- Added HTTP lesson together with its lesson plan and goals.

- Files added: HttpSplitting.html HttpSplitting.java redirect.jsp - Files Changed: webgoat-class.properties webgoat-lmc.properties git-svn-id: http://webgoat.googlecode.com/svn/trunk@23 4033779f-a91e-0410-96ef-6bf7bf53c507
2006-10-08 23:46:34 +00:00
parent d12bab05a4
commit 6cc8bed0c7
5 changed files with 160 additions and 2 deletions
--- a/webgoat/main/project/WebContent/WEB-INF/webgoat-class.properties
+++ b/webgoat/main/project/WebContent/WEB-INF/webgoat-class.properties
@ -1,6 +1,7 @@
 category.General.ranking=11
 lesson.HttpBasics.ranking=10
-lesson.ThreadSafetyProblem.ranking=20
+lesson.HttpSplitting.ranking=20
+lesson.ThreadSafetyProblem.ranking=30

 category.Broken\ Authentication\ and\ Session\ Management.ranking=21
 lesson.BasicAuthentication.ranking=10
--- a/webgoat/main/project/WebContent/WEB-INF/webgoat-lmc.properties
+++ b/webgoat/main/project/WebContent/WEB-INF/webgoat-lmc.properties
@ -1,6 +1,7 @@
 category.General.ranking=11
 lesson.HttpBasics.ranking=10
-lesson.ThreadSafetyProblem.ranking=20
+lesson.HttpSplitting.ranking=20
+lesson.ThreadSafetyProblem.ranking=30

 category.Broken\ Authentication\ and\ Session\ Management.ranking=21
 lesson.BasicAuthentication.ranking=10
--- a/webgoat/main/project/WebContent/lesson_plans/HttpSplitting.html
+++ b/webgoat/main/project/WebContent/lesson_plans/HttpSplitting.html
@ -0,0 +1,24 @@
+<div align="Center"> 
+<p><b>Lesson Plan Title:</b> Http Splitting </p>
+ </div>
+ 
+<p><b>Concept / Topic To Teach:</b> </p>
+ This lesson teaches how to perform HTPP Splitting attacks.
+ <br> 
+<div align="Left"> 
+<p>
+<b>How the attacks works:</b>
+</p>
+The attacker passes malacious code to the web server together with normal input. 
+A victim application will not be checking for CR (carriage return, also given by %0d or \r) 
+and LF (line feed, also given by %0a or \n)characters. These characters not only give attackers control 
+of the remaining headers and body of the response the application intends to send, 
+but also allows them to create additional responses entirely under their control
+</div>
+<p><b>General Goal(s):</b> </p>
+<!-- Start Instructions -->
+* Enter a language for the system to search by.<br> 
+* You notice that the application is redirecting your request to another resource on the server.<br>
+* You should be able to use the CR (%0d) and LF (%0a) to exploit the attack.<br>
+* Your excercise should be to force the server to send a 200 OK. 
+<!-- Stop Instructions -->
--- a/webgoat/main/project/WebContent/lessons/General/redirect.jsp
+++ b/webgoat/main/project/WebContent/lessons/General/redirect.jsp
@ -0,0 +1,16 @@
+<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
+    pageEncoding="ISO-8859-1"%>
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>HTTP Splitting</title>
+</head>
+<body>
+<% response.sendRedirect("/WebGoat/attack?" +
+		        "Screen=" + request.getParameter("Screen") +
+		        "&menu=" + request.getParameter("menu") +
+		        "&fromRedirect=yes&url=" + request.getParameter("url")); 
+%>
+</body>
+</html>