Refactoring (#1201)
* Some initial refactoring * Make it one application * Got it working * Fix problem on Windows * Move WebWolf * Move first lesson * Moved all lessons * Fix pom.xml * Fix tests * Add option to initialize a lesson This way we can create content for each user inside a lesson. The initialize method will be called when a new user is created or when a lesson reset happens * Clean up pom.xml files * Remove fetching labels based on language. We only support English at the moment, all the lesson explanations are written in English which makes it very difficult to translate. If we only had labels it would make sense to support multiple languages * Fix SonarLint issues * And move it all to the main project * Fix for documentation paths * Fix pom warnings * Remove PMD as it does not work * Update release notes about refactoring Update release notes about refactoring Update release notes about refactoring * Fix lesson template * Update release notes * Keep it in the same repo in Dockerhub * Update documentation to show how the connection is obtained. Resolves: #1180 * Rename all integration tests * Remove command from Dockerfile * Simplify GitHub actions Currently, we use a separate actions for pull-requests and branch build. This is now consolidated in one action. The PR action triggers always, it now only trigger when the PR is opened and not in draft. Running all platforms on a branch build is a bit too much, it is better to only run all platforms when someone opens a PR. * Remove duplicate entry from release notes * Add explicit registry for base image * Lesson scanner not working when fat jar When running the fat jar we have to take into account we are reading from the jar file and not the filesystem. In this case you cannot use `getFile` for example. * added info in README and fixed release docker * changed base image and added ignore file Co-authored-by: Zubcevic.com <rene@zubcevic.com>
This commit is contained in:
Nanne Baars
GitHub
181
src/main/resources/lessons/xss/html/CrossSiteScripting.html
Normal file
181
src/main/resources/lessons/xss/html/CrossSiteScripting.html
Normal file
@ -0,0 +1,181 @@
|
||||
<!DOCTYPE html>
|
||||
|
||||
<html xmlns:th="http://www.thymeleaf.org">
|
||||
|
||||
<div class="lesson-page-wrapper">
|
||||
<div class="adoc-content" th:replace="doc:lessons/xss/documentation/CrossSiteScripting_plan.adoc"></div>
|
||||
</div>
|
||||
|
||||
<div class="lesson-page-wrapper">
|
||||
<div class="adoc-content" th:replace="doc:lessons/xss/documentation/CrossSiteScripting_content1.adoc"></div>
|
||||
<div class="attack-container">
|
||||
<div id="lessonContent">
|
||||
<form class="attack-form" accept-charset="UNKNOWN"
|
||||
method="POST" name="form"
|
||||
action="/WebGoat/CrossSiteScripting/attack1">
|
||||
<table>
|
||||
<tr>
|
||||
<td><input type="checkbox" name="checkboxAttack1"> The cookies are the same on each tab </td>
|
||||
<td><input
|
||||
name="answer" value="Submit" type="SUBMIT"/></td>
|
||||
<td></td>
|
||||
</tr>
|
||||
</table>
|
||||
</form>
|
||||
</div>
|
||||
<div class="attack-feedback"></div>
|
||||
<div class="attack-output"></div>
|
||||
</div>
|
||||
</div>
|
||||
<div class="lesson-page-wrapper">
|
||||
<div class="adoc-content" th:replace="doc:lessons/xss/documentation/CrossSiteScripting_content2.adoc"></div>
|
||||
</div>
|
||||
<div class="lesson-page-wrapper">
|
||||
<div class="adoc-content" th:replace="doc:lessons/xss/documentation/CrossSiteScripting_content3.adoc"></div>
|
||||
</div>
|
||||
<div class="lesson-page-wrapper">
|
||||
<div class="adoc-content" th:replace="doc:lessons/xss/documentation/CrossSiteScripting_content4.adoc"></div>
|
||||
</div>
|
||||
<div class="lesson-page-wrapper">
|
||||
<div class="adoc-content" th:replace="doc:lessons/xss/documentation/CrossSiteScripting_content5.adoc"></div>
|
||||
<img align="middle" th:src="@{/images/Reflected-XSS.png}" />
|
||||
</div>
|
||||
<div class="lesson-page-wrapper">
|
||||
<div class="adoc-content" th:replace="doc:lessons/xss/documentation/CrossSiteScripting_content5a.adoc"></div>
|
||||
<div class="attack-container">
|
||||
<div id="lessonContent">
|
||||
<form class="attack-form" accept-charset="UNKNOWN"
|
||||
method="GET" name="xss-5a"
|
||||
action="/WebGoat/CrossSiteScripting/attack5a">
|
||||
<center>
|
||||
<h4>Shopping Cart</h4>
|
||||
</center>
|
||||
<table width="90%" cellspacing="0" cellpadding="2" border="1"
|
||||
align="center">
|
||||
<tbody>
|
||||
<tr>
|
||||
<th width="80%">Shopping Cart Items -- To Buy Now</th>
|
||||
<th width="10%">Price</th>
|
||||
<th width="3%">Quantity</th>
|
||||
