diff --git a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Challenge2Screen.java b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Challenge2Screen.java index 8a6dd3673..04a43c4d6 100644 --- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Challenge2Screen.java +++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Challenge2Screen.java @@ -386,11 +386,11 @@ public class Challenge2Screen extends SequentialLessonAdapter // show webgoat.jsp text ec.addElement(new H1().addElement("Original Website Text")); - ec.addElement(new IFrame().setHeight("500").setWidth("100%").setSrc("/WebGoat/" + WEBGOAT_CHALLENGE_JSP)); + ec.addElement(new IFrame().setHeight("500").setWidth("100%").setSrc(s.getRequest().getContextPath() + "/" + WEBGOAT_CHALLENGE_JSP)); ec.addElement(new HR()); ec.addElement(new H1().addElement("Defaced Website Text")); ec.addElement(new IFrame().setHeight("500").setWidth("100%").setSrc( - "/WebGoat/" + WEBGOAT_CHALLENGE + "_" + s.getRequest().getContextPath() + "/" + WEBGOAT_CHALLENGE + "_" + s.getUserName() + JSP)); ec.addElement(new HR()); diff --git a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WSDLScanning.java b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WSDLScanning.java index 584cc879b..3daba76c0 100644 --- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WSDLScanning.java +++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WSDLScanning.java @@ -136,7 +136,7 @@ public class WSDLScanning extends LessonAdapter return "WSDL Scanning"; } - public Object accessWGService(String serv, int port, String proc, String parameterName, Object parameterValue) + public Object accessWGService(WebSession s, String serv, int port, String proc, String parameterName, Object parameterValue) { String targetNamespace = "WebGoat"; try @@ -150,7 +150,7 @@ public class WSDLScanning extends LessonAdapter call.setReturnType(XMLType.XSD_STRING); call.setUsername("guest"); call.setPassword("guest"); - call.setTargetEndpointAddress("http://localhost:" + port + "/WebGoat/services/" + serv); + call.setTargetEndpointAddress("http://localhost:" + port + "/" + s.getRequest().getContextPath() + "/services/" + serv); Object result = call.invoke(new Object[] { parameterValue }); return result; } catch (RemoteException e) @@ -214,7 +214,7 @@ public class WSDLScanning extends LessonAdapter for (int i = 0; i < fields.length; i++) { header.addElement(new TD().addElement(fields[i])); - results.addElement(new TD().addElement((String) accessWGService("WSDLScanning", port, fields[i], + results.addElement(new TD().addElement((String) accessWGService(s, "WSDLScanning", port, fields[i], "acct_num", new Integer(id)))); } if (fields.length == 0) diff --git a/webgoat/main/project/JavaSource/org/owasp/webgoat/util/Interceptor.java b/webgoat/main/project/JavaSource/org/owasp/webgoat/util/Interceptor.java index 73344dd94..4661b6ecd 100644 --- a/webgoat/main/project/JavaSource/org/owasp/webgoat/util/Interceptor.java +++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/util/Interceptor.java @@ -123,8 +123,8 @@ public class Interceptor implements Filter String url = req.getRequestURL().toString(); - RequestDispatcher disp = req.getRequestDispatcher(url.substring(url.lastIndexOf("WebGoat/") - + "WebGoat".length())); + RequestDispatcher disp = req.getRequestDispatcher(url.substring(url.lastIndexOf(req.getContextPath() + "/") + + req.getContextPath().length())); disp.forward(request, response); diff --git a/webgoat/main/project/WebContent/lesson_plans/HowToWork.html b/webgoat/main/project/WebContent/lesson_plans/HowToWork.html index be75a11ff..94cb85851 100644 --- a/webgoat/main/project/WebContent/lesson_plans/HowToWork.html +++ b/webgoat/main/project/WebContent/lesson_plans/HowToWork.html @@ -15,7 +15,7 @@ in the Introduction section.

The WebGoat Interface

-

+

1. These are Lesson Categories in WebGoat. Click on a Category to see all Lessons in it.
2. This will show technical hints to solve the lesson.
3. This will show the HTTP Request Parameters
@@ -34,16 +34,16 @@ solution for complete details.

