dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

increased sql form fields and fixed chrome progress

Browse Source
This commit is contained in:
Rene Zubcevic 2019-07-19 12:16:06 +02:00
parent 9471e53818
commit 99435a1073
4 changed files with 33 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
webgoat-lessons/chrome-dev-tools/src/main/java/org/owasp/webgoat/plugin/NetworkDummy.java
View File

@ -3,6 +3,7 @@ package org.owasp.webgoat.plugin;
import org.owasp.webgoat.assignments.AssignmentEndpoint; import org.owasp.webgoat.assignments.AssignmentEndpoint;
import org.owasp.webgoat.assignments.AssignmentPath; import org.owasp.webgoat.assignments.AssignmentPath;
import org.owasp.webgoat.assignments.AttackResult; import org.owasp.webgoat.assignments.AttackResult;
import org.owasp.webgoat.session.UserSessionData;
import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.RequestParam;
@ -21,7 +22,16 @@ public class NetworkDummy extends AssignmentEndpoint {
@RequestMapping(method = RequestMethod.POST) @RequestMapping(method = RequestMethod.POST)
public public
@ResponseBody @ResponseBody
AttackResult completed(@RequestParam String networkNum) throws IOException { AttackResult completed(@RequestParam String successMessage) throws IOException {
return trackProgress(failed().feedback("network.request").build());
UserSessionData userSessionData = getUserSessionData();
String answer = (String) userSessionData.getValue("randValue");
if (successMessage!=null && successMessage.equals(answer)) {
return trackProgress(success().feedback("xss-dom-message-success").build());
} else {
return trackProgress(failed().feedback("xss-dom-message-failure").build());
}
} }
} }

10
webgoat-lessons/chrome-dev-tools/src/main/java/org/owasp/webgoat/plugin/NetworkLesson.java
View File

@ -4,6 +4,7 @@ import org.owasp.webgoat.assignments.AssignmentEndpoint;
import org.owasp.webgoat.assignments.AssignmentHints; import org.owasp.webgoat.assignments.AssignmentHints;
import org.owasp.webgoat.assignments.AssignmentPath; import org.owasp.webgoat.assignments.AssignmentPath;
import org.owasp.webgoat.assignments.AttackResult; import org.owasp.webgoat.assignments.AttackResult;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.RequestParam;
@ -21,7 +22,7 @@ import java.io.IOException;
@AssignmentHints({"networkHint1", "networkHint2"}) @AssignmentHints({"networkHint1", "networkHint2"})
public class NetworkLesson extends AssignmentEndpoint { public class NetworkLesson extends AssignmentEndpoint {
@RequestMapping(method = RequestMethod.POST) @RequestMapping(method = RequestMethod.POST, params= {"network_num","number"})
public public
@ResponseBody @ResponseBody
AttackResult completed(@RequestParam String network_num, @RequestParam String number) throws IOException { AttackResult completed(@RequestParam String network_num, @RequestParam String number) throws IOException {
@ -31,4 +32,11 @@ public class NetworkLesson extends AssignmentEndpoint {
return trackProgress(failed().feedback("network.failed").build()); return trackProgress(failed().feedback("network.failed").build());
} }
} }
@RequestMapping(method = RequestMethod.POST, params="networkNum")
public
@ResponseBody
ResponseEntity<?> ok(@RequestParam String networkNum) throws IOException {
return ResponseEntity.ok().build();
}
} }

41
webgoat-lessons/chrome-dev-tools/src/main/resources/html/ChromeDevTools.html
View File

