoat framework -->
|
|
||||||
<!-- of course, you can write your own ajax submission /handling in your own javascript if you like -->
|
|
||||||
<form class="attack-form" accept-charset="UNKNOWN"
|
|
||||||
method="POST" name="form"
|
|
||||||
action="/WebGoat/VulnerableComponents/attack1"
|
|
||||||
enctype="application/json;charset=UTF-8">
|
|
||||||
Enter Your XML payload: <input name="payload" value="" type="TEXT"/><input
|
|
||||||
name="SUBMIT" value="Go!" type="SUBMIT"/>
|
|
||||||
</form>
|
|
||||||
<!-- do not remove the two following div's, this is where your feedback/output will land -->
|
|
||||||
<div class="attack-feedback"></div>
|
|
||||||
<div class="attack-output"></div>
|
|
||||||
<!-- ... of course, you can move them if you want to, but that will not look consistent to other lessons -->
|
|
||||||
</div>
|
|
||||||
|
|
||||||
</div>
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
<div class="attack-container">
|
<div class="attack-container">
|
||||||
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
||||||
<!-- using attack-form class on your form will allow your request to be ajaxified and stay within the display framework for webgoat -->
|
<!-- using attack-form class on your form will allow your request to be ajaxified and stay within the display framework for webgoat -->
|
||||||
<!-- you can write your own custom forms, but standard form submission will take you to your endpoint and outside of the WebGoat framework -->
|
<!-- you can write your own custom forms, but standard form submission will take you to your endpoint and outside of the WebGoat framework -->
|
||||||
<!-- of course, you can write your own ajax submission /handling in your own javascript if you like -->
|
<!-- of course, you can write your own ajax submission /handling in your own javascript if you like -->
|
||||||
|
<form class="attack-form" accept-charset="UNKNOWN"
|
||||||
|
method="POST" name="form"
|
||||||
|
action="/WebGoat/VulnerableComponents/attack1"
|
||||||
|
enctype="application/json;charset=UTF-8">
|
||||||
|
<div id="lessonContent">
|
||||||
|
<form accept-charset="UNKNOWN" method="POST" name="form"
|
||||||
|
action="#attack/307/100" enctype="">
|
||||||
|
Enter Your XML payload: <input name="payload" value="" type="TEXT"/><input
|
||||||
|
name="SUBMIT" value="Go!" type="SUBMIT"/>
|
||||||
|
</form>
|
||||||
|
</div>
|
||||||
|
</form>
|
||||||
<!-- do not remove the two following div's, this is where your feedback/output will land -->
|
<!-- do not remove the two following div's, this is where your feedback/output will land -->
|
||||||
<div class="attack-feedback"></div>
|
<div class="attack-feedback"></div>
|
||||||
<div class="attack-output"></div>
|
<div class="attack-output"></div>
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user