To read and edit Parameters you need a local proxy to intercept the HTTP request. Here we use WebScarab. More information on WebScarab can be found in the "Useful Tools" Chapter. After installing WebScarab and configuring your browser to use it as proxy on localhost we can start.

-

+

We have to select "Intercept Request" in the tab "Intercept". If we send a HTTP request we get a new WebScarab window.

-

+

Here we can read and edit the intercepted parameter. After "Accept changes" the request will be sent to the server.

Read And Edit Cookies

Often it is not only necessary to change the value of the parameters but to change the value of cookies. We can use WebScarab to intercept the request and change cookies values just like parameter data as explained in the last topic.

-

+

We get a new window on sending a HTTP request. On the screenshot you see where we can find cookies and how to edit the values of them.

diff --git a/webgoat/main/project/WebContent/lesson_plans/UsefulTools.html b/webgoat/main/project/WebContent/lesson_plans/UsefulTools.html index e56bfb74a..e69db2dce 100644 --- a/webgoat/main/project/WebContent/lesson_plans/UsefulTools.html +++ b/webgoat/main/project/WebContent/lesson_plans/UsefulTools.html @@ -10,26 +10,26 @@ WebScarab is a proxy for analyzing applications that communicate using the HTTP and HTTPS protocols. Because WebScarab operates as an intercepting proxy, we can review and modify requests and responses.

-

+

Webpage:http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project

Firebug:

Firebug is an add-on for the Firefox browser. We can use it to inspect, edit and monitor CSS, HTML and JavaScript.

-

+

Webpage:http://www.getfirebug.com

IEWatch:

IEWatch is a tool to analyze HTTP and HTML for users of the Internet Explorer.

-

+

Webpage:http://www.iewatch.com

Wireshark

Wireshark is a network protocol analyzer. You can sniff network traffic and gather useful informations this way.

-

+

Webpage:http://www.wireshark.org

diff --git a/webgoat/main/project/WebContent/lesson_solutions/AccessControlMatrix.html b/webgoat/main/project/WebContent/lesson_solutions/AccessControlMatrix.html index 60efe7dd4..ab0e18e3c 100644 --- a/webgoat/main/project/WebContent/lesson_solutions/AccessControlMatrix.html +++ b/webgoat/main/project/WebContent/lesson_solutions/AccessControlMatrix.html @@ -9,8 +9,8 @@ xmlns="http://www.w3.org/TR/REC-html40"> - - + + - + +href="lesson_solutions/AccessControlMatrix_files/colorschememapping.xml">

+src="lesson_solutions/AccessControlMatrix_files/image002.jpg" v:shapes="Picture_x0020_463">

Figure Lesson 9

+src="lesson_solutions/AccessControlMatrix_files/image004.jpg" v:shapes="Picture_x0020_464">

Figure - - + +

+src="lesson_solutions/BackDoors_files/image013.jpg" v:shapes="Picture_x0020_147">

Figure

+src="lesson_solutions/BackDoors_files/image014.jpg" v:shapes="Picture_x0020_148">

Figure

+src="lesson_solutions/BackDoors_files/image015.jpg" v:shapes="Picture_x0020_149">

Figure

+src="lesson_solutions/BackDoors_files/image016.jpg" v:shapes="Picture_x0020_150">

Figure

+src="lesson_solutions/BackDoors_files/image017.jpg" v:shapes="Picture_x0020_151">

Figure Insert trigger

yes'>

+src="lesson_solutions/BackDoors_files/image018.jpg" v:shapes="Picture_x0020_152">

Figure - + +href="lesson_solutions/BasicAuthentication_files/colorschememapping.xml">

+src="lesson_solutions/BasicAuthentication_files/image025.jpg" v:shapes="Picture_x0020_1015">

Figure

+src="lesson_solutions/BasicAuthentication_files/image026.jpg" v:shapes="Picture_x0020_1016">

Figure

+src="lesson_solutions/BasicAuthentication_files/image027.jpg" v:shapes="Picture_x0020_1017">

Figure

+src="lesson_solutions/BasicAuthentication_files/image028.jpg" v:shapes="Picture_x0020_1018">

Figure

+src="lesson_solutions/BasicAuthentication_files/image029.jpg" v:shapes="Picture_x0020_1019">

Figure Answers

+src="lesson_solutions/BasicAuthentication_files/image030.jpg" v:shapes="Picture_x0020_1020">

Figure

 

@@ -811,9 +811,9 @@ cookie is sent in every request.

