dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Challenge 3: First setup completed

Browse Source
This commit is contained in:
Nanne Baars 2017-04-08 22:15:58 +02:00
parent 2e1d411220
commit 68e15398e5
12 changed files with 409 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

106
webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge3/Challenge3.java Normal file
View File

@ -0,0 +1,106 @@
package org.owasp.webgoat.plugin.challenge3;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.common.collect.EvictingQueue;
import org.joda.time.DateTime;
import org.owasp.webgoat.assignments.AssignmentEndpoint;
import org.owasp.webgoat.assignments.AssignmentPath;
import org.owasp.webgoat.assignments.AttackResult;
import org.owasp.webgoat.plugin.Flag;
import org.owasp.webgoat.session.WebSession;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.MediaType;
import org.springframework.web.bind.annotation.*;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.Unmarshaller;
import javax.xml.stream.XMLInputFactory;
import javax.xml.stream.XMLStreamReader;
import java.io.IOException;
import java.io.StringReader;
import java.util.Collection;
import static org.springframework.http.MediaType.ALL_VALUE;
import static org.springframework.http.MediaType.APPLICATION_JSON_VALUE;
import static org.springframework.web.bind.annotation.RequestMethod.GET;
import static org.springframework.web.bind.annotation.RequestMethod.POST;
/**
* @author nbaars
* @since 4/8/17.
*/
@AssignmentPath("/challenge3")
public class Challenge3 extends AssignmentEndpoint {
@Autowired
private WebSession webSession;
private static final EvictingQueue<Comment> comments = EvictingQueue.create(100);
static {
comments.add(new Comment("webgoat", DateTime.now().toString(), "Silly cat...."));
comments.add(new Comment("guest", DateTime.now().toString(), "I think I will use this picture in one of my projects."));
comments.add(new Comment("guest", DateTime.now().toString(), "Lol!! :-)."));
}
@RequestMapping(method = GET, produces = APPLICATION_JSON_VALUE)
@ResponseBody
public Collection<Comment> retrieveComments() {
return comments;
}
@RequestMapping(method = POST, consumes = ALL_VALUE, produces = APPLICATION_JSON_VALUE)
@ResponseBody
public AttackResult createNewUser(@RequestBody String commentStr, @RequestHeader("Content-Type") String contentType) throws Exception {
Comment comment = new Comment();
AttackResult attackResult = failed().build();
if (APPLICATION_JSON_VALUE.equals(contentType)) {
comment = parseJson(commentStr);
comment.setDateTime(DateTime.now().toString());
comment.setUser(webSession.getUserName());
}
if (MediaType.APPLICATION_XML_VALUE.equals(contentType)) {
comment = parseXml(commentStr);
comment.setDateTime(DateTime.now().toString());
comment.setUser(webSession.getUserName());
}
if (checkSolution(comment)) {
attackResult = success().feedback("challenge.solved").feedbackArgs(Flag.FLAGS.get(2)).build();
}
return attackResult;
}
private boolean checkSolution(Comment comment) {
if (comment.getComment().contains("Congratulations you may now collect your flag")) {
comment.setComment("Congratulations to " + webSession.getUserName() + " for finding the flag!!");
return true;
}
return false;
}
public static Comment parseXml(String xml) throws Exception {
JAXBContext jc = JAXBContext.newInstance(Comment.class);
XMLInputFactory xif = XMLInputFactory.newFactory();
xif.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, true);
xif.setProperty(XMLInputFactory.IS_VALIDATING, false);
xif.setProperty(XMLInputFactory.SUPPORT_DTD, true);
XMLStreamReader xsr = xif.createXMLStreamReader(new StringReader(xml));
Unmarshaller unmarshaller = jc.createUnmarshaller();
return (Comment) unmarshaller.unmarshal(xsr);
}
private Comment parseJson(String comment) {
ObjectMapper mapper = new ObjectMapper();
try {
return mapper.readValue(comment, Comment.class);
} catch (IOException e) {
return new Comment();
}
}
}

