From 789d72e5894b046a4d0bd63a62b5942e2d21744c Mon Sep 17 00:00:00 2001 From: "wirth.marcel" Date: Thu, 10 Apr 2008 08:52:11 +0000 Subject: [PATCH] Session Fixation bugfix MultiLevelLogin2 bugfix git-svn-id: http://webgoat.googlecode.com/svn/trunk@315 4033779f-a91e-0410-96ef-6bf7bf53c507 --- .../webgoat/lessons/MultiLevelLogin2.java | 18 +++++++++--------- .../owasp/webgoat/lessons/SessionFixation.java | 10 +++++----- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/MultiLevelLogin2.java b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/MultiLevelLogin2.java index feea47f30..bfa87d73f 100644 --- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/MultiLevelLogin2.java +++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/MultiLevelLogin2.java @@ -57,18 +57,18 @@ import org.owasp.webgoat.session.WebSession; public class MultiLevelLogin2 extends LessonAdapter { - private final static String USER = "user"; - private final static String PASSWORD = "pass"; - private final static String TAN = "tan"; - private final static String HIDDEN_USER = "hidden_user"; + private final static String USER = "user2"; + private final static String PASSWORD = "pass2"; + private final static String TAN = "tan2"; + private final static String HIDDEN_USER = "hidden_user2"; - private final static String LOGGEDIN = "loggedin"; - private final static String CORRECTTAN = "correctTan"; - private final static String CURRENTTAN = "currentTan"; - private final static String CURRENTTANPOS = "currentTanPos"; + private final static String LOGGEDIN = "loggedin2"; + private final static String CORRECTTAN = "correctTan2"; + private final static String CURRENTTAN = "currentTan2"; + private final static String CURRENTTANPOS = "currentTanPos2"; // needed to see if lesson was successfull - private final static String LOGGEDINUSER = "loggedInUser"; + private final static String LOGGEDINUSER = "loggedInUser2"; //private String LoggedInUser = ""; diff --git a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SessionFixation.java b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SessionFixation.java index 60a7088e5..43e8660bd 100644 --- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SessionFixation.java +++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SessionFixation.java @@ -181,7 +181,7 @@ public class SessionFixation extends SequentialLessonAdapter private Element createStage2Content(WebSession s) { ElementContainer ec = new ElementContainer(); - String mailHeader = "MailFrom:   admin@webgoatfinancial.com

"; + String mailHeader = "Mail From:   admin@webgoatfinancial.com

"; String mailContent = (String) s.get(MAILCONTENTNAME); ec.addElement(mailHeader + mailContent); @@ -286,12 +286,12 @@ public class SessionFixation extends SequentialLessonAdapter ec.addElement(table); B b = new B(); - b.addElement("MailTo: "); + b.addElement("Mail To: "); td1.addElement(b); td2.addElement(mailTo); b = new B(); - b.addElement("MailFrom: "); + b.addElement("Mail From: "); td3.addElement(b); td4.addElement(mailFrom); @@ -304,8 +304,8 @@ public class SessionFixation extends SequentialLessonAdapter td6.addElement(titleField); TextArea mailContent = new TextArea(); - mailContent.addAttribute("cols", 60); - mailContent.addAttribute("rows", 9); + mailContent.addAttribute("cols", 67); + mailContent.addAttribute("rows", 8); mailContent.addElement(mailText); mailContent.setName(MAILCONTENTNAME); td7.addElement(mailContent);