"Arial","sans-serif";mso-no-proof:yes'>

+src="lesson_solutions/BasicAuthentication_files/image032.jpg" v:shapes="Picture_x0020_1022">

Figure

+src="lesson_solutions/BasicAuthentication_files/image033.jpg" v:shapes="Picture_x0020_1023">

Figure

+src="lesson_solutions/BasicAuthentication_files/image034.jpg" v:shapes="Picture_x0020_1024">

Figure Corrupt JSESSIONID

+src="lesson_solutions/BasicAuthentication_files/image035.jpg" v:shapes="Picture_x0020_1025">

Figure

+src="lesson_solutions/BasicAuthentication_files/image036.jpg" v:shapes="Picture_x0020_1026">

Figure - + +href="lesson_solutions/BlindSqlInjection_files/colorschememapping.xml">

+src="lesson_solutions/BlindSqlInjection_files/image013.jpg" v:shapes="Picture_x0020_1419">

Figure

+src="lesson_solutions/BlindSqlInjection_files/image014.jpg" v:shapes="Picture_x0020_1420">

Figure

+src="lesson_solutions/BlindSqlInjection_files/image015.jpg" v:shapes="Picture_x0020_1421">

Figure

 

@@ -857,9 +857,9 @@ that you found is Joesph. Enter this in the text field to complete this lesson.< "Arial","sans-serif";mso-no-proof:yes'>

+src="lesson_solutions/BlindSqlInjection_files/image017.jpg" v:shapes="Picture_x0020_1423">

Figure Enter the name Joesph

+src="lesson_solutions/BlindSqlInjection_files/image018.jpg" v:shapes="Picture_x0020_1424">

Figure - - + +

+src="lesson_solutions/CSRF_files/image011.jpg" v:shapes="Picture_x0020_105">

Figure

+src="lesson_solutions/CSRF_files/image012.jpg" v:shapes="Picture_x0020_106">

Figure

+src="lesson_solutions/CSRF_files/image013.jpg" v:shapes="Picture_x0020_107">

Figure

+src="lesson_solutions/CSRF_files/image014.jpg" v:shapes="Picture_x0020_108">

Figure

+src="lesson_solutions/CSRF_files/image015.jpg" v:shapes="Picture_x0020_109">

Figure - + +href="lesson_solutions/CommandInjection_files/colorschememapping.xml">

+src="lesson_solutions/CommandInjection_files/image007.jpg" v:shapes="Picture_x0020_1375">

Figure

 

@@ -687,9 +687,9 @@ request with WebScarab when you click on "View". Append " & netstat −a "Arial","sans-serif";mso-no-proof:yes'>

+src="lesson_solutions/CommandInjection_files/image008.jpg" v:shapes="Picture_x0020_1377">

Figure

+src="lesson_solutions/CommandInjection_files/image009.jpg" v:shapes="Picture_x0020_1378">

Figure - - + +

+src="lesson_solutions/DOMInjection_files/image002.jpg" v:shapes="Picture_x0020_49">

Figure

+src="lesson_solutions/DOMInjection_files/image004.jpg" v:shapes="Picture_x0020_50">

Figure HTTP Request

yes'>

+src="lesson_solutions/DOMInjection_files/image006.jpg" v:shapes="Picture_x0020_51">

Figure

+src="lesson_solutions/DOMInjection_files/image008.jpg" v:shapes="Picture_x0020_52">

Figure Updated HTTP Response

yes'>

+src="lesson_solutions/DOMInjection_files/image010.jpg" v:shapes="Picture_x0020_53">

