Session Fixation
git-svn-id: http://webgoat.googlecode.com/svn/trunk@311 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
wirth.marcel
parent
361e142442
commit
7a0f43ca56
@ -110,24 +110,28 @@ public class SessionFixation extends SequentialLessonAdapter
|
||||
if(correctLogin(name, password, s))
|
||||
{
|
||||
getLessonTracker(s).setStage(4);
|
||||
sid="";
|
||||
s.add(LOGGEDIN, "true");
|
||||
s.add(LOGGEDINUSER, name);
|
||||
s.setMessage("You completed stage 3!");
|
||||
}
|
||||
|
||||
}
|
||||
if(getLessonTracker(s).getStage() == 4)
|
||||
{
|
||||
if (sid.equals(""))
|
||||
|
||||
if (sid.equals("NOVALIDSESSION"))
|
||||
{
|
||||
String randomSid = randomSIDGenerator();
|
||||
this.sid = randomSid;
|
||||
System.out.println("STAGE 5");
|
||||
getLessonTracker(s).setStage(5);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
if (getLessonTracker(s).getStage() == 2)
|
||||
{
|
||||
if (!sid.equals(""))
|
||||
{
|
||||
System.out.println("MySid: " + sid);
|
||||
s.add("SID", sid);
|
||||
getLessonTracker(s).setStage(3);
|
||||
s.setMessage("You completed stage 2!");
|
||||
@ -166,13 +170,6 @@ public class SessionFixation extends SequentialLessonAdapter
|
||||
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getHint(WebSession s, int hintNumber)
|
||||
{
|
||||
// TODO Auto-generated method stub
|
||||
return super.getHint(s, hintNumber);
|
||||
}
|
||||
|
||||
@Override
|
||||
protected Element doStage2(WebSession s) throws Exception
|
||||
{
|
||||
@ -184,10 +181,10 @@ public class SessionFixation extends SequentialLessonAdapter
|
||||
private Element createStage2Content(WebSession s)
|
||||
{
|
||||
ElementContainer ec = new ElementContainer();
|
||||
|
||||
String mailHeader = "<b>MailFrom:</b> admin@webgoatfinancial.com<br><br>";
|
||||
String mailContent = (String) s.get(MAILCONTENTNAME);
|
||||
|
||||
ec.addElement(mailContent);
|
||||
ec.addElement(mailHeader + mailContent);
|
||||
|
||||
return ec;
|
||||
|
||||
@ -205,6 +202,19 @@ public class SessionFixation extends SequentialLessonAdapter
|
||||
return createStage4Content(s);
|
||||
}
|
||||
|
||||
@Override
|
||||
protected Element doStage5(WebSession s) throws Exception
|
||||
{
|
||||
System.out.println("Doing stage 5");
|
||||
return createStage5Content(s);
|
||||
}
|
||||
|
||||
private Element createStage5Content(WebSession s)
|
||||
{
|
||||
|
||||
return createMainLoginContent(s);
|
||||
}
|
||||
|
||||
private Element createStage3Content(WebSession s)
|
||||
{
|
||||
|
||||
@ -214,7 +224,9 @@ public class SessionFixation extends SequentialLessonAdapter
|
||||
private Element createStage4Content(WebSession s)
|
||||
{
|
||||
ElementContainer ec = new ElementContainer();
|
||||
ec.addElement("Hello Hacker");
|
||||
ec.addElement("<h2>Jane has logged into her account. Go and grab her session!" +
|
||||
" Use Following link to reach the login screen of the bank:</h2><br><br>" +
|
||||
"<a href=" + super.getLink() +"&SID=NOVALIDSESSION><center> WebGoat Financial </center></a><br><br><br><br>");
|
||||
return ec;
|
||||
//return createMainLoginContent(s);
|
||||
}
|
||||
@ -227,7 +239,7 @@ public class SessionFixation extends SequentialLessonAdapter
|
||||
+ "During the last week we had a few problems with our database. "
|
||||
+ "A lot of people complained that there account details are wrong. "
|
||||
+ "That is why we kindly ask you to use following link to verify your "
|
||||
+ "data:<br><br><center><a href="
|
||||
+ "data:<br><br><center><a href=http://localhost/WebGoat/"
|
||||
+ link
|
||||
+ "> Goat Hills Financial</a></center><br><br>"
|
||||
+ "We are sorry for the caused inconvenience and thank you for your colaboration.<br><br>"
|
||||
@ -395,11 +407,21 @@ public class SessionFixation extends SequentialLessonAdapter
|
||||
}
|
||||
else if (sid.equals(s.get("SID")) && s.get(LOGGEDIN).equals("true"))
|
||||
{
|
||||
makeSuccess(s);
|
||||
createSuccessfulLoginContent(s, ec);
|
||||
}
|
||||
else
|
||||
{
|
||||
if((name+password).equals(""))
|
||||