<th width="7%">Total</th>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>Studio RTA - Laptop/Reading Cart with Tilting Surface -
|
||||
Cherry</td>
|
||||
<td align="right">69.99</td>
|
||||
<td align="right"><input size="6" value="1" name="QTY1"
|
||||
type="NUMBER" /></td>
|
||||
<td>$0.00</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>Dynex - Traditional Notebook Case</td>
|
||||
<td align="right">27.99</td>
|
||||
<td align="right"><input size="6" value="1" name="QTY2"
|
||||
type="NUMBER" /></td>
|
||||
<td>$0.00</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>Hewlett-Packard - Pavilion Notebook with Intel Centrino</td>
|
||||
<td align="right">1599.99</td>
|
||||
<td align="right"><input size="6" value="1" name="QTY3"
|
||||
type="NUMBER" /></td>
|
||||
<td>$0.00</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>3 - Year Performance Service Plan $1000 and Over</td>
|
||||
<td align="right">299.99</td>
|
||||
<td align="right"><input size="6" value="1" name="QTY4"
|
||||
type="NUMBER" /></td>
|
||||
<td>$0.00</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
<table width="90%" cellspacing="0" cellpadding="2"
|
||||
align="center">
|
||||
<tbody>
|
||||
<tr>
|
||||
<td>Enter your credit card number:</td>
|
||||
<td><input name="field1" value="4128 3214 0002 1999"
|
||||
type="TEXT" /></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>Enter your three digit access code:</td>
|
||||
<td><input name="field2" value="111" type="TEXT" /></td>
|
||||
</tr>
|
||||
<br/>
|
||||
<tr>
|
||||
<td colspan="3" align="center"><input name="SUBMIT" class="btn btn-primary"
|
||||
value="Purchase" type="SUBMIT" /></td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
<hr width="90%"/>
|
||||
</form>
|
||||
</div>
|
||||
<div class="attack-feedback"></div>
|
||||
<div class="attack-output"></div>
|
||||
</div>
|
||||
|
||||
</div>
|
||||
|
||||
<div class="lesson-page-wrapper">
|
||||
<div class="adoc-content" th:replace="doc:lessons/xss/documentation/CrossSiteScripting_content5b.adoc"></div>
|
||||
|
||||
</div>
|
||||
|
||||
<div class="lesson-page-wrapper">
|
||||
<div class="adoc-content" th:replace="doc:lessons/xss/documentation/CrossSiteScripting_content6.adoc"></div>
|
||||
</div>
|
||||
|
||||
<div class="lesson-page-wrapper">
|
||||
<div class="adoc-content" th:replace="doc:lessons/xss/documentation/CrossSiteScripting_content6a.adoc"></div>
|
||||
<div class="attack-container">
|
||||
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
||||
<form class="attack-form" accept-charset="UNKNOWN"
|
||||
method="POST" name="DOMTestRoute"
|
||||
action="/WebGoat/CrossSiteScripting/attack6a">
|
||||
<input name="DOMTestRoute" value="" type="TEXT" />
|
||||
<input name="SubmitTestRoute" value="Submit" type="SUBMIT"/>
|
||||
</form>
|
||||
<div class="attack-feedback"></div>
|
||||
<div class="attack-output"></div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="lesson-page-wrapper">
|
||||
<div class="adoc-content" th:replace="doc:lessons/xss/documentation/CrossSiteScripting_content6b.adoc"></div>
|
||||
<div class="attack-container">
|
||||
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
||||
<form class="attack-form" accept-charset="UNKNOWN"
|
||||
method="POST" name="DOMFollowUp"
|
||||
action="/WebGoat/CrossSiteScripting/dom-follow-up">
|
||||
<input name="successMessage" value="" type="TEXT" />
|
||||
<input name="submitMessage" value="Submit" type="SUBMIT"/>
|
||||
</form>
|
||||
<div class="attack-feedback"></div>
|
||||
<div class="attack-output"></div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="lesson-page-wrapper">
|
||||
<span id="quiz_id" data-quiz_id="cross_site_scripting"></span>
|
||||
<link rel="stylesheet" type="text/css" th:href="@{/css/quiz.css}"/>
|
||||
<script th:src="@{/js/quiz.js}" language="JavaScript"></script>
|
||||
<link rel="import" type="application/json" th:href="@{/lesson_js/questions.json}"/>
|
||||
<div class="adoc-content" th:replace="doc:lessons/xss/documentation/CrossSiteScripting_quiz.adoc"></div>
|
||||
<div class="attack-container">
|
||||
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
||||
<div class="container-fluid">
|
||||
<form id="quiz-form" class="attack-form" accept-charset="UNKNOWN"
|
||||
method="POST" name="form"
|
||||
action="/WebGoat/CrossSiteScripting/quiz" role="form">
|
||||
<div id="q_container"></div>
|
||||
<br />
|
||||
<input name="Quiz_solutions" value="Submit answers" type="SUBMIT"/>
|
||||
</form>
|
||||
</div>
|
||||
<div class="attack-feedback"></div>
|
||||
<div class="attack-output"></div>
|
||||
</div>
|
||||
</div>
|
||||
</html>
|
||||
Reference in New Issue
Block a user