dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Updated XXE lesson so it also uses WebWolf

Browse Source
This commit is contained in:
Nanne Baars
2017-10-07 13:46:34 +02:00
parent 94caba7eb1
commit 8a982dedb5
13 changed files with 180 additions and 100 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
webgoat-lessons/webwolf-introduction/src/main/java/org/owasp/webgoat/plugin/LandingAssignment.java
View File

@ -4,10 +4,10 @@ import org.apache.commons.lang3.StringUtils;
import org.owasp.webgoat.assignments.AssignmentEndpoint;
import org.owasp.webgoat.assignments.AssignmentPath;
import org.owasp.webgoat.assignments.AttackResult;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.client.RestTemplate;
import org.springframework.web.servlet.ModelAndView;
import javax.servlet.http.HttpServletRequest;
@ -21,7 +21,8 @@ import java.net.URISyntaxException;
@AssignmentPath("/WebWolf/landing")
public class LandingAssignment extends AssignmentEndpoint {
private RestTemplate restTemplate = new RestTemplate();
@Value("${webworf.url.landingpage}")
private String landingPageUrl;
@PostMapping
@ResponseBody
@ -37,7 +38,7 @@ public class LandingAssignment extends AssignmentEndpoint {
public ModelAndView openPasswordReset(HttpServletRequest request) throws URISyntaxException {
URI uri = new URI(request.getRequestURL().toString());
ModelAndView modelAndView = new ModelAndView();
modelAndView.addObject("webwolfUrl", uri.getScheme() + "://" + uri.getHost() + ":8081");
modelAndView.addObject("webwolfUrl", landingPageUrl);
modelAndView.addObject("uniqueCode", StringUtils.reverse(getWebSession().getUserName()));
modelAndView.setViewName("webwolfPasswordReset");

2
webgoat-lessons/webwolf-introduction/src/main/resources/lessonPlans/en/Landing_page.adoc
View File

@ -1,6 +1,6 @@
== Landing page
This page will show all the requests made to '/' or '/challenge'. This means
This page will show all the requests made to '/landing/**'. This means
you can use WebWolf as your landing page for harvesting cookies etc which
is helpful when you perform a XSS lesson.