21
webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge3/Comment.java Normal file
View File

@ -0,0 +1,21 @@
package org.owasp.webgoat.plugin.challenge3;
import lombok.AllArgsConstructor;
import lombok.Getter;
import lombok.NoArgsConstructor;
import lombok.Setter;
/**
* @author nbaars
* @since 4/8/17.
*/
@Getter
@Setter
@AllArgsConstructor
@NoArgsConstructor
public class Comment {
private String user;
private String dateTime;
private String comment;
}

33
webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge3/CommentsEndpoint.java Normal file
View File

@ -0,0 +1,33 @@
package org.owasp.webgoat.plugin.challenge3;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
/**
* @author nbaars
* @since 4/8/17.
*/
@RestController
@RequestMapping("challenge-comments")
public class CommentsEndpoint {
//
// private final WebSession webSession;
//
// public CommentsEndpoint(WebSession webSession) {
// this.webSession = webSession;
//
// }
//
//
//
//
//
// @PostMapping
// public Collection<Comment> addComment(String comment) {
// String s = StringUtils.abbreviate(comment, 100);
// comments.add(new Comment(webSession.getUserName(), DateTime.now().toString(), s));
// return comments;
// }
}

75
webgoat-lessons/challenge/src/main/resources/css/challenge3.css Normal file
View File

@ -0,0 +1,75 @@
/* Component: Posts */
.post .post-heading {
height: 95px;
padding: 20px 15px;
}
.post .post-heading .avatar {
width: 60px;
height: 60px;
display: block;
margin-right: 15px;
}
.post .post-heading .meta .title {
margin-bottom: 0;
}
.post .post-heading .meta .title a {
color: black;
}
.post .post-heading .meta .title a:hover {
color: #aaaaaa;
}
.post .post-heading .meta .time {
margin-top: 8px;
color: #999;
}
.post .post-image .image {
width:20%;
height: 40%;
}
.post .post-description {
padding: 5px;
}
.post .post-footer {
border-top: 1px solid #ddd;
padding: 15px;
}
.post .post-footer .input-group-addon a {
color: #454545;
}
.post .post-footer .comments-list {
padding: 0;
margin-top: 20px;
list-style-type: none;
}
.post .post-footer .comments-list .comment {
display: block;
width: 100%;
margin: 20px 0;
}
.post .post-footer .comments-list .comment .avatar {
width: 35px;
height: 35px;
}
.post .post-footer .comments-list .comment .comment-heading {
display: block;
width: 100%;
}
.post .post-footer .comments-list .comment .comment-heading .user {
font-size: 14px;
font-weight: bold;
display: inline;
margin-top: 0;
margin-right: 10px;
}
.post .post-footer .comments-list .comment .comment-heading .time {
font-size: 12px;
color: #aaa;
margin-top: 0;
display: inline;
}
.post .post-footer .comments-list .comment .comment-body {
margin-left: 50px;
}
.post .post-footer .comments-list .comment > .comments-list {
margin-left: 50px;
}

