dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Session Fixation bugfix

Browse Source 
MultiLevelLogin2 bugfix

git-svn-id: http://webgoat.googlecode.com/svn/trunk@315 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
wirth.marcel 2008-04-10 08:52:11 +00:00
parent 3e2b49b229
commit 789d72e589
2 changed files with 14 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/MultiLevelLogin2.java
View File

@ -57,18 +57,18 @@ import org.owasp.webgoat.session.WebSession;
public class MultiLevelLogin2 extends LessonAdapter public class MultiLevelLogin2 extends LessonAdapter
{ {
private final static String USER = "user"; private final static String USER = "user2";
private final static String PASSWORD = "pass"; private final static String PASSWORD = "pass2";
private final static String TAN = "tan"; private final static String TAN = "tan2";
private final static String HIDDEN_USER = "hidden_user"; private final static String HIDDEN_USER = "hidden_user2";
private final static String LOGGEDIN = "loggedin"; private final static String LOGGEDIN = "loggedin2";
private final static String CORRECTTAN = "correctTan"; private final static String CORRECTTAN = "correctTan2";
private final static String CURRENTTAN = "currentTan"; private final static String CURRENTTAN = "currentTan2";
private final static String CURRENTTANPOS = "currentTanPos"; private final static String CURRENTTANPOS = "currentTanPos2";
// needed to see if lesson was successfull // needed to see if lesson was successfull
private final static String LOGGEDINUSER = "loggedInUser"; private final static String LOGGEDINUSER = "loggedInUser2";
//private String LoggedInUser = ""; //private String LoggedInUser = "";

10
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SessionFixation.java
View File

@ -181,7 +181,7 @@ public class SessionFixation extends SequentialLessonAdapter
private Element createStage2Content(WebSession s) private Element createStage2Content(WebSession s)
{ {
ElementContainer ec = new ElementContainer(); ElementContainer ec = new ElementContainer();
String mailHeader = "<b>MailFrom:</b> &nbsp;&nbsp;admin@webgoatfinancial.com<br><br>"; String mailHeader = "<b>Mail From:</b> &nbsp;&nbsp;admin@webgoatfinancial.com<br><br>";
String mailContent = (String) s.get(MAILCONTENTNAME); String mailContent = (String) s.get(MAILCONTENTNAME);
ec.addElement(mailHeader + mailContent); ec.addElement(mailHeader + mailContent);
@ -286,12 +286,12 @@ public class SessionFixation extends SequentialLessonAdapter
ec.addElement(table); ec.addElement(table);
B b = new B(); B b = new B();
b.addElement("MailTo: "); b.addElement("Mail To: ");
td1.addElement(b); td1.addElement(b);
td2.addElement(mailTo); td2.addElement(mailTo);
b = new B(); b = new B();
b.addElement("MailFrom: "); b.addElement("Mail From: ");
td3.addElement(b); td3.addElement(b);
td4.addElement(mailFrom); td4.addElement(mailFrom);
@ -304,8 +304,8 @@ public class SessionFixation extends SequentialLessonAdapter
td6.addElement(titleField); td6.addElement(titleField);
TextArea mailContent = new TextArea(); TextArea mailContent = new TextArea();
mailContent.addAttribute("cols", 60); mailContent.addAttribute("cols", 67);
mailContent.addAttribute("rows", 9); mailContent.addAttribute("rows", 8);
mailContent.addElement(mailText); mailContent.addElement(mailText);
mailContent.setName(MAILCONTENTNAME); mailContent.setName(MAILCONTENTNAME);
td7.addElement(mailContent); td7.addElement(mailContent);