dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

* Hints added

Browse Source 
* Solutions added
* Bugfixes
* Introduction added (including how to start with webgoat and useful tools)
* New lesson: Password strength
* New lessons: Multi Level Login
* Not yet working new lesson: Session fixation (inital release)

git-svn-id: http://webgoat.googlecode.com/svn/trunk@301 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
wirth.marcel
2008-04-07 14:28:38 +00:00
parent ce703bc67d
commit 82e32acb77
137 changed files with 4230 additions and 479 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
webgoat/main/project/WebContent/lesson_solutions/XMLInjection.html
View File

@ -734,44 +734,43 @@ field-end'></span><![endif]--> Intercepted HTTP Response</p>
<p class=MsoNormal><o:p>&nbsp;</o:p></p>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>From the HTTP Response you can see that you get back an XML
message with the rewards for your account:</p></span>
message with the rewards for your account:</span></p>
<p class=MsoNormal><o:p>&nbsp;</o:p></p>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>&lt;root&gt;</p></span>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>&lt;root&gt;</span></p>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>&lt;reward&gt;WebGoat t-shirt 20 Pts&lt;/reward&gt;</p></span>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>&lt;reward&gt;WebGoat t-shirt 20 Pts&lt;/reward&gt;</span></p>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>&lt;reward&gt;WebGoat Secure Kettle 50 Pts&lt;/reward&gt;</p></span>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>&lt;reward&gt;WebGoat Secure Kettle 50 Pts&lt;/reward&gt;</span></p>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>&lt;reward&gt;WebGoat Mug 30 Pts&lt;/reward&gt;</p></span>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>&lt;reward&gt;WebGoat Mug 30 Pts&lt;/reward&gt;</span></p>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>&lt;/root&gt;</p></span>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>&lt;/root&gt;</span></p>
<p class=MsoNormal><o:p>&nbsp;</o:p></p>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>What happens if you intercept this HTTP Response and update
the XML message to become:</p></span>
the XML message to become:</span></p>
<p class=MsoNormal><o:p>&nbsp;</o:p></p>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>&lt;root&gt;</p></span>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>&lt;root&gt;</span></p>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>&lt;reward&gt;WebGoat t-shirt 20 Pts&lt;/reward&gt;</p></span>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>&lt;reward&gt;WebGoat t-shirt 20 Pts&lt;/reward&gt;</span></p>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>&lt;reward&gt;WebGoat Secure Kettle 50 Pts&lt;/reward&gt;</p></span>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>&lt;reward&gt;WebGoat Secure Kettle 50 Pts&lt;/reward&gt;</span></p>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>&lt;reward&gt;WebGoat Mug 30 Pts&lt;/reward&gt;</p></span>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>&lt;reward&gt;WebGoat Mug 30 Pts&lt;/reward&gt;</span></p>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>&lt;reward&gt;WebGoat Core Duo Laptop 2000
Pts&lt;/reward&gt;</p></span>
Pts&lt;/reward&gt;</span></p>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>&lt;reward&gt;WebGoat Hawaii Cruise 3000 Pts&lt;/reward&gt;</p></span>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>&lt;reward&gt;WebGoat Hawaii Cruise 3000 Pts&lt;/reward&gt;</span></p>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>&lt;/root&gt;</p></span>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>&lt;/root&gt;</span></p>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></p>
</span>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
<p class=MsoNormal style='page-break-after:avoid'><span style='mso-no-proof:
yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_68" o:spid="_x0000_i1028"
@ -827,7 +826,7 @@ field-end'></span><![endif]--> Select your reward</p>
<p class=MsoNormal><o:p>&nbsp;</o:p></p>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Select the
Laptop and the Cruise and click <EFBFBD>Submit<EFBFBD>.<o:p></o:p></span></p>
Laptop and the Cruise and click "Submit".<o:p></o:p></span></p>
<p class=MsoNormal><o:p>&nbsp;</o:p></p>