213
webgoat-lessons/challenge/src/main/resources/html/Challenge.html
View File

@ -65,77 +65,76 @@
method="POST" name="form" method="POST" name="form"
action="/WebGoat/challenge/2" action="/WebGoat/challenge/2"
enctype="application/json;charset=UTF-8"> enctype="application/json;charset=UTF-8">
<div class="container">
<input id="discount" type="hidden" value="0"/>
<div class="row">
<div class="col-xs-3 item-photo">
<img style="max-width:100%;" th:src="@{/images/samsung-black.jpg}"/>
</div>
<div class="col-xs-5" style="border:0px solid gray">
<h3>Samsung Galaxy S8 Plus Android Phone</h3>
<h5 style="color:#337ab7"><a href="http://www.samsung.com">Samsung</a> ·
<small style="color:#337ab7">(124421 reviews)</small>
</h5>
<h6 class="title-price"> <input id="discount" type="hidden" value="0"/>
<small>PRICE</small> <div class="row">
<div class="col-xs-3 item-photo">
<img style="max-width:100%;" th:src="@{/images/samsung-black.jpg}"/>
</div>
<div class="col-xs-5" style="border:0px solid gray">
<h3>Samsung Galaxy S8</h3>
<h5 style="color:#337ab7"><a href="http://www.samsung.com">Samsung</a> ·
<small style="color:#337ab7">(124421 reviews)</small>
</h5>
<h6 class="title-price">
<small>PRICE</small>
</h6>
<h3 style="margin-top:0px;"><span>US $</span><span id="price">899</span></h3>
<div class="section">
<h6 class="title-attr" style="margin-top:15px;">
<small>COLOR</small>
</h6> </h6>
<h3 style="margin-top:0px;"><span>US $</span><span id="price">899</span></h3> <div>
<div class="attr" style="width:25px;background:lightgrey;"></div>
<div class="section"> <div class="attr" style="width:25px;background:black;"></div>
<h6 class="title-attr" style="margin-top:15px;">
<small>COLOR</small>
</h6>
<div>
<div class="attr" style="width:25px;background:lightgrey;"></div>
<div class="attr" style="width:25px;background:black;"></div>
</div>
</div> </div>
<div class="section" style="padding-bottom:5px;"> </div>
<h6 class="title-attr"> <div class="section" style="padding-bottom:5px;">
<small>CAPACITY</small> <h6 class="title-attr">
</h6> <small>CAPACITY</small>
<div> </h6>
<div class="attr2">64 GB</div> <div>
<div class="attr2">128 GB</div> <div class="attr2">64 GB</div>
</div> <div class="attr2">128 GB</div>
</div> </div>
<div class="section" style="padding-bottom:20px;"> </div>
<h6 class="title-attr"> <div class="section" style="padding-bottom:5px;">
<small>QUANTITY</small> <h6 class="title-attr">
</h6> <small>QUANTITY</small>
<div> </h6>
<div class="btn-minus"><span class="glyphicon glyphicon-minus"></span></div> <div>
<input class="quantity" value="1"/> <div class="btn-minus"><span class="glyphicon glyphicon-minus"></span></div>
<div class="btn-plus"><span class="glyphicon glyphicon-plus"></span></div> <input class="quantity" value="1"/>
</div> <div class="btn-plus"><span class="glyphicon glyphicon-plus"></span></div>
</div> </div>
</div>
<div class="section" style="padding-bottom:20px;"> <div class="section" style="padding-bottom:5px;">
<h6 class="title-attr"> <h6 class="title-attr">
<small>CHECKOUT CODE</small> <small>CHECKOUT CODE</small>
</h6> </h6>
<!--
Checkout code: webgoat, owasp, owasp-webgoat
-->
<input name="checkoutCode" class="checkoutCode" value=""/>
<!-- </div>
Checkout code: webgoat, owasp, owasp-webgoat
-->
<input name="checkoutCode" class="checkoutCode" value=""/>
</div> <div class="section" style="padding-bottom:20px;">
<button type="submit" class="btn btn-success"><span style="margin-right:20px"
<div class="section" style="padding-bottom:20px;"> class="glyphicon glyphicon-shopping-cart"
<button type="submit" class="btn btn-success"><span style="margin-right:20px" aria-hidden="true"></span>Buy
class="glyphicon glyphicon-shopping-cart" </button>
aria-hidden="true"></span>Buy <h6><a href="#"><span class="glyphicon glyphicon-heart-empty"
</button> style="cursor:pointer;"></span>
<h6><a href="#"><span class="glyphicon glyphicon-heart-empty" Like</a></h6>
style="cursor:pointer;"></span>
Like</a></h6>
</div>
</div> </div>
</div> </div>
</div> </div>
</form> </form>
<br/> <br/>
<div> <div>
@ -158,4 +157,98 @@
</div> </div>
</div> </div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:Challenge_3.adoc"></div>
<link rel="stylesheet" type="text/css" th:href="@{/lesson_css/challenge3.css}"/>
<script th:src="@{/lesson_js/challenge3.js}" language="JavaScript"></script>
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<div class="panel post">
<div class="post-heading">
<div class="pull-left image">
<img th:src="@{/images/avatar1.png}"
class="img-circle avatar" alt="user profile image"/>
</div>
<div class="pull-left meta">
<div class="title h5">
<a href="#"><b>John Doe</b></a>
uploaded a photo.
</div>
<h6 class="text-muted time">24 days ago</h6>
</div>
</div>
<div class="post-image">
<img th:src="@{images/cat.jpg}" class="image" alt="image post"/>
</div>
<div class="post-description">
</div>
<div class="post-footer">
<div class="input-group">
<input class="form-control" id="commentInput" placeholder="Add a comment" type="text"/>
<span class="input-group-addon">
<i id="postComment" class="fa fa-edit"></i>
</span>
</div>
<ul class="comments-list">
<div id="list">
<li class="comment">
<div class="pull-left">
<img class="avatar"
src="http://bootdey.com/img/Content/avatar/avatar1.png"
alt="avatar"/>
</div>
<div class="comment-body">
<div class="comment-heading">
<h4 class="user">John dOE</h4>
<h5 class="time">7 minutes ago</h5>
</div>
<p>I really love this picture. I really wish i could have been
there.</p>
</div>
</li>
<li class="comment">
<div class="pull-left" href="javascript:void(0);">
<img class="avatar"
src="http://bootdey.com/img/Content/avatar/avatar2.png"
alt="avatar"/>
</div>
<div class="comment-body">
<div class="comment-heading">
<h4 class="user">John Doe</h4>
<h5 class="time">3 minutes ago</h5>
</div>
<p>I think I might you this for one of my projects.</p>
</div>
</li>
<li class="comment">
<div class="pull-left" href="javascript:void(0);">
<img class="avatar"
src="http://bootdey.com/img/Content/avatar/avatar4.png"
alt="avatar"/>
</div>
<div class="comment-body">
<div class="comment-heading">
<h4 class="user">John Doe</h4>
<h5 class="time">10 seconds ago</h5>
</div>
<p>Wow! This is gorgeous.</p>
</div>
</li>
</div>
</ul>
</div>
</div>
<br/>
<div class="attack-feedback"></div>
<div class="attack-output"></div>
</div>
</div>
</html> </html>

