Restructured the baseline to remove extra src/main directory structure. Added eclipes project file

git-svn-id: http://webgoat.googlecode.com/svn/branches/webgoat-6.0@485 4033779f-a91e-0410-96ef-6bf7bf53c507
2012-11-19 23:57:51 +00:00
parent fb938e0933
commit 6a96547ef0
1204 changed files with 85 additions and 2 deletions
--- a/webapp/javascript/eval.js
+++ b/webapp/javascript/eval.js
@ -0,0 +1,62 @@
+var http_request = false;
+
+function makeXHR(method, url, parameters) {
+	  //alert('url: ' + url + ' parameters: ' + parameters);
+      http_request = false;
+      if (window.XMLHttpRequest) { // Mozilla, Safari,...
+         http_request = new XMLHttpRequest();
+         if (http_request.overrideMimeType) {
+            http_request.overrideMimeType('text/html');
+         }
+      } else if (window.ActiveXObject) { // IE
+         try {
+            http_request = new ActiveXObject("Msxml2.XMLHTTP");
+         } catch (e) {
+            try {
+               http_request = new ActiveXObject("Microsoft.XMLHTTP");
+            } catch (e) {}
+         }
+      }
+      if (!http_request) {
+         alert('Cannot create XMLHTTP instance');
+         return false;
+      }
+      
+      // http_request.onreadystatechange = alertContents;
+      http_request.open(method, url, true);
+      http_request.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
+      http_request.setRequestHeader("Content-length", parameters.length);
+      http_request.setRequestHeader("Connection", "close");
+      
+      http_request.onreadystatechange = function() {
+      		if(http_request.readyState == 4) {
+      			var status = http_request.status;
+      			var responseText = http_request.responseText;
+      			
+      			//alert('status: ' + status);
+      			//alert('responseText: ' + responseText);
+      			
+      			eval(http_request.responseText);      			
+		
+      			if(responseText.indexOf("');") != -1 
+	      			&& responseText.indexOf("alert") != -1 
+	      			&& responseText.indexOf("document.cookie") != -1){
+	      			
+	      			document.form.submit();
+      			}
+      			
+      		}
+      };
+      
+      http_request.send(parameters);
+}
+
+function purchase(url) {
+	var field1 = document.form.field1.value;
+	var field2 = document.form.field2.value;
+	
+	//alert('field1: ' + field1 + ' field2: ' + field2);
+	
+	var parameters = 'field1=' + field1 + '&field2=' + field2;
+	makeXHR('POST', url, parameters);
+}