Refactoring (#1201)
* Some initial refactoring * Make it one application * Got it working * Fix problem on Windows * Move WebWolf * Move first lesson * Moved all lessons * Fix pom.xml * Fix tests * Add option to initialize a lesson This way we can create content for each user inside a lesson. The initialize method will be called when a new user is created or when a lesson reset happens * Clean up pom.xml files * Remove fetching labels based on language. We only support English at the moment, all the lesson explanations are written in English which makes it very difficult to translate. If we only had labels it would make sense to support multiple languages * Fix SonarLint issues * And move it all to the main project * Fix for documentation paths * Fix pom warnings * Remove PMD as it does not work * Update release notes about refactoring Update release notes about refactoring Update release notes about refactoring * Fix lesson template * Update release notes * Keep it in the same repo in Dockerhub * Update documentation to show how the connection is obtained. Resolves: #1180 * Rename all integration tests * Remove command from Dockerfile * Simplify GitHub actions Currently, we use a separate actions for pull-requests and branch build. This is now consolidated in one action. The PR action triggers always, it now only trigger when the PR is opened and not in draft. Running all platforms on a branch build is a bit too much, it is better to only run all platforms when someone opens a PR. * Remove duplicate entry from release notes * Add explicit registry for base image * Lesson scanner not working when fat jar When running the fat jar we have to take into account we are reading from the jar file and not the filesystem. In this case you cannot use `getFile` for example. * added info in README and fixed release docker * changed base image and added ignore file Co-authored-by: Zubcevic.com <rene@zubcevic.com>
This commit is contained in:
Nanne Baars
GitHub
@ -0,0 +1,46 @@
|
||||
idor.title=Insecure Direct Object References
|
||||
|
||||
idor.hints.idor_login=Log in first. User Name is tom, password is cat.
|
||||
|
||||
idor.hints.idorDiffAttributes1=Make sure you have logged in on the previous step/page
|
||||
idor.hints.idorDiffAttributes2=View the response using developer tools or a proxy.
|
||||
idor.hints.idorDiffAttributes3=The attributes are not visible and have nothing to do with size, color or name
|
||||
|
||||
idor.hints.ownProfileAltUrl1=Look at the previous request for profile, this is similar
|
||||
idor.hints.ownProfileAltUrl2=You will need data from the previous request for your own profile
|
||||
idor.hints.ownProfileAltUrl3=Append your id to the previous request (i.e. .../profile/{yourId})
|
||||
|
||||
idor.hints.otherProfile1=The default request here won't work at all, so you will need to manually craft the request or tamper it with a proxy
|
||||
idor.hints.otherProfile2=You will likely need to 'fuzz' to try different values for the userId at the end of the Url
|
||||
idor.hints.otherProfile3=Try incrementing the id value. It's not a simple +1, but it's also not too far off
|
||||
idor.hints.otherProfile4=For editing the other user's profile, you will need to use the proxy or manually craft the request again
|
||||
idor.hints.otherProfile5=To edit the other user's profile, you will use the same Url you did to view the other user's profile
|
||||
idor.hints.otherProfile6=To edit, You will need to change the method, what is the RESTful method used for 'update' or 'edit'?
|
||||
idor.hints.otherProfile7=You will also need the body of the request (will look something like the profile)
|
||||
idor.hints.otherProfile8=The request should go to ... /WebGoat/IDOR/profile/{Buffalo Bills Id}
|
||||
idor.hints.otherProfile9=Your payload should look something like ... {\"role\" : 1,\"color\" : \"red\",\"size\" : \"small\",\"name\" : \"Tom Cat\",\"userId\" : \"2342388\"}
|
||||
|
||||
idor.diff.attributes.missing=You did not list two attributes, comma delimited
|
||||
idor.diff.success=Correct, the two attributes not displayed are userId & role. Keep those in mind
|
||||
idor.diff.failure=Try again. Look in your browser dev tools or Proxy and compare to what's displayed on the screen.
|
||||
|
||||
idor.edit.profile.success1=Well done, you have modified someone else's profile (as displayed below)
|
||||
idor.edit.profile.success2=Good work! View the updated profile below
|
||||
idor.edit.profile.failure1=Close ... you've got the technique. Now try for a lower role number
|
||||
idor.edit.profile.failure2=Close ... you've got the technique. Now change the color in their profile to red.)
|
||||
idor.edit.profile.failure3=Try again. Use the hints if you need to.
|
||||
idor.edit.profile.failure4=Modifying your own profile is good, but we want to do this to Buffalo Bill's profile.
|
||||
|
||||
idor.login.success=You are now logged in as {0}. Please proceed.
|
||||
idor.login.failure=Credentials provided are not correct
|
||||
|
||||
idor.view.profile.success=Well done, you found someone else's profile
|
||||
idor.view.profile.close1=You're on the right path, try a different id
|
||||
idor.view.profile.close2=Try again. You need to use the same method/URL you used to access your own profile via direct object reference.
|
||||
|
||||
idor.view.own.profile.success=Congratulations, you have used the alternate Url/route to view your own profile.
|
||||
idor.view.own.profile.failure1=Please try again. The alternate route is very similar to the previous way you viewed your profile. Only one difference really
|
||||
idor.view.own.profile.failure2=You need to authenticate as tom first.
|
||||
|
||||
idor.view.other.profile.failure1=You must authenticate first
|
||||
idor.view.other.profile.failure2=<<still working>>
|
||||
Reference in New Issue
Block a user