dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- Added some documentations.

Browse Source 
- Changed some variable names for clarification

git-svn-id: http://webgoat.googlecode.com/svn/trunk@24 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
sherif.fathy 2006-10-09 00:49:53 +00:00
parent 6cc8bed0c7
commit 6916632841
2 changed files with 18 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HttpSplitting.java
View File

@ -21,16 +21,16 @@ import org.owasp.webgoat.session.WebSession;
public class HttpSplitting extends LessonAdapter { public class HttpSplitting extends LessonAdapter {
private final static String URL = "url"; private final static String LANGUAGE = "language";
/** /**
* Description of the Method * Description of the Method
* *
* @param s Description of the Parameter * @param s Current WebSession
*/ */
public void handleRequest( WebSession s ) public void handleRequest( WebSession s )
{ {
// call createContent first so messages will go somewhere //Setting a special action to be able to submit to redirect.jsp
Form form = new Form( "/WebGoat/lessons/General/redirect.jsp?" + Form form = new Form( "/WebGoat/lessons/General/redirect.jsp?" +
"Screen=" + String.valueOf(getScreenId()) + "Screen=" + String.valueOf(getScreenId()) +
"&menu=" + getDefaultCategory().getRanking().toString() "&menu=" + getDefaultCategory().getRanking().toString()
@ -44,18 +44,20 @@ public class HttpSplitting extends LessonAdapter {
protected Element createContent(WebSession s) protected Element createContent(WebSession s)
{ {
ElementContainer ec = new ElementContainer(); ElementContainer ec = new ElementContainer();
StringBuffer url = null; StringBuffer lang = null;
try try
{ {
//add the text
ec.addElement( new StringElement( "Search by country : " ) ); ec.addElement( new StringElement( "Search by country : " ) );
url = new StringBuffer( s.getParser().getStringParameter( URL, "" ) ); lang = new StringBuffer( s.getParser().getStringParameter( LANGUAGE, "" ) );
Input input = new Input( Input.TEXT, URL, url.toString() ); //add the search by field
Input input = new Input( Input.TEXT, LANGUAGE, lang.toString() );
ec.addElement( input ); ec.addElement( input );
Element b = ECSFactory.makeButton( "Go!" ); Element b = ECSFactory.makeButton( "Search!" );
ec.addElement( b ); ec.addElement( b );
@ -66,11 +68,15 @@ public class HttpSplitting extends LessonAdapter {
e.printStackTrace(); e.printStackTrace();
} }
//Check if we are coming from the redirect page
String fromRedirect = s.getParser().getStringParameter ( "fromRedirect" , ""); String fromRedirect = s.getParser().getStringParameter ( "fromRedirect" , "");
if ( url.length() != 0 && fromRedirect.length() != 0 ) if ( lang.length() != 0 && fromRedirect.length() != 0 )
{ {
String[] arrTokens = url.toString().split(System.getProperty("line.separator")); //Split by the line separator line.separator is platform independant
if (Arrays.binarySearch(arrTokens, "Content-Length: 0") >= 0 && String[] arrTokens = lang.toString().toUpperCase().split(System.getProperty("line.separator"));
//Check if the user ended the first request and wrote the second malcious reply
if (Arrays.binarySearch(arrTokens, "CONTENT-LENGTH: 0") >= 0 &&
Arrays.binarySearch(arrTokens, "HTTP/1.1 200 OK") >= 0 ) Arrays.binarySearch(arrTokens, "HTTP/1.1 200 OK") >= 0 )
{ {
makeSuccess( s ); makeSuccess( s );

2
webgoat/main/project/WebContent/lessons/General/redirect.jsp
View File

@ -10,7 +10,7 @@
<% response.sendRedirect("/WebGoat/attack?" + <% response.sendRedirect("/WebGoat/attack?" +
"Screen=" + request.getParameter("Screen") + "Screen=" + request.getParameter("Screen") +
"&menu=" + request.getParameter("menu") + "&menu=" + request.getParameter("menu") +
"&fromRedirect=yes&url=" + request.getParameter("url")); "&fromRedirect=yes&language=" + request.getParameter("language"));
%> %>
</body> </body>
</html> </html>