BIN
webgoat-lessons/challenge/src/main/resources/images/avatar1.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 28 KiB

BIN
webgoat-lessons/challenge/src/main/resources/images/cat.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 8.9 KiB

15
webgoat-lessons/challenge/src/main/resources/js/challenge3.js Normal file
View File

@ -0,0 +1,15 @@
$(document).ready(function () {
$("#postComment").on("blur", function () {
var comment = $("#commentInput").val();
$.post("challenge3", function (result, status) {
var json;
json = '{' +
' "comment":' + '"' + comment + '"'
'}';
})
})
$.get("challenge3", function (result, status) {
alert("Hello");
})
})

2
webgoat-lessons/challenge/src/main/resources/lessonPlans/en/Challenge_1.adoc
View File

@ -1 +1 @@
=== Admin forgot password can you help? ==== Admin forgot password can you help?

2
webgoat-lessons/challenge/src/main/resources/lessonPlans/en/Challenge_2.adoc
View File

@ -1 +1 @@
=== No need to pay... No need to pay...

1
webgoat-lessons/challenge/src/main/resources/lessonPlans/en/Challenge_3.adoc Normal file
View File

@ -0,0 +1 @@
Changing language can have dramatic effects

5
webgoat-lessons/xxe/src/main/resources/js/xxe.js
View File

@ -7,8 +7,9 @@ webgoat.customjs.register = function () {
return xml; return xml;
} }
webgoat.customjs.registerJson = function () { webgoat.customjs.registerJson = function () {
var json = '{' + var json;
' "user":' + '"test"' + json = '{' +
' "user":' + '"test"' +
' "password":' + '"test"' + ' "password":' + '"test"' +
'}'; '}';
return json; return json;