Figure Activate! Button is enabled

yes'>

+src="lesson_solutions/DOMInjection_files/image012.jpg" v:shapes="Picture_x0020_54">

Figure - - + +

+src="lesson_solutions/DOS_Login_files/image002.jpg" v:shapes="Picture_x0020_9">

Figure

+src="lesson_solutions/DOS_Login_files/image004.jpg" v:shapes="Picture_x0020_10">

Figure - + +href="lesson_solutions/FailOpenAuthentication_files/colorschememapping.xml">

+src="lesson_solutions/FailOpenAuthentication_files/image009.jpg" v:shapes="Picture_x0020_3">

Figure

+src="lesson_solutions/FailOpenAuthentication_files/image010.jpg" v:shapes="Picture_x0020_7">

Figure

+src="lesson_solutions/FailOpenAuthentication_files/image011.jpg" v:shapes="Picture_x0020_8">

Figure Password variable is deleted

"Arial","sans-serif";mso-no-proof:yes'>

+src="lesson_solutions/FailOpenAuthentication_files/image012.jpg" v:shapes="Picture_x0020_4">

Figure - - + +

+src="lesson_solutions/ForcedBrowsing_files/image002.jpg" v:shapes="Picture_x0020_97">

Figure

+src="lesson_solutions/ForcedBrowsing_files/image004.jpg" v:shapes="Picture_x0020_98">

Figure 2 No /WebGoat/config

+style='mso-element:field-end'> No config

 

@@ -719,15 +719,15 @@ style='mso-element:field-end'> No /WebGoat/config

style='mso-no-proof:yes'>

+src="lesson_solutions/ForcedBrowsing_files/image006.jpg" v:shapes="Picture_x0020_99">

Figure 3 No /WebGoat/configuration

+style='mso-element:field-end'> No configuration

 

@@ -735,15 +735,15 @@ style='mso-element:field-end'> No /WebGoat/configuration

style='mso-no-proof:yes'>

+src="lesson_solutions/ForcedBrowsing_files/image008.jpg" v:shapes="Picture_x0020_100">

Figure 4 Bingo for /WebGoat/conf

+style='mso-element:field-end'> Bingo for conf

 

diff --git a/webgoat/main/project/WebContent/lesson_solutions/ForgotPassword.html b/webgoat/main/project/WebContent/lesson_solutions/ForgotPassword.html index 4b7a98771..f32e4dd12 100644 --- a/webgoat/main/project/WebContent/lesson_solutions/ForgotPassword.html +++ b/webgoat/main/project/WebContent/lesson_solutions/ForgotPassword.html @@ -9,8 +9,8 @@ xmlns="http://www.w3.org/TR/REC-html40"> - - + + - - + +

+src="lesson_solutions/ForgotPassword_files/image015.jpg" v:shapes="Picture_x0020_477">

Figure

+src="lesson_solutions/ForgotPassword_files/image016.jpg" v:shapes="Picture_x0020_478">

Figure Submit the answer red

+src="lesson_solutions/ForgotPassword_files/image017.jpg" v:shapes="Picture_x0020_479">

Figure

+src="lesson_solutions/ForgotPassword_files/image018.jpg" v:shapes="Picture_x0020_480">

Figure

+src="lesson_solutions/ForgotPassword_files/image019.jpg" v:shapes="Picture_x0020_481">

Figure

+src="lesson_solutions/ForgotPassword_files/image020.jpg" v:shapes="Picture_x0020_482">

Figure

+src="lesson_solutions/ForgotPassword_files/image021.jpg" v:shapes="Picture_x0020_483">

Figure - + +href="lesson_solutions/HiddenFieldTampering_files/colorschememapping.xml">

+src="lesson_solutions/HiddenFieldTampering_files/image011.jpg" v:shapes="Picture_x0020_103">

Figure

Figure

Figure

Figure

Figure - - + +

Figure

+src="lesson_solutions/HtmlClues_files/image012.jpg" v:shapes="Picture_x0020_39">

Figure

 

@@ -624,9 +624,9 @@ adminpw. Enter these values in WebGoat and click "Login"

