dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Separated DB usage for messages in CSRF and Stored XSS

Browse Source 
Many cosmetic english changes
Fixed IE rendering for Challenge
 

git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@350 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
mayhew64
2008-07-09 00:17:20 +00:00
parent 29f0222258
commit 71460125b6
14 changed files with 99 additions and 70 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
main/project/JavaSource/org/owasp/webgoat/lessons/CSRF.java
View File

@ -87,7 +87,7 @@ public class CSRF extends LessonAdapter
Connection connection = DatabaseUtilities.getConnection(s);
String query = "INSERT INTO messages VALUES (?, ?, ?, ? )";
String query = "INSERT INTO messages VALUES (?, ?, ?, ?, ? )";
PreparedStatement statement = connection.prepareStatement(query, ResultSet.TYPE_SCROLL_INSENSITIVE,
ResultSet.CONCUR_READ_ONLY);
@ -95,6 +95,7 @@ public class CSRF extends LessonAdapter
statement.setString(2, title);
statement.setString(3, message);
statement.setString(4, s.getUserName());
statement.setString(5, this.getClass().getName());
statement.execute();
} catch (Exception e)
@ -170,11 +171,17 @@ public class CSRF extends LessonAdapter
{
Connection connection = DatabaseUtilities.getConnection(s);
Statement statement = connection.createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE,
ResultSet.CONCUR_READ_ONLY);
// edit by Chuck Willis - Added logic to associate similar usernames
// The idea is that users chuck-1, chuck-2, etc will see each other's messages
// but not anyone elses. This allows users to try out XSS to grab another user's
// cookies, but not get confused by other users scripts
ResultSet results = statement.executeQuery(STANDARD_QUERY + " WHERE user_name LIKE '"
+ getNameroot(s.getUserName()) + "%'");
String query = "SELECT * FROM messages WHERE user_name LIKE ? and lesson_type = ?";
PreparedStatement statement = connection.prepareStatement(query, ResultSet.TYPE_SCROLL_INSENSITIVE,
ResultSet.CONCUR_READ_ONLY);
statement.setString(1, getNameroot(s.getUserName()) + "%");
statement.setString(2, getClass().getName());
ResultSet results = statement.executeQuery();
if ((results != null) && (results.first() == true))
{
@ -223,11 +230,12 @@ public class CSRF extends LessonAdapter
Connection connection = DatabaseUtilities.getConnection(s);
String query = "SELECT * FROM messages WHERE user_name LIKE ? and num = ?";
String query = "SELECT * FROM messages WHERE user_name LIKE ? and num = ? and lesson_type = ?";
PreparedStatement statement = connection.prepareStatement(query, ResultSet.TYPE_SCROLL_INSENSITIVE,
ResultSet.CONCUR_READ_ONLY);
statement.setString(1, getNameroot(s.getUserName()) + "%");
statement.setInt(2, messageNum);
statement.setString(3, this.getClass().getName());
ResultSet results = statement.executeQuery();
if ((results != null) && results.first())