dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Issue 42

Browse Source 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@470 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
sherif.fathy@gmail.com 2012-04-26 17:29:19 +00:00
parent 2df47dd788
commit 751c993f22
1 changed files with 13 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
src/main/java/org/owasp/webgoat/lessons/HttpSplitting.java
View File

@ -86,25 +86,15 @@ public class HttpSplitting extends SequentialLessonAdapter
if (lang.length() != 0 && fromRedirect.length() != 0)
{
// Split by the line separator line.separator is platform independant
String lineSep = System.getProperty("line.separator");
String[] arrTokens = lang.toString().toUpperCase().split(lineSep);
// Check if the user ended the first request and wrote the second malacious reply
if (Arrays.binarySearch(arrTokens, "CONTENT-LENGTH: 0") >= 0
&& Arrays.binarySearch(arrTokens, "HTTP/1.1 200 OK") >= 0)
String[] arrTokens = lang.toString().toUpperCase().split("\r\n");
// Check if the user ended the first request and wrote the second malicious reply
if (arrTokens.length > 1)
{
HttpServletResponse res = s.getResponse();
res.setContentType("text/html");
PrintWriter out = new PrintWriter(res.getOutputStream());
String message = lang.substring(lang.indexOf("<html>"));
out.print(message);
out.flush();
out.close();
getLessonTracker(s).setStage(2);
StringBuffer msg = new StringBuffer();
@ -115,6 +105,10 @@ public class HttpSplitting extends SequentialLessonAdapter
msg.append("the reply and replace it with a 304 reply.");
s.setMessage(msg.toString());
getLessonTracker(s).setStage(2);
//makeSuccess(s);
}
}
@ -190,10 +184,10 @@ public class HttpSplitting extends SequentialLessonAdapter
if (lang.length() != 0 && fromRedirect.length() != 0)
{
String lineSep = System.getProperty("line.separator");
String lineSep = "\r\n";
String dateStr = lang.substring(lang.indexOf("Last-Modified:") + "Last-Modified:".length(), lang
.indexOf(lineSep, lang.indexOf("Last-Modified:")));
if (dateStr.length() != 0)
if (dateStr.length() > 0)
{
Calendar cal = Calendar.getInstance();