@ -2,25 +2,29 @@
<html xmlns:th="http://www.thymeleaf.org"> <html xmlns:th="http://www.thymeleaf.org">
<!-- 1 -->
<div class="lesson-page-wrapper"> <div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:ChromeDevTools_intro.adoc"></div> <div class="adoc-content" th:replace="doc:ChromeDevTools_intro.adoc"></div>
</div> </div>
<!-- 2 -->
<div class="lesson-page-wrapper"> <div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:ChromeDevTools_elements.adoc"></div> <div class="adoc-content" th:replace="doc:ChromeDevTools_elements.adoc"></div>
</div> </div>
<!-- 3 -->
<div class="lesson-page-wrapper"> <div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:ChromeDevTools_console.adoc"></div> <div class="adoc-content" th:replace="doc:ChromeDevTools_console.adoc"></div>
</div> </div>
<!-- 4 -->
<div class="lesson-page-wrapper"> <div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:ChromeDevTools_Assignment.adoc"></div> <div class="adoc-content" th:replace="doc:ChromeDevTools_Assignment.adoc"></div>
<div class="attack-container"> <div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div> <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<form class="attack-form" accept-charset="UNKNOWN" <form class="attack-form" accept-charset="UNKNOWN"
method="POST" name="DOMFollowUp" method="POST" name="DOMFollowUp"
action="/WebGoat/CrossSiteScripting/dom-follow-up" action="/WebGoat/ChromeDevTools/dummy"
enctype="application/json;charset=UTF-8"> enctype="application/json;charset=UTF-8">
<input name="successMessage" value="" type="TEXT" /> <input name="successMessage" value="" type="TEXT" />
<input name="submitMessage" value="Submit" type="SUBMIT"/> <input name="submitMessage" value="Submit" type="SUBMIT"/>
@ -30,17 +34,19 @@
</div> </div>
</div> </div>
<!-- 5 -->
<div class="lesson-page-wrapper"> <div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:ChromeDevTools_sources.adoc"></div> <div class="adoc-content" th:replace="doc:ChromeDevTools_sources.adoc"></div>
</div> </div>
<!-- 6 -->
<div class="lesson-page-wrapper"> <div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:ChromeDevTools_Assignment_Network.adoc"></div> <div class="adoc-content" th:replace="doc:ChromeDevTools_Assignment_Network.adoc"></div>
<div class="attack-container"> <div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div> <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<form class="attack-form" accept-charset="UNKNOWN" <form class="attack-form" accept-charset="UNKNOWN"
method="POST" name="form" method="POST" name="form"
action="/WebGoat/ChromeDevTools/dummy" action="/WebGoat/ChromeDevTools/network"
enctype="application/json;charset=UTF-8"> enctype="application/json;charset=UTF-8">
<script> <script>
// sample custom javascript in the recommended way ... // sample custom javascript in the recommended way ...
@ -79,35 +85,4 @@
</div> </div>
</div> </div>
<!--
<div class="lesson-page-wrapper">
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<form class="attack-form" accept-charset="UNKNOWN"
method="POST" name="form"
action="/WebGoat/HttpBasics/attack1"
enctype="application/json;charset=UTF-8">
<script>
console.log("in listener");
document.getElementById("butn").addEventListener("click", function() {
document.getElementById("inp").value = Math.random() * 100;
});
</script>
<table>
<tr>
<td>Click this Button to make a request</td>
<td><Button id="butn"></Button></td>
<td><input id="inp" name="networkNumber" value="" type="hidden"/><input
name="SUBMIT" value="Go!" type="SUBMIT" /></td>
</tr>
<tr>
<td>The Network Number is:</td>
<td><input name="number" value="" type="text" /></td>
<td><button type="submit" formaction="/WebGoat/ChromeDevTools/network">Check</button></td>
</tr>
</table>
</form>
</div>
</div>
-->
</html> </html>

8
webgoat-lessons/sql-injection/src/main/resources/html/SqlInjection.html
View File

@ -21,7 +21,7 @@
<table> <table>
<tr> <tr>
<td><label>SQL query</label></td> <td><label>SQL query</label></td>
<td><input name="query" value="" type="TEXT" placeholder="SQL query"/></td> <td width="100%"><input class="form-control" name="query" value="" type="TEXT" placeholder="SQL query"/></td>
</tr> </tr>
<tr> <tr>
<td><button type="SUBMIT">Submit</button></td> <td><button type="SUBMIT">Submit</button></td>
@ -46,7 +46,7 @@
<table> <table>
<tr> <tr>
<td><label>SQL query</label></td> <td><label>SQL query</label></td>
<td><input name="query" value="" type="TEXT" placeholder="SQL query"/></td> <td width="100%"><input class="form-control" name="query" value="" type="TEXT" placeholder="SQL query"/></td>
</tr> </tr>
<tr> <tr>
<td><button type="SUBMIT">Submit</button></td> <td><button type="SUBMIT">Submit</button></td>
@ -71,7 +71,7 @@
<table> <table>
<tr> <tr>
<td><label>SQL query</label></td> <td><label>SQL query</label></td>
<td><input name="query" value="" type="TEXT" placeholder="SQL query"/></td> <td width="100%"><input class="form-control" name="query" value="" type="TEXT" placeholder="SQL query"/></td>
</tr> </tr>
<tr> <tr>
<td><button type="SUBMIT">Submit</button></td> <td><button type="SUBMIT">Submit</button></td>
@ -96,7 +96,7 @@
<table> <table>
<tr> <tr>
<td><label>SQL query</label></td> <td><label>SQL query</label></td>
<td><input name="query" value="" type="TEXT" placeholder="SQL query"/></td> <td width="100%"><input class="form-control" name="query" value="" type="TEXT" placeholder="SQL query"/></td>
</tr> </tr>
<tr> <tr>
<td><button type="SUBMIT">Submit</button></td> <td><button type="SUBMIT">Submit</button></td>