upgrade ascii doc with support for link in new tab
This commit is contained in:
		
				
					committed by
					
						 Nanne Baars
						Nanne Baars
					
				
			
			
				
	
			
			
			
						parent
						
							e0ac4a1083
						
					
				
				
					commit
					8d7142e6d3
				
			| @ -95,7 +95,7 @@ | |||||||
|         <dependency> |         <dependency> | ||||||
|             <groupId>org.asciidoctor</groupId> |             <groupId>org.asciidoctor</groupId> | ||||||
|             <artifactId>asciidoctorj</artifactId> |             <artifactId>asciidoctorj</artifactId> | ||||||
|             <version>1.5.4</version> |             <version>1.5.8.1</version> | ||||||
|         </dependency> |         </dependency> | ||||||
|         <dependency> |         <dependency> | ||||||
|             <groupId>org.springframework.boot</groupId> |             <groupId>org.springframework.boot</groupId> | ||||||
|  | |||||||
| @ -12,7 +12,7 @@ public class OperatingSystemMacro extends InlineMacroProcessor { | |||||||
|     } |     } | ||||||
|  |  | ||||||
|     @Override |     @Override | ||||||
|     protected String process(AbstractBlock parent, String target, Map<String, Object> attributes) { | 	public String process(AbstractBlock parent, String target, Map<String, Object> attributes) { | ||||||
|         return System.getProperty("os.name"); |         return System.getProperty("os.name"); | ||||||
|     } |     } | ||||||
| } | } | ||||||
|  | |||||||
| @ -11,7 +11,7 @@ public class WebGoatTmpDirMacro extends InlineMacroProcessor { | |||||||
|     } |     } | ||||||
|  |  | ||||||
|     @Override |     @Override | ||||||
|     protected String process(AbstractBlock parent, String target, Map<String, Object> attributes) { | 	public String process(AbstractBlock parent, String target, Map<String, Object> attributes) { | ||||||
|         return EnvironmentExposure.getEnv().getProperty("webgoat.server.directory"); |         return EnvironmentExposure.getEnv().getProperty("webgoat.server.directory"); | ||||||
|     } |     } | ||||||
| } | } | ||||||
|  | |||||||
| @ -11,7 +11,7 @@ public class WebGoatVersionMacro extends InlineMacroProcessor { | |||||||
|     } |     } | ||||||
|  |  | ||||||
|     @Override |     @Override | ||||||
|     protected String process(AbstractBlock parent, String target, Map<String, Object> attributes) { | 	public String process(AbstractBlock parent, String target, Map<String, Object> attributes) { | ||||||
|         return EnvironmentExposure.getEnv().getProperty("webgoat.build.version"); |         return EnvironmentExposure.getEnv().getProperty("webgoat.build.version"); | ||||||
|     } |     } | ||||||
| } | } | ||||||
|  | |||||||
| @ -23,7 +23,7 @@ public class WebWolfMacro extends InlineMacroProcessor { | |||||||
|     } |     } | ||||||
|  |  | ||||||
|     @Override |     @Override | ||||||
|     protected String process(AbstractBlock parent, String target, Map<String, Object> attributes) { | 	public String process(AbstractBlock parent, String target, Map<String, Object> attributes) { | ||||||
|         Environment env = EnvironmentExposure.getEnv(); |         Environment env = EnvironmentExposure.getEnv(); | ||||||
|         String hostname = determineHost(env.getProperty("webwolf.host"), env.getProperty("webwolf.port")); |         String hostname = determineHost(env.getProperty("webwolf.host"), env.getProperty("webwolf.port")); | ||||||
|  |  | ||||||
|  | |||||||
| @ -2,6 +2,9 @@ | |||||||
|  |  | ||||||
| <html xmlns:th="http://www.thymeleaf.org"> | <html xmlns:th="http://www.thymeleaf.org"> | ||||||
|  |  | ||||||
|  | <div class="lesson-page-wrapper"> | ||||||
|  |     <div class="adoc-content" th:replace="doc:Challenge_introduction.adoc"></div> | ||||||
|  | </div> | ||||||
| <div class="lesson-page-wrapper"> | <div class="lesson-page-wrapper"> | ||||||
|     <div class="attack-container"> |     <div class="attack-container"> | ||||||
|         <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div> |         <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div> | ||||||
|  | |||||||
| @ -4,7 +4,7 @@ | |||||||
|  |  | ||||||
| The challenges contain more a CTF like lessons where we do not provide any explanations what you need to do, no hints | The challenges contain more a CTF like lessons where we do not provide any explanations what you need to do, no hints | ||||||
| will be provided. You can use these challenges in a CTF style where you can run WebGoat on one server and all | will be provided. You can use these challenges in a CTF style where you can run WebGoat on one server and all | ||||||
| participants can join and hack the challenges. A scoreboard is available at http://localhost:8080/WebGoat/scoreboard | participants can join and hack the challenges. A scoreboard is available at link:/WebGoat/scoreboard["/WebGoat/scoreboard",window=_blank] | ||||||
|  |  | ||||||
| :hardbreaks: | :hardbreaks: | ||||||
| In this CTF you will need to solve a couple of challenges, each challenge will give you a flag which you will | In this CTF you will need to solve a couple of challenges, each challenge will give you a flag which you will | ||||||
|  | |||||||
| @ -5,6 +5,6 @@ You should have been able to execute script with the last example. At this point | |||||||
| Why is that? | Why is that? | ||||||
|  |  | ||||||
| That is because there is no link that would trigger that XSS. | That is because there is no link that would trigger that XSS. | ||||||
| You can try it yourself to see what happens ... go to (substitute localhost with your server's name or IP if you need to): | You can try it yourself to see what happens ... go to: | ||||||
|  |  | ||||||
| link: http://localhost:8080/WebGoat/CrossSiteScripting/attack5a?QTY1=1&QTY2=1&QTY3=1&QTY4=1&field1=<script>alert('my%20javascript%20here')</script>4128+3214+0002+1999&field2=111 | link:/WebGoat/CrossSiteScripting/attack5a?QTY1=1&QTY2=1&QTY3=1&QTY4=1&field1=<script>alert('my%20javascript%20here')</script>4128+3214+0002+1999&field2=111["/WebGoat/CrossSiteScripting/attack5a?QTY1=1&QTY2=1&QTY3=1&QTY4=1&field1=<script>alert('my%20javascript%20here')</script>4128+3214+0002+1999&field2=111",window=_blank] | ||||||
|  | |||||||
| @ -12,8 +12,7 @@ image::images/zap_exclude.png[Select URL from history,style="lesson-image"] | |||||||
| A new window will open and add the following entries: | A new window will open and add the following entries: | ||||||
|  |  | ||||||
| ``` | ``` | ||||||
| http://localhost:8080/WebGoat/service/.* | ./WebGoat/service/..mvc | ||||||
| http://localhost:8080/WebGoat/.*.lesson.lesson |  | ||||||
| ``` | ``` | ||||||
|  |  | ||||||
| Click Ok to close the window, ZAP will now no longer proxy internal WebGoat requests. | Click Ok to close the window, ZAP will now no longer proxy internal WebGoat requests. | ||||||
|  | |||||||
		Reference in New Issue
	
	Block a user