Initial Commit of SSRF Lesson

2019-01-21 18:09:31 -04:00
parent 5ba6492684
commit 98f75e34d5
17 changed files with 494 additions and 1 deletions
--- a/webgoat-lessons/ssrf/src/main/resources/html/SSRF.html
+++ b/webgoat-lessons/ssrf/src/main/resources/html/SSRF.html
@ -0,0 +1,58 @@
+<!DOCTYPE html>
+
+<html xmlns:th="http://www.thymeleaf.org">
+
+    <div class="lesson-page-wrapper">
+        <div class="adoc-content" th:replace="doc:SSRF_Intro.adoc"></div>
+    </div>
+
+    <div class="lesson-page-wrapper">
+        <div class="adoc-content" th:replace="doc:SSRF_Task1.adoc"></div>
+        <div class="attack-container">
+            <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
+            <form class="attack-form" accept-charset="UNKNOWN"
+                  method="POST" name="form"
+                  action="/WebGoat/SSRF/task1"
+                  enctype="application/json;charset=UTF-8">
+                <table>
+                    <tr>
+                        <input type="hidden" id="url" name="url" value="images/tom.png"/>
+
+                        <td><input
+                                name="Steal the Cheese" value="Steal the Cheese" type="SUBMIT"/></td>
+                        <td></td>
+                    </tr>
+                </table>
+            </form>
+            <div class="attack-feedback"></div>
+            <div class="attack-output"></div>
+        </div>
+    </div>
+
+    <div class="lesson-page-wrapper">
+        <div class="adoc-content" th:replace="doc:SSRF_Task2.adoc"></div>
+        <div class="attack-container">
+            <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
+            <form class="attack-form" accept-charset="UNKNOWN"
+                  method="POST" name="form"
+                  action="/WebGoat/SSRF/task2"
+                  enctype="application/json;charset=UTF-8">
+                <table>
+                    <tr>
+                        <input type="hidden" id="url" name="url" value="images/cat.png"/>
+
+                        <td><input
+                                name="Run Ifconfig" value="Run Ifconfig" type="SUBMIT"/></td>
+                        <td></td>
+                    </tr>
+                </table>
+            </form>
+            <div class="attack-feedback"></div>
+            <div class="attack-output"></div>
+        </div>
+    </div>
+
+    <div class="lesson-page-wrapper">
+        <div class="adoc-content" th:replace="doc:SSRF_Prevent.adoc"></div>
+    </div>
+</html>