"Arial","sans-serif";mso-no-proof:yes'>

Figure

Figure - - + + - - + +

+src="lesson_solutions/HttpOnly_files/image015.jpg" v:shapes="Picture_x0020_115">

Figure

+src="lesson_solutions/HttpOnly_files/image016.jpg" v:shapes="Picture_x0020_117">

Figure

+src="lesson_solutions/HttpOnly_files/image017.jpg" v:shapes="Picture_x0020_118">

Figure HTTP Request

style='mso-no-proof:yes'>

+src="lesson_solutions/HttpOnly_files/image018.jpg" v:shapes="Picture_x0020_119">

Figure

+src="lesson_solutions/HttpOnly_files/image019.jpg" v:shapes="Picture_x0020_120">

Figure Only JSESSIONID

style='mso-no-proof:yes'>

+src="lesson_solutions/HttpOnly_files/image020.jpg" v:shapes="Picture_x0020_116">

Figure

+src="lesson_solutions/HttpOnly_files/image019.jpg" v:shapes="Picture_x0020_121">

Figure JSESSIONID cookie

style='mso-no-proof:yes'>

+src="lesson_solutions/HttpOnly_files/image021.jpg" v:shapes="Picture_x0020_122">

Figure - - + +

+src="lesson_solutions/HttpSplitting_files/image029.jpg" v:shapes="Picture_x0020_159">

 

@@ -756,9 +756,9 @@ requests and responses?

"Arial","sans-serif";mso-no-proof:yes'>

+src="lesson_solutions/HttpSplitting_files/image030.jpg" v:shapes="Picture_x0020_160">

Figure Language en

yes'>

+src="lesson_solutions/HttpSplitting_files/image031.jpg" v:shapes="Picture_x0020_161">

Figure HTTP Request

yes'>

+src="lesson_solutions/HttpSplitting_files/image032.jpg" v:shapes="Picture_x0020_162">

Figure First HTTP Response

yes'>

+src="lesson_solutions/HttpSplitting_files/image033.jpg" v:shapes="Picture_x0020_163">

Figure

+src="lesson_solutions/HttpSplitting_files/image034.jpg" v:shapes="Picture_x0020_164">

Figure First HTTP Request

yes'>

+src="lesson_solutions/HttpSplitting_files/image035.jpg" v:shapes="Picture_x0020_165">

Figure

+src="lesson_solutions/HttpSplitting_files/image036.jpg" v:shapes="Picture_x0020_166">

Figure HTTP Splitting attack

yes'>

+src="lesson_solutions/HttpSplitting_files/image037.jpg" v:shapes="Picture_x0020_167">

Figure HTTP Response

yes'>

+src="lesson_solutions/HttpSplitting_files/image038.jpg" v:shapes="Picture_x0020_168">

Figure Second HTTP Request

yes'>

+src="lesson_solutions/HttpSplitting_files/image039.jpg" v:shapes="Picture_x0020_169">

Figure Second HTTP Response

yes'>

+src="lesson_solutions/HttpSplitting_files/image040.jpg" v:shapes="Picture_x0020_170">

Figure

+src="lesson_solutions/HttpSplitting_files/image041.jpg" v:shapes="Picture_x0020_171">

Figure

+src="lesson_solutions/HttpSplitting_files/image042.jpg" v:shapes="Picture_x0020_172">

Figure Inject cache poisoning

Solution by Erwin Geirnaert - ZION SECURITY + ZION SECURITY diff --git a/webgoat/main/project/WebContent/lesson_solutions/InsecureLogin.html b/webgoat/main/project/WebContent/lesson_solutions/InsecureLogin.html index 513495659..c9abe281d 100644 --- a/webgoat/main/project/WebContent/lesson_solutions/InsecureLogin.html +++ b/webgoat/main/project/WebContent/lesson_solutions/InsecureLogin.html @@ -3,7 +3,7 @@ Insecure Login - +