{
|
||||
createLogInContent(ec, "");
|
||||
|
||||
}
|
||||
else
|
||||
{
|
||||
createLogInContent(ec, "Login Failed! Make sure user name and password is correct!");
|
||||
|
||||
}
|
||||
}
|
||||
} catch (Exception e)
|
||||
{
|
||||
@ -436,9 +458,10 @@ public class SessionFixation extends SequentialLessonAdapter
|
||||
*/
|
||||
private boolean correctLogin(String userName, String password, WebSession s)
|
||||
{
|
||||
Connection connection = null;
|
||||
try
|
||||
{
|
||||
Connection connection = DatabaseUtilities.getConnection(s);
|
||||
connection = DatabaseUtilities.getConnection(s);
|
||||
String query = "SELECT * FROM user_data_tan WHERE first_name = ? AND password = ?";
|
||||
PreparedStatement prepStatement = connection.prepareStatement(query, ResultSet.TYPE_SCROLL_INSENSITIVE,
|
||||
ResultSet.CONCUR_READ_ONLY);
|
||||
@ -457,6 +480,21 @@ public class SessionFixation extends SequentialLessonAdapter
|
||||
{
|
||||
e.printStackTrace();
|
||||
}
|
||||
finally
|
||||
{
|
||||
try
|
||||
{
|
||||
if (connection != null)
|
||||
{
|
||||
connection.close();
|
||||
}
|
||||
}
|
||||
catch (Exception e)
|
||||
{
|
||||
e.printStackTrace();
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
return false;
|
||||
|
||||
@ -520,7 +558,6 @@ public class SessionFixation extends SequentialLessonAdapter
|
||||
*/
|
||||
private void createSuccessfulLoginContent(WebSession s, ElementContainer ec)
|
||||
{
|
||||
|
||||
String userDataStyle = "margin-top:50px;";
|
||||
|
||||
Div userDataDiv = new Div();
|
||||
@ -598,9 +635,10 @@ public class SessionFixation extends SequentialLessonAdapter
|
||||
*/
|
||||
private ResultSet getUser(String user, WebSession s)
|
||||
{
|
||||
Connection connection = null;
|
||||
try
|
||||
{
|
||||
Connection connection = DatabaseUtilities.getConnection(s);
|
||||
connection = DatabaseUtilities.getConnection(s);
|
||||
String query = "SELECT * FROM user_data_tan WHERE first_name = ? ";
|
||||
PreparedStatement prepStatement = connection.prepareStatement(query, ResultSet.TYPE_SCROLL_INSENSITIVE,
|
||||
ResultSet.CONCUR_READ_ONLY);
|
||||
@ -614,6 +652,20 @@ public class SessionFixation extends SequentialLessonAdapter
|
||||
{
|
||||
e.printStackTrace();
|
||||
}
|
||||
finally
|
||||
{
|
||||
try
|
||||
{
|
||||
if (connection != null)
|
||||
{
|
||||
connection.close();
|
||||
}
|
||||
}
|
||||
catch (Exception e)
|
||||
{
|
||||
e.printStackTrace();
|
||||
}
|
||||
}
|
||||
return null;
|
||||
|
||||
}
|
||||
@ -661,9 +713,11 @@ public class SessionFixation extends SequentialLessonAdapter
|
||||
hints.add("Stage 1: Alter the link in the mail to: href=" + getLink() + "&SID=Whatever");
|
||||
hints.add("Stage 2: Click on the link!");
|
||||
hints.add("Stage 3: Log in as Jane with user name jane and password tarzan.");
|
||||
hints.add("Stage 4: Click on the link provided");
|
||||
hints.add("Stage 4: What is your actual SID?");
|
||||
hints.add("Stage 4: Change the SID (NOVALIDSESSION) to the choosen one in the mail");
|
||||
|
||||
|
||||
hints.add("Stage 2: Watch out for hidden fields");
|
||||
hints.add("Stage 2: Manipulate the hidden field 'hidden_tan'");
|
||||
|
||||
return hints;
|
||||
|
||||
@ -675,6 +729,10 @@ public class SessionFixation extends SequentialLessonAdapter
|
||||
public String getInstructions(WebSession s)
|
||||
{
|
||||
int stage = getLessonTracker(s).getStage();
|
||||
if (stage > 4)
|
||||
{
|
||||
stage = 4;
|
||||
}
|
||||
String instructions = "STAGE " +stage+": ";
|
||||
if(stage == 1)
|
||||
{
|
||||
@ -698,9 +756,11 @@ public class SessionFixation extends SequentialLessonAdapter
|
||||
}
|
||||
else if (stage == 4)
|
||||
{
|
||||
instructions += "It is time to steal the session. <br><br><b>You are: Hacker Joe</b> ";
|
||||
instructions += "It is time to steal the session now. Just use the link you sent to " +
|
||||
"Jane.<br><br><b>You are: Hacker Joe</b> ";
|
||||
}
|
||||
|
||||
|
||||
return (instructions);
|
||||
}
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user