finished assignment
This commit is contained in:
		
				
					committed by
					
						 Nanne Baars
						Nanne Baars
					
				
			
			
				
	
			
			
			
						parent
						
							94b936036a
						
					
				
				
					commit
					8bc91ba4ec
				
			| @ -1,5 +1,6 @@ | |||||||
| package org.owasp.webgoat.plugin.mitigation; | package org.owasp.webgoat.plugin.mitigation; | ||||||
|  |  | ||||||
|  |  | ||||||
| import org.owasp.webgoat.assignments.AssignmentEndpoint; | import org.owasp.webgoat.assignments.AssignmentEndpoint; | ||||||
| import org.owasp.webgoat.assignments.AssignmentHints; | import org.owasp.webgoat.assignments.AssignmentHints; | ||||||
| import org.owasp.webgoat.assignments.AssignmentPath; | import org.owasp.webgoat.assignments.AssignmentPath; | ||||||
| @ -8,8 +9,6 @@ import org.springframework.web.bind.annotation.RequestMapping; | |||||||
| import org.springframework.web.bind.annotation.RequestMethod; | import org.springframework.web.bind.annotation.RequestMethod; | ||||||
| import org.springframework.web.bind.annotation.RequestParam; | import org.springframework.web.bind.annotation.RequestParam; | ||||||
| import org.springframework.web.bind.annotation.ResponseBody; | import org.springframework.web.bind.annotation.ResponseBody; | ||||||
| import org.jsoup.*; |  | ||||||
| import org.w3c.dom.*; |  | ||||||
|  |  | ||||||
|  |  | ||||||
| import javax.tools.*; | import javax.tools.*; | ||||||
| @ -27,31 +26,36 @@ public class CrossSiteScriptingLesson3 extends AssignmentEndpoint { | |||||||
|     @RequestMapping(method = RequestMethod.POST) |     @RequestMapping(method = RequestMethod.POST) | ||||||
|     @ResponseBody |     @ResponseBody | ||||||
|     public AttackResult completed(@RequestParam String editor) { |     public AttackResult completed(@RequestParam String editor) { | ||||||
|  |         //https://github.com/OWASP/owasp-java-encoder | ||||||
|  |         //maybe better idea for assignment | ||||||
|  |  | ||||||
|  |         String line1 =""; | ||||||
|  |         String line2 =""; | ||||||
|  |  | ||||||
|  |         String[] lines = editor.split(System.getProperty("line.separator")); | ||||||
|  |         for (int i = 0; i < lines.length; i++) { | ||||||
|  |             if(lines[i].contains("First Name")){ | ||||||
|  |                 line1 = lines[i+1].replace("                <td>","").replace("</td>",""); | ||||||
|  |             } else if (lines[i].contains("Last Name")){ | ||||||
|  |                 line2 = lines[i+1].replace("                <td>", "").replace("</td>", ""); | ||||||
|  |             } | ||||||
|  |         } | ||||||
|  |  | ||||||
|         editor = editor.replaceAll("\\<.*?>",""); |  | ||||||
|         //http://www.java67.com/2012/10/how-to-escape-html-special-characters-JSP-Java-Example.html |  | ||||||
|         // |  | ||||||
|         //<c:out value="${first_name/last_name}" escapeXml="true"/> |         //<c:out value="${first_name/last_name}" escapeXml="true"/> | ||||||
|         //or |         //or | ||||||
|         //${fn:escapeXml("param.first_name/last_name")} |         //${fn:escapeXml("param.first_name/last_name")} | ||||||
|  |  | ||||||
|         //check html string for regex |         if((line1.equals("<c:out value=\"${first_name}\" escapeXml=\"true\"/>") || line1.equals("<c:out escapeXml=\"true\" value=\"${first_name}\"/>")) | ||||||
|             //check for c:out && escapeXml="true" && !request.getParameter |                 && (line2.equals("<c:out value=\"${last_name}\" escapeXml=\"true\"/>")) || line2.equals("<c:out escapeXml=\"true\" value=\"${last_name}\" />")){ | ||||||
|         //Document doc = Jsoup.parse(editor); |  | ||||||
|         //Element e = doc.getElementById(); |  | ||||||
|  |  | ||||||
|         System.out.println(editor); |  | ||||||
|         if (editor.contains("c:out") && editor.contains("escapeXml=\"true\"") && editor.contains("value=\"${last_name}\"") && editor.contains("value=\"${first_name}\"")) { |  | ||||||
|             System.out.println("true"); |             System.out.println("true"); | ||||||
|             return trackProgress(success().build()); |             return trackProgress(success().feedback("xss-mitigation-3-success").build()); | ||||||
|         } |         } else if(line1.equals("${fn:escapeXml(\"param.first_name\")}") && line2.equals("${fn:escapeXml(\"param.last_name\")}")){ | ||||||