Lesson Plan Title:Insecure Login

diff --git a/webgoat/main/project/WebContent/lesson_solutions/JSONInjection.html b/webgoat/main/project/WebContent/lesson_solutions/JSONInjection.html index 5d4b610e9..55356da79 100644 --- a/webgoat/main/project/WebContent/lesson_solutions/JSONInjection.html +++ b/webgoat/main/project/WebContent/lesson_solutions/JSONInjection.html @@ -9,8 +9,8 @@ xmlns="http://www.w3.org/TR/REC-html40"> - - + + - - + +

+src="lesson_solutions/JSONInjection_files/image013.jpg" v:shapes="Picture_x0020_77">

Figure

+src="lesson_solutions/JSONInjection_files/image014.jpg" v:shapes="Picture_x0020_78">

Figure Intercept HTTP Request

yes'>

+src="lesson_solutions/JSONInjection_files/image015.jpg" v:shapes="Picture_x0020_79">

Figure

+src="lesson_solutions/JSONInjection_files/image016.jpg" v:shapes="Picture_x0020_80">

Figure Updated price

yes'>

+src="lesson_solutions/JSONInjection_files/image017.jpg" v:shapes="Picture_x0020_81">

Figure

+src="lesson_solutions/JSONInjection_files/image018.jpg" v:shapes="Picture_x0020_82">

Figure - + +href="lesson_solutions/JavaScriptValidation_files/colorschememapping.xml">

 

@@ -605,9 +605,9 @@ normal'> < "Arial","sans-serif";mso-no-proof:yes'>

+src="lesson_solutions/JavaScriptValidation_files/image004.jpg" v:shapes="Picture_x0020_177">

Figure

+src="lesson_solutions/JavaScriptValidation_files/image006.jpg" v:shapes="Picture_x0020_178">

Figure Change parameters

Figure

+src="lesson_solutions/JavaScriptValidation_files/image011.jpg" v:shapes="Picture_x0020_180">

Figure

+src="lesson_solutions/JavaScriptValidation_files/image013.jpg" v:shapes="Picture_x0020_181">

Figure

+src="lesson_solutions/JavaScriptValidation_files/image015.jpg" v:shapes="Picture_x0020_182">

Figure

+src="lesson_solutions/JavaScriptValidation_files/image017.jpg" v:shapes="Picture_x0020_183">

Figure

+src="lesson_solutions/JavaScriptValidation_files/image019.jpg" v:shapes="Picture_x0020_184">

Figure

Figure

Figure - - + +

+src="lesson_solutions/LogSpoofing_files/image007.jpg" v:shapes="Picture_x0020_135">

Figure

+src="lesson_solutions/LogSpoofing_files/image008.jpg" v:shapes="Picture_x0020_136">

Figure

+src="lesson_solutions/LogSpoofing_files/image009.jpg" v:shapes="Picture_x0020_137">

Figure - + +href="lesson_solutions/PathBasedAccessControl_files/colorschememapping.xml">

+src="lesson_solutions/PathBasedAccessControl_files/image002.jpg" v:shapes="Picture_x0020_457">

Figure

+src="lesson_solutions/PathBasedAccessControl_files/image004.jpg" v:shapes="Picture_x0020_458">

Figure Change the variable File

Figure - - + +

+src="lesson_solutions/ReflectedXSS_files/image005.jpg" v:shapes="Picture_x0020_1366">

Figure

+src="lesson_solutions/ReflectedXSS_files/image006.jpg" v:shapes="Picture_x0020_1367">

Figure - - + +

+src="lesson_solutions/RemoteAdminFlaw_files/image002.jpg" v:shapes="Picture_x0020_451">

Figure

+src="lesson_solutions/RemoteAdminFlaw_files/image004.jpg" v:shapes="Picture_x0020_452">

Figure

Figure - + +href="lesson_solutions/SilentTransactions_files/colorschememapping.xml">

+src="lesson_solutions/SilentTransactions_files/image009.jpg" v:shapes="Picture_x0020_89">

Figure

+src="lesson_solutions/SilentTransactions_files/image010.jpg" v:shapes="Picture_x0020_90">

Figure Follow the hints....

yes'>

+src="lesson_solutions/SilentTransactions_files/image011.jpg" v:shapes="Picture_x0020_91">

