git-svn-id: http://webgoat.googlecode.com/svn/trunk@6 4033779f-a91e-0410-96ef-6bf7bf53c507

webgoat/main/project/org/owasp/webgoat/lessons/HiddenFieldTampering.java

@@ -0,0 +1,192 @@
+package org.owasp.webgoat.lessons;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.ecs.Element;
+import org.apache.ecs.ElementContainer;
+import org.apache.ecs.html.B;
+import org.apache.ecs.html.BR;
+import org.apache.ecs.html.Center;
+import org.apache.ecs.html.H1;
+import org.apache.ecs.html.Input;
+import org.apache.ecs.html.P;
+import org.apache.ecs.html.TD;
+import org.apache.ecs.html.TH;
+import org.apache.ecs.html.TR;
+import org.apache.ecs.html.Table;
+import org.owasp.webgoat.session.ECSFactory;
+import org.owasp.webgoat.session.WebSession;
+
+
+/**
+ *  Copyright (c) 2002 Free Software Foundation developed under the custody of the Open Web
+ *  Application Security Project (http://www.owasp.org) This software package org.owasp.webgoat.is published by OWASP
+ *  under the GPL. You should read and accept the LICENSE before you use, modify and/or redistribute
+ *  this software.
+ *
+ * @author     Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created    October 28, 2003
+ */
+public class HiddenFieldTampering extends LessonAdapter
+{
+	private final static String PRICE = "Price";
+
+	private final static String PRICE_TV = "2999.99";
+	
+	private final static String PRICE_TV_HACKED = "9.99";	
+
+	/**
+	 *  Constructor for the HiddenFieldScreen object
+	 */
+	public HiddenFieldTampering() { }
+
+	/**
+	 *  Description of the Method
+	 *
+	 * @param  s  Description of the Parameter
+	 * @return    Description of the Return Value
+	 */
+	protected Element createContent( WebSession s )
+	{
+		ElementContainer ec = new ElementContainer();
+
+		try
+		{
+			String price = s.getParser().getRawParameter( PRICE, PRICE_TV );
+			float quantity = s.getParser().getFloatParameter("QTY", 1.0f);
+			float total = quantity * Float.parseFloat(price);
+			
+			if ( price.equals(PRICE_TV)  )
+			{
+				ec.addElement( new Center().addElement( new H1().addElement( "Shopping Cart " )));
+                 ec.addElement( new BR() );
+				Table t = new Table().setCellSpacing( 0 ).setCellPadding( 2 ).setBorder( 1 ).setWidth("90%").setAlign("center");
+
+				if ( s.isColor() )
+				{
+					t.setBorder( 1 );
+				}
+				
+				TR tr = new TR();
+				tr.addElement( new TH().addElement("Shopping Cart Items -- To Buy Now").setWidth("80%"));
+				tr.addElement( new TH().addElement("Price:").setWidth("10%"));
+				tr.addElement( new TH().addElement("Quantity:").setWidth("3%"));
+				tr.addElement( new TH().addElement("Total").setWidth("7%"));
+				t.addElement( tr );
+				
+				tr = new TR();
+				tr.addElement( new TD().addElement("56 inch HDTV (model KTV-551)"));
+				tr.addElement( new TD().addElement(PRICE_TV).setAlign("right"));
+				tr.addElement( new TD().addElement(new Input( Input.TEXT, "QTY", 1 )).setAlign( "right" ));
+				tr.addElement( new TD().addElement("$" +total));
+				t.addElement( tr );
+				
+				ec.addElement(t);
+				
+				t = new Table().setCellSpacing( 0 ).setCellPadding( 2 ).setBorder( 0 ).setWidth("90%").setAlign("center");
+
+				if ( s.isColor() )
+				{
+					t.setBorder( 1 );
+				}
+				
+				ec.addElement( new BR() );
+				tr = new TR();
+				tr.addElement( new TD().addElement( "The total charged to your credit card:" ) );
+				tr.addElement( new TD().addElement( "$" + total ));
+				tr.addElement( new TD().addElement( ECSFactory.makeButton( "Update Cart" )));
+				tr.addElement( new TD().addElement( ECSFactory.makeButton( "Purchase" )));
+				t.addElement( tr );
+				
+				ec.addElement(t);
+
+				Input input = new Input( Input.HIDDEN, PRICE, PRICE_TV );
+				ec.addElement( input );
+				ec.addElement( new BR() );
+
+			}
+			else
+			{
+				if ( !price.toString().equals( PRICE_TV ) )
+				{
+					makeSuccess( s );
+				}
+
+				ec.addElement( new P().addElement( "Your total price is:" ) );
+				ec.addElement( new B( "$" + total ) );
+				ec.addElement( new BR() );
+				ec.addElement( new P().addElement( "This amount will be charged to your credit card immediately." ) );
+			}
+		}
+		catch ( Exception e )
+		{
+			s.setMessage( "Error generating " + this.getClass().getName() );
+			e.printStackTrace();
+		}
+
+		return ( ec );
+	}
+
+
+	/**
+	 *  DOCUMENT ME!
+	 *
+	 * @return    DOCUMENT ME!
+	 */
+	protected Category getDefaultCategory()
+	{
+		return AbstractLesson.A1;
+	}
+
+
+	/**
+	 *  Gets the hints attribute of the HiddenFieldScreen object
+	 *
+	 * @return    The hints value
+	 */
+	protected List getHints()
+	{
+		List hints = new ArrayList();
+		hints.add( "This application is using hidden fields to transmit price information to the server." );
+		hints.add( "Use a program to intercept and change the value in the hidden field." );
+		hints.add( "Use <A href=\"http://www.owasp.org/development/webscarab\">WebScarab</A> to change the price of the TV from " + 
+				PRICE_TV + " to " + PRICE_TV_HACKED + "." );
+
+		return hints;
+	}
+
+
+	/**
+	 *  Gets the instructions attribute of the HiddenFieldTampering object
+	 *
+	 * @return    The instructions value
+	 */
+	public String getInstructions(WebSession s)
+	{
+		String instructions = "Try to purchase the HDTV for less than the purchase price, if you have not done so already.";
+
+		return ( instructions );
+	}
+
+
+
+
+	private final static Integer DEFAULT_RANKING = new Integer(50);
+
+	protected Integer getDefaultRanking()
+	{
+		return DEFAULT_RANKING;
+	}
+
+	/**
+	 *  Gets the title attribute of the HiddenFieldScreen object
+	 *
+	 * @return    The title value
+	 */
+	public String getTitle()
+	{
+		return ( "How to Exploit Hidden Fields" );
+	}
+}
+