Fixed minor issues for properties and starting WebGoat

.travis.yml

@@ -35,6 +35,7 @@ deploy:
       branch: develop
   - provider: releases
     skip_cleanup: true
+    overwrite: true
     api_key:
       #api-key from webgoat-github user
       secure: pJOLBnl6427PcVg/tVy/qB18JC7b8cKpffau+IP0pjdSt7KUfBdBY3QuJ7mrM65zRoVILzggLckaew2PlRmYQRdumyWlyRn44XiJ9KO4n6Bsufbz+ictB4ggtozpp9+I9IIUh1TmqypL9lhkX2ONM9dSHmyblYpAAgMuYSK8FYc=

README.MD

@@ -65,7 +65,7 @@ _Please note: this version may not be completely in sync with the develop branch
 Download the latest WebWolf release from [https://github.com/WebGoat/WebGoat/releases](https://github.com/WebGoat/WebGoat/releases)
 
 ```Shell
-java -jar webwolf-<<version>>.jar
+java -jar webgoat-server-<<version>>.jar
 ```
 
 

webgoat-container/src/main/resources/application.properties

@@ -30,16 +30,15 @@ webgoat.database.connection.string=jdbc:hsqldb:mem:{USER}
 webgoat.default.language=en
 webgoat.embedded.mongo=${WG_INTERNAL_MONGO:true}
 
-webwolf.port=8081
+webwolf.host=${WEBWOLF_HOST:localhost}
-webwolf.url=http://localhost:${webwolf.port}/WebWolf
+webwolf.port=${WEBWOLF_PORT:8081}
-webworf.url.landingpage=http://localhost:${webwolf.port}/landing
+webwolf.url=http://${webwolf.host}:${webwolf.port}/WebWolf
-webworf.url.mail=http://localhost:${webwolf.port}/mail
+webworf.url.landingpage=http://${webwolf.host}:${webwolf.port}/landing
+webworf.url.mail=http://${webwolf.host}:${webwolf.port}/mail
 
 spring.jackson.serialization.indent_output=true
 spring.jackson.serialization.write-dates-as-timestamps=false
 
-spring.activemq.brokerUrl=tcp://${WG_MQ_HOST:localhost}:${WG_MQ_PORT:61616}
-
 spring.data.mongodb.host=${WG_MONGO_HOST:localhost}
 spring.data.mongodb.port=${WG_MONGO_PORT:27017}
 spring.data.mongodb.database=webgoat

webgoat-lessons/sol.txt

@@ -11,6 +11,7 @@ bender@juice-sh.op' --
 101 or 1=1
 
 Smith' union select userid,user_name, password,cookie,cookie, cookie,userid from user_system_data --
+Smith' union select all 1, '2' ,user_name,password, 'MC', cookie, 2 from user_system_data --
 
 ## XXE ##
 

webwolf/Dockerfile

@@ -1,8 +1,13 @@
 FROM openjdk:8-jre-slim
 
+ARG webwolf_version=8.0-SNAPSHOT
+
 RUN useradd --home-dir /home/webwolf --create-home -U webwolf
 
-USER webwolf
+RUN apt-get update; apt-get install curl -y
-RUN cd /home/webwolf/
+
-COPY target/webwolf-8.0-SNAPSHOT.jar /home/webwolf/webwolf.jar
 COPY start.sh /home/webwolf/start.sh
+RUN chmod +x /home/webwolf/start.sh
+
+USER webwolf
+COPY target/webwolf-${webwolf_version}.jar /home/webwolf/webwolf.jar

webwolf/src/main/resources/application.properties

@@ -28,15 +28,12 @@ multipart.max-request-size=1Mb
 webwolf.fileserver.location=${java.io.tmpdir}/webwolf-fileserver
 
 
-spring.data.mongodb.host=${WG_MONGO_HOST:localhost}
+spring.data.mongodb.host=${WG_MONGO_HOST:}
 spring.data.mongodb.port=${WG_MONGO_PORT:27017}
 spring.data.mongodb.database=webgoat
 
 spring.jackson.serialization.indent_output=true
 spring.jackson.serialization.write-dates-as-timestamps=false
 
-spring.activemq.broker-url=tcp://${WG_MQ_HOST:localhost}:${WG_MQ_PORT:61616}
-spring.activemq.in-memory=true
-
 #For static file refresh ... and faster dev :D
 spring.devtools.restart.additional-paths=webwolf/src/main/resources/static/

webwolf/src/main/resources/templates/requests.html

@@ -18,7 +18,7 @@
         <p>
             Challenges in which you need to call your hacker machine WebWolf offers a simple httpd
             server functionality which only logs the incoming request. You can use the following URL:
-            http://localhost:8081/ and the incoming request will be available below.
+            http://webwolf/landing/* and the incoming request will be available below.
         </p>
         <p>
             This is by no means a substitution of httpd but it offers enough functionality to callback to a safe