dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

upgrade ascii doc with support for link in new tab

Browse Source
This commit is contained in:
Rene Zubcevic
2019-10-10 14:01:32 +02:00
committed by Nanne Baars
parent e0ac4a1083
commit 8d7142e6d3
9 changed files with 12 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
webgoat-lessons/challenge/src/main/resources/html/Challenge1.html
View File

@ -2,6 +2,9 @@
<html xmlns:th="http://www.thymeleaf.org">
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:Challenge_introduction.adoc"></div>
</div>
<div class="lesson-page-wrapper">
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>

2
webgoat-lessons/challenge/src/main/resources/lessonPlans/en/Challenge_introduction.adoc
View File

@ -4,7 +4,7 @@
The challenges contain more a CTF like lessons where we do not provide any explanations what you need to do, no hints
will be provided. You can use these challenges in a CTF style where you can run WebGoat on one server and all
participants can join and hack the challenges. A scoreboard is available at http://localhost:8080/WebGoat/scoreboard
participants can join and hack the challenges. A scoreboard is available at link:/WebGoat/scoreboard["/WebGoat/scoreboard",window=_blank]
:hardbreaks:
In this CTF you will need to solve a couple of challenges, each challenge will give you a flag which you will

4
webgoat-lessons/cross-site-scripting/src/main/resources/lessonPlans/en/CrossSiteScripting_content5b.adoc
View File

@ -5,6 +5,6 @@ You should have been able to execute script with the last example. At this point
Why is that?
That is because there is no link that would trigger that XSS.
You can try it yourself to see what happens ... go to (substitute localhost with your server's name or IP if you need to):
You can try it yourself to see what happens ... go to:
link: http://localhost:8080/WebGoat/CrossSiteScripting/attack5a?QTY1=1&QTY2=1&QTY3=1&QTY4=1&field1=<script>alert('my%20javascript%20here')</script>4128+3214+0002+1999&field2=111
link:/WebGoat/CrossSiteScripting/attack5a?QTY1=1&QTY2=1&QTY3=1&QTY4=1&field1=<script>alert('my%20javascript%20here')</script>4128+3214+0002+1999&field2=111["/WebGoat/CrossSiteScripting/attack5a?QTY1=1&QTY2=1&QTY3=1&QTY4=1&field1=<script>alert('my%20javascript%20here')</script>4128+3214+0002+1999&field2=111",window=_blank]

3
webgoat-lessons/http-proxies/src/main/resources/lessonPlans/en/HttpBasics_ProxyIntro4.adoc
View File

@ -12,8 +12,7 @@ image::images/zap_exclude.png[Select URL from history,style="lesson-image"]
A new window will open and add the following entries:
```
http://localhost:8080/WebGoat/service/.*
http://localhost:8080/WebGoat/.*.lesson.lesson
./WebGoat/service/..mvc
```
Click Ok to close the window, ZAP will now no longer proxy internal WebGoat requests.