|         else if (editor.contains("${fn:escapeXml") && editor.contains("\"param.first_name\"") && editor.contains("\"param.last_name\"")) { |  | ||||||
|             System.out.println("true"); |             System.out.println("true"); | ||||||
|             return trackProgress(success().build()); |             return trackProgress(success().feedback("xss-mitigation-3-success").build()); | ||||||
|         } |         } else { | ||||||
|         else { |  | ||||||
|             System.out.println("false"); |             System.out.println("false"); | ||||||
|             return trackProgress(failed().build()); |             System.out.println(line1 + "\n" + line2); | ||||||
|  |             return trackProgress(failed().feedback("xss-mitigation-3-failure").build()); | ||||||
|         } |         } | ||||||
|     } |     } | ||||||
| } | } | ||||||
|  | |||||||
| @ -27,6 +27,29 @@ | |||||||
|                     var editor = ace.edit("editor"); |                     var editor = ace.edit("editor"); | ||||||
|                     editor.setTheme("ace/theme/monokai"); |                     editor.setTheme("ace/theme/monokai"); | ||||||
|                     editor.session.setMode("ace/mode/html"); |                     editor.session.setMode("ace/mode/html"); | ||||||
|  |                     editor.setValue("<html>\n" + | ||||||
|  |                         "\n" + | ||||||
|  |                         "<head>\n" + | ||||||
|  |                         "    <title>Using GET and POST Method to Read Form Data</title>\n" + | ||||||
|  |                         "</head>\n" + | ||||||
|  |                         "\n" + | ||||||
|  |                         "<body>\n" + | ||||||
|  |                         "    <h1>Using POST Method to Read Form Data</h1>\n" + | ||||||
|  |                         "    <table>\n" + | ||||||
|  |                         "        <tbody>\n" + | ||||||
|  |                         "            <tr>\n" + | ||||||
|  |                         "                <td><b>First Name:</b></td>\n" + | ||||||
|  |                         "                <td>YOUR CODE HERE</td>\n" + | ||||||
|  |                         "            </tr>\n" + | ||||||
|  |                         "            <tr>\n" + | ||||||
|  |                         "                <td><b>Last Name:</b></td>\n" + | ||||||
|  |                         "                <td>YOUR CODE HERE</td>\n" + | ||||||
|  |                         "            </tr>\n" + | ||||||
|  |                         "        </tbody>\n" + | ||||||
|  |                         "    </table>\n" + | ||||||
|  |                         "</body>\n" + | ||||||
|  |                         "\n" + | ||||||
|  |                         "</html>\n"); | ||||||
| 				</script> | 				</script> | ||||||
| 			</div> | 			</div> | ||||||
| 			<div class="input-group" style="margin-top: 10px"> | 			<div class="input-group" style="margin-top: 10px"> | ||||||
|  | |||||||
| @ -30,7 +30,9 @@ xss-stored-comment-success=It appears your payload should invoke the function. T | |||||||
| xss-stored-comment-failure=We can't see the payload in your submission, but XSS can be tricky. Look for the call back fired after the comments reload. If you see that and can put the correct value there and put it in, maybe you did succeed. | xss-stored-comment-failure=We can't see the payload in your submission, but XSS can be tricky. Look for the call back fired after the comments reload. If you see that and can put the correct value there and put it in, maybe you did succeed. | ||||||
| xss-stored-callback-success=Yes, that is the correct value (note, it will be a different value each time the phoneHome endpoint is called). | xss-stored-callback-success=Yes, that is the correct value (note, it will be a different value each time the phoneHome endpoint is called). | ||||||
| xss-stored-callback-failure=No, that is not the correct value (note, it will be a different value each time the phoneHome endpoint is called). | xss-stored-callback-failure=No, that is not the correct value (note, it will be a different value each time the phoneHome endpoint is called). | ||||||
| xss-mitigation-3-hint1=You don't store the user input in this example. Try to escape the user input right before you it into the HTML element. | xss-mitigation-3-hint1=You don't store the user input in this example. Try to html entity escape the user input right before you it into the HTML element. | ||||||