Figure

+src="lesson_solutions/SilentTransactions_files/image012.jpg" v:shapes="Picture_x0020_92">

Figure - - + +

+src="lesson_solutions/SoapRequest_files/image002.jpg" v:shapes="Picture_x0020_13">

Figure

+src="lesson_solutions/SoapRequest_files/image004.jpg" v:shapes="Picture_x0020_14">

Figure

+src="lesson_solutions/SoapRequest_files/image006.jpg" v:shapes="Picture_x0020_15">

Figure

+src="lesson_solutions/SoapRequest_files/image008.jpg" v:shapes="Picture_x0020_16">

Figure

+src="lesson_solutions/SoapRequest_files/image010.jpg" v:shapes="Picture_x0020_17">

Figure - + +href="lesson_solutions/SqlNumericInjection_files/colorschememapping.xml"> Intercepted Request with WebScarab - - + + - + +href="lesson_solutions/SqlStringInjection_files/colorschememapping.xml">

+src="lesson_solutions/SqlStringInjection_files/image005.jpg" v:shapes="Picture_x0020_1536">

Figure

+src="lesson_solutions/SqlStringInjection_files/image006.jpg" v:shapes="Picture_x0020_1537">

Figure - - + +

+src="lesson_solutions/StoredXSS_files/image007.jpg" v:shapes="Picture_x0020_1339">

Figure

+src="lesson_solutions/StoredXSS_files/image008.jpg" v:shapes="Picture_x0020_1340">

Figure Stored message

+src="lesson_solutions/StoredXSS_files/image009.jpg" v:shapes="Picture_x0020_1341">

Figure - + +href="lesson_solutions/ThreadSafetyProblem_files/colorschememapping.xml">

+src="lesson_solutions/ThreadSafetyProblem_files/image002.jpg" v:shapes="Picture_x0020_15">

Figure

Figure

+src="lesson_solutions/ThreadSafetyProblem_files/image009.jpg" v:shapes="Picture_x0020_35">

Figure - - + +

+src="lesson_solutions/TraceXSS_files/image002.jpg" v:shapes="Picture_x0020_1370">

Figure - - + +

+src="lesson_solutions/UncheckedEmail_files/image002.jpg" v:shapes="Picture_x0020_168">

Figure Lesson 5

+src="lesson_solutions/UncheckedEmail_files/image004.jpg" v:shapes="Picture_x0020_169">

Figure

Figure

Figure - - + +

+src="lesson_solutions/WSDLScanning_files/image009.jpg" v:shapes="Picture_x0020_23">

Figure

 

@@ -677,9 +677,9 @@ request with WebScarab and change the parameter to getCreditCard

+src="lesson_solutions/WSDLScanning_files/image011.jpg" v:shapes="Picture_x0020_25">

Figure WebScarab raw request

+src="lesson_solutions/WSDLScanning_files/image012.jpg" v:shapes="Picture_x0020_26">

Figure - + +href="lesson_solutions/WeakAuthenticationCookie_files/colorschememapping.xml">

+src="lesson_solutions/WeakAuthenticationCookie_files/image019.jpg" v:shapes="Picture_x0020_596">

Figure

+src="lesson_solutions/WeakAuthenticationCookie_files/image020.jpg" v:shapes="Picture_x0020_597">

Figure

+src="lesson_solutions/WeakAuthenticationCookie_files/image021.jpg" v:shapes="Picture_x0020_598">

Figure

 

@@ -752,9 +752,9 @@ aspect/aspect.

"Arial","sans-serif";mso-no-proof:yes'>

+src="lesson_solutions/WeakAuthenticationCookie_files/image023.jpg" v:shapes="Picture_x0020_600">

Figure Logon as aspect/aspect

+src="lesson_solutions/WeakAuthenticationCookie_files/image024.jpg" v:shapes="Picture_x0020_601">

Figure

+src="lesson_solutions/WeakAuthenticationCookie_files/image025.jpg" v:shapes="Picture_x0020_602">

Figure

+src="lesson_solutions/WeakAuthenticationCookie_files/image026.jpg" v:shapes="Picture_x0020_603">

Figure Add AuthCookie to request

Figure - - + +

 

@@ -674,9 +674,9 @@ request from the "Previous requests" drop-down box.

