Add path traversal lesson

2020-03-03 21:37:24 +01:00
parent c4c28f544f
commit 6c25cf8e43
72 changed files with 1286 additions and 146 deletions
--- a/webgoat-lessons/cross-site-scripting/src/main/resources/html/CrossSiteScripting.html
+++ b/webgoat-lessons/cross-site-scripting/src/main/resources/html/CrossSiteScripting.html
@ -12,8 +12,7 @@
 		<div id="lessonContent">
 			<form class="attack-form" accept-charset="UNKNOWN"
 				  method="POST" name="form"
-				  action="/WebGoat/CrossSiteScripting/attack1"
-				  enctype="application/json;charset=UTF-8">
+				  action="/WebGoat/CrossSiteScripting/attack1">
 				<table>
 					<tr>
 						<td>Were the cookies the same on each tab?</td>
@ -48,8 +47,7 @@
 		<div id="lessonContent">
 			<form class="attack-form" accept-charset="UNKNOWN"
 				  method="GET" name="xss-5a"
-				  action="/WebGoat/CrossSiteScripting/attack5a"
-				  enctype="application/json;charset=UTF-8">
+				  action="/WebGoat/CrossSiteScripting/attack5a">
 				<hr width="90%" />
 				<center>
 					<h1>Shopping Cart</h1>
@ -145,8 +143,7 @@
 		<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
 		<form class="attack-form" accept-charset="UNKNOWN"
 			  method="POST" name="DOMTestRoute"
-			  action="/WebGoat/CrossSiteScripting/attack6a"
-			  enctype="application/json;charset=UTF-8">
+			  action="/WebGoat/CrossSiteScripting/attack6a">
 			<input name="DOMTestRoute" value="" type="TEXT" />
 			<input name="SubmitTestRoute" value="Submit" type="SUBMIT"/>
 		</form>
@ -161,8 +158,7 @@
 		<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
 		<form class="attack-form" accept-charset="UNKNOWN"
 			  method="POST" name="DOMFollowUp"
-			  action="/WebGoat/CrossSiteScripting/dom-follow-up"
-			  enctype="application/json;charset=UTF-8">
+			  action="/WebGoat/CrossSiteScripting/dom-follow-up">
 			<input name="successMessage" value="" type="TEXT" />
 			<input name="submitMessage" value="Submit" type="SUBMIT"/>
 		</form>
@ -182,8 +178,7 @@
 		<div class="container-fluid">
 			<form id="quiz-form" class="attack-form" accept-charset="UNKNOWN"
 				  method="POST" name="form"
-				  action="/WebGoat/CrossSiteScripting/quiz"
-				  enctype="application/json;charset=UTF-8" role="form">
+				  action="/WebGoat/CrossSiteScripting/quiz" role="form">
 				<div id="q_container"></div>
 				<br />
 				<input name="Quiz_solutions" value="Submit answers" type="SUBMIT"/>
--- a/webgoat-lessons/cross-site-scripting/src/main/resources/html/CrossSiteScriptingMitigation.html
+++ b/webgoat-lessons/cross-site-scripting/src/main/resources/html/CrossSiteScriptingMitigation.html
@ -21,7 +21,7 @@
 <div class="lesson-page-wrapper">
 	<div class="adoc-content" th:replace="doc:CrossSiteScripting_content8b.adoc"></div>
 	<div class="attack-container" style="height: 100%; border: none !important;min-height: 450px;">
-		<form id="codesubmit" style="height: 100%; min-height: 350px;" class="attack-form" accept-charset="UNKNOWN" method="POST" name="form" action="/WebGoat/CrossSiteScripting/attack3" enctype="application/json;charset=UTF-8">
+		<form id="codesubmit" style="height: 100%; min-height: 350px;" class="attack-form" accept-charset="UNKNOWN" method="POST" name="form" action="/WebGoat/CrossSiteScripting/attack3">
 			<div>
 				<div id="editor" style="position: absolute; top: 0; right: 0; bottom: 0; left: 0; height: 350px;" name="editor"></div>
 				<script th:src="@{/js/libs/ace/src-noconflict/ace.js}" type="text/javascript" charset="utf-8"></script>
@ -41,7 +41,7 @@
 <div class="lesson-page-wrapper">
 	<div class="adoc-content" th:replace="doc:CrossSiteScripting_content8c.adoc"></div>
 	<div class="attack-container" style="height: 100%; border: none !important;min-height: 450px;">
-		<form id="codesubmit2" style="height: 100%; min-height: 350px;" class="attack-form" accept-charset="UNKNOWN" method="POST" name="form" action="/WebGoat/CrossSiteScripting/attack4" enctype="application/json;charset=UTF-8">
+		<form id="codesubmit2" style="height: 100%; min-height: 350px;" class="attack-form" accept-charset="UNKNOWN" method="POST" name="form" action="/WebGoat/CrossSiteScripting/attack4">
 			<div>
 				<div id="editor2" style="position: absolute; top: 0; right: 0; bottom: 0; left: 0; height: 350px;" name="editor2"></div>
 				<script th:src="@{/js/libs/ace/src-noconflict/ace.js}" type="text/javascript" charset="utf-8"></script>
--- a/webgoat-lessons/cross-site-scripting/src/main/resources/html/CrossSiteScriptingStored.html
+++ b/webgoat-lessons/cross-site-scripting/src/main/resources/html/CrossSiteScriptingStored.html
@ -67,8 +67,7 @@

 		<form class="attack-form" accept-charset="UNKNOWN"
 			  method="POST" name="DOMFollowUp"
-			  action="/WebGoat/CrossSiteScripting/stored-xss-follow-up"
-			  enctype="application/json;charset=UTF-8">
+			  action="/WebGoat/CrossSiteScripting/stored-xss-follow-up">
 			<input name="successMessage" value="" type="TEXT" />
 			<input name="submitMessage" value="Submit" type="SUBMIT"/>
 		</form>