| xss-mitigation-3-hint2=Use JavaServer Pages Standard Tag Library (JSTL) tags or Unified Expression Language | xss-mitigation-3-hint2=Use JavaServer Pages Standard Tag Library (JSTL) tags or Unified Expression Language | ||||||
| xss-mitigation-3-hint3=You don't have to import the libs. (<%@ taglib uri = "http://java.sun.com/jsp/jstl/core" prefix = "c" %> and <%@ taglib uri = "http://java.sun.com/jsp/jstl/functions" prefix = "fn" %> already included in this example) | xss-mitigation-3-hint3=You don't have to import the libs. (<%@ taglib uri = "http://java.sun.com/jsp/jstl/core" prefix = "c" %> and <%@ taglib uri = "http://java.sun.com/jsp/jstl/functions" prefix = "fn" %> already included in this example) | ||||||
| xss-mitigation-3-hint4=Have you ever heared of escapeXml? Ask the web. | xss-mitigation-3-hint4=Have you ever heard of escapeXml? Ask the web. | ||||||
|  | xss-mitigation-3-success=You have completed this lesson. Congratulations! | ||||||
|  | xss-mitigation-3-failure=This in not the correct answer. Try again! | ||||||
| @ -1,10 +1,6 @@ | |||||||
| function ace_collect() { | function ace_collect() { | ||||||
|     let code = ""; |     let code = ""; | ||||||
|     $(".ace_line").each(function(i, el) { |     code = editor.getSession().getValue(); | ||||||
|         code += el.innerHTML; |  | ||||||
|     }); |  | ||||||
|     console.log(code); |  | ||||||
|     code = $(".ace_content")[0].innerHTML; |  | ||||||
|     $.ajax({ |     $.ajax({ | ||||||
|         type: "POST", |         type: "POST", | ||||||
|         url: "/WebGoat/CrossSiteScripting/attack3", |         url: "/WebGoat/CrossSiteScripting/attack3", | ||||||
|  | |||||||
| @ -21,27 +21,29 @@ Here is the JSP file: | |||||||
| [source,html] | [source,html] | ||||||
| ------------------------------------------------------- | ------------------------------------------------------- | ||||||
| <html> | <html> | ||||||
|    <head> |  | ||||||
|       <title>Using GET and POST Method to Read Form Data</title> | <head> | ||||||
|    </head> |     <title>Using GET and POST Method to Read Form Data</title> | ||||||
|    <body> | </head> | ||||||
|       <center> |  | ||||||
|       <h1>Using POST Method to Read Form Data</h1> | <body> | ||||||
|       <ul> |     <h1>Using POST Method to Read Form Data</h1> | ||||||
|          <li> |     <table> | ||||||
|             <p> |         <tbody> | ||||||
|                 <b>First Name:</b> |             <tr> | ||||||
|                 <%= request.getParameter("first_name")%> |                 <td><b>First Name:</b></td> | ||||||
|             </p> |                 <td><%= request.getParameter("first_name")%></td> | ||||||
|          </li> |             </tr> | ||||||
|          <li> |             <tr> | ||||||
|             <p> |                 <td><b>Last Name:</b></td> | ||||||
|                 <b>Last  Name:</b> |                 <td> | ||||||
|                 <%= request.getParameter("last_name")%> |                     <%= request.getParameter("last_name")%> | ||||||
|             </p> |                 </td> | ||||||
|          </li> |             </tr> | ||||||
|       </ul> |         </tbody> | ||||||
|    </body> |     </table> | ||||||
|  | </body> | ||||||
|  |  | ||||||
| </html> | </html> | ||||||
| ------------------------------------------------------- | ------------------------------------------------------- | ||||||
|  |  | ||||||
|  | |||||||
| @ -86,12 +86,6 @@ | |||||||
|             <artifactId>encoder</artifactId> |             <artifactId>encoder</artifactId> | ||||||
|             <version>1.2</version> |             <version>1.2</version> | ||||||
|         </dependency> |         </dependency> | ||||||
|         <dependency> |  | ||||||
|             <!-- jsoup HTML parser library @ https://jsoup.org/ --> |  | ||||||
|             <groupId>org.jsoup</groupId> |  | ||||||
|             <artifactId>jsoup</artifactId> |  | ||||||
|             <version>1.11.3</version> |  | ||||||
|         </dependency> |  | ||||||
|         <!-- Temporarily --> |         <!-- Temporarily --> | ||||||
|         <dependency> |         <dependency> | ||||||
|             <groupId>com.thoughtworks.xstream</groupId> |             <groupId>com.thoughtworks.xstream</groupId> | ||||||
|  | |||||||
		Reference in New Issue
	
	Block a user