"Arial","sans-serif";mso-no-proof:yes'>

+src="lesson_solutions/WeakSessionID_files/image021.jpg" v:shapes="Picture_x0020_786">

Figure

+src="lesson_solutions/WeakSessionID_files/image022.jpg" v:shapes="Picture_x0020_787">

Figure

 

@@ -746,9 +746,9 @@ to go to the tab "Analysis".

yes'>

 

@@ -760,9 +760,9 @@ pane you see nothing.

yes'>

You must @@ -774,9 +774,9 @@ select the Session Identifier WEAKID value from the drop-down box.

 

@@ -803,9 +803,9 @@ You can download Crowbar for free: - +

 

@@ -819,9 +819,9 @@ request in Crowbar:

"Arial","sans-serif";mso-no-proof:yes'>

+src="lesson_solutions/WeakSessionID_files/image028.jpg" v:shapes="Picture_x0020_793">

Figure

+src="lesson_solutions/WeakSessionID_files/image029.jpg" v:shapes="Picture_x0020_794">

Figure - - + +  

@@ -831,9 +831,9 @@ style='font-family:"Arial","sans-serif"'>Enter a password 'test' and click style='font-family:"Arial","sans-serif";mso-no-proof:yes'>

+src="lesson_solutions/WsSAXInjection_files/image004.jpg" v:shapes="Picture_x0020_40">

Figure

+src="lesson_solutions/WsSAXInjection_files/image006.jpg" v:shapes="Picture_x0020_41">

Figure Intercept request

style='mso-no-proof:yes'>

+src="lesson_solutions/WsSAXInjection_files/image008.jpg" v:shapes="Picture_x0020_42">

Figure Inject XML payload

style='mso-no-proof:yes'>

+src="lesson_solutions/WsSAXInjection_files/image010.jpg" v:shapes="Picture_x0020_43">

Figure - - + +

+src="lesson_solutions/WsSqlInjection_files/image002.jpg" v:shapes="Picture_x0020_31">

Figure

+src="lesson_solutions/WsSqlInjection_files/image004.jpg" v:shapes="Picture_x0020_32">

Figure Basic authentication

+src="lesson_solutions/WsSqlInjection_files/image006.jpg" v:shapes="Picture_x0020_33">

Figure

+src="lesson_solutions/WsSqlInjection_files/image008.jpg" v:shapes="Picture_x0020_34">

Figure - - + +

+src="lesson_solutions/XMLInjection_files/image017.jpg" v:shapes="Picture_x0020_61">

Figure

+src="lesson_solutions/XMLInjection_files/image018.jpg" v:shapes="Picture_x0020_62">

Figure Enter account number

yes'>

+src="lesson_solutions/XMLInjection_files/image019.jpg" v:shapes="Picture_x0020_63">

Figure Intercepted HTTP Request

yes'>

+src="lesson_solutions/XMLInjection_files/image020.jpg" v:shapes="Picture_x0020_64">

Figure

+src="lesson_solutions/XMLInjection_files/image021.jpg" v:shapes="Picture_x0020_68">

Figure

+src="lesson_solutions/XMLInjection_files/image022.jpg" v:shapes="Picture_x0020_65">

Figure Injected XML results

yes'>

+src="lesson_solutions/XMLInjection_files/image023.jpg" v:shapes="Picture_x0020_66">

Figure

+src="lesson_solutions/XMLInjection_files/image024.jpg" v:shapes="Picture_x0020_67">

Figure - - + +

+src="lesson_solutions/XPATHInjection_files/image007.jpg" v:shapes="Picture_x0020_141">

Figure

+src="lesson_solutions/XPATHInjection_files/image008.jpg" v:shapes="Picture_x0020_142">

Figure

+src="lesson_solutions/XPATHInjection_files/image009.jpg" v:shapes="Picture_x0020_143">

Figure