corrected spelling and some formatting
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@360 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
@ -107,10 +107,7 @@ public class DangerousEval extends LessonAdapter
|
||||
tr = new TR();
|
||||
tr.addElement(new TD().addElement("Studio RTA - Laptop/Reading Cart with Tilting Surface - Cherry "));
|
||||
tr.addElement(new TD().addElement("69.99").setAlign("right"));
|
||||
tr.addElement(new TD().addElement(
|
||||
new Input(Input.TEXT, "QTY1", s.getParser().getStringParameter("QTY1",
|
||||
"1")))
|
||||
.setAlign("right"));
|
||||
tr.addElement(new TD().addElement(new Input(Input.TEXT, "QTY1", s.getParser().getStringParameter("QTY1", "1"))).setAlign("right"));
|
||||
quantity = s.getParser().getFloatParameter("QTY1", 0.0f);
|
||||
total = quantity * 69.99f;
|
||||
runningTotal += total;
|
||||
@ -119,10 +116,7 @@ public class DangerousEval extends LessonAdapter
|
||||
tr = new TR();
|
||||
tr.addElement(new TD().addElement("Dynex - Traditional Notebook Case"));
|
||||
tr.addElement(new TD().addElement("27.99").setAlign("right"));
|
||||
tr.addElement(new TD().addElement(
|
||||
new Input(Input.TEXT, "QTY2", s.getParser().getStringParameter("QTY2",
|
||||
"1")))
|
||||
.setAlign("right"));
|
||||
tr.addElement(new TD().addElement(new Input(Input.TEXT, "QTY2", s.getParser().getStringParameter("QTY2", "1"))).setAlign("right"));
|
||||
quantity = s.getParser().getFloatParameter("QTY2", 0.0f);
|
||||
total = quantity * 27.99f;
|
||||
runningTotal += total;
|
||||
@ -131,10 +125,7 @@ public class DangerousEval extends LessonAdapter
|
||||
tr = new TR();
|
||||
tr.addElement(new TD().addElement("Hewlett-Packard - Pavilion Notebook with Intel<65> Centrino<6E>"));
|
||||
tr.addElement(new TD().addElement("1599.99").setAlign("right"));
|
||||
tr.addElement(new TD().addElement(
|
||||
new Input(Input.TEXT, "QTY3", s.getParser().getStringParameter("QTY3",
|
||||
"1")))
|
||||
.setAlign("right"));
|
||||
tr.addElement(new TD().addElement(new Input(Input.TEXT, "QTY3", s.getParser().getStringParameter("QTY3", "1"))).setAlign("right"));
|
||||
quantity = s.getParser().getFloatParameter("QTY3", 0.0f);
|
||||
total = quantity * 1599.99f;
|
||||
runningTotal += total;
|
||||
@ -144,10 +135,7 @@ public class DangerousEval extends LessonAdapter
|
||||
tr.addElement(new TD().addElement("3 - Year Performance Service Plan $1000 and Over "));
|
||||
tr.addElement(new TD().addElement("299.99").setAlign("right"));
|
||||
|
||||
tr.addElement(new TD().addElement(
|
||||
new Input(Input.TEXT, "QTY4", s.getParser().getStringParameter("QTY4",
|
||||
"1")))
|
||||
.setAlign("right"));
|
||||
tr.addElement(new TD().addElement(new Input(Input.TEXT, "QTY4", s.getParser().getStringParameter("QTY4", "1"))).setAlign("right"));
|
||||
quantity = s.getParser().getFloatParameter("QTY4", 0.0f);
|
||||
total = quantity * 299.99f;
|
||||
runningTotal += total;
|
||||
@ -232,16 +220,15 @@ public class DangerousEval extends LessonAdapter
|
||||
hints.add("The lesson is similar to the standard reflected cross-site scripting lesson.");
|
||||
hints.add("The access code parameter is vulnerable to a reflected cross-site scripting problem.");
|
||||
hints.add("The usual <SCRIPT>alert(document.cookie);</SCRIPT> will not work in this lesson. Why?");
|
||||
hints
|
||||
.add("User-supplied data is landing in the Javascript eval() function. Your attack will not require the < and > characters.");
|
||||
hints.add("User-supplied data is landing in the Javascript eval() function. Your attack will not require the < and > characters.");
|
||||
hints.add("In order to pass this lesson, you must 'alert' the document.cookie.");
|
||||
hints.add("Try 123');alert(document.cookie);('");
|
||||
return hints;
|
||||
}
|
||||
|
||||
// <script type="text/javascript">if ( navigator.appName.indexOf("Microsoft") !=-1) {var xmlHttp
|
||||
// = new
|
||||
// ActiveXObject("Microsoft.XMLHTTP");xmlHttp.open("TRACE", "./", false);
|
||||
|
||||
// <script type="text/javascript">if ( navigator.appName.indexOf("Microsoft") !=-1)
|
||||
// {var xmlHttp = new ActiveXObject("Microsoft.XMLHTTP");xmlHttp.open("TRACE", "./", false);
|
||||
// xmlHttp.send();str1=xmlHttp.responseText;document.write(str1);}</script>
|
||||
/**
|
||||
* Gets the instructions attribute of the WeakAccessControl object
|
||||
|
Reference in New Issue
Block a user