Use AbstractLesson.getLink() and getFormAction() more
Rather than constructing URL's manually all the time, rather make use of existing mechanisms to create the URL, and use it consistently. git-svn-id: http://webgoat.googlecode.com/svn/trunk@184 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
rogan.dawes
@ -795,9 +795,9 @@ public abstract class AbstractLesson extends Screen implements Comparable
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
protected String getFormAction()
|
public String getFormAction()
|
||||||
{
|
{
|
||||||
return "attack" + "?menu=" + getCategory().getRanking();
|
return getLink();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@ -186,9 +186,7 @@ public class CSRF extends LessonAdapter {
|
|||||||
|
|
||||||
for ( int i = 0; results.next(); i++ )
|
for ( int i = 0; results.next(); i++ )
|
||||||
{
|
{
|
||||||
String link = "<a href='attack?" + NUMBER + "=" + results.getInt( NUM_COL ) +
|
String link = "<a href='" + getLink() + "&" + NUMBER + "=" + results.getInt( NUM_COL ) +
|
||||||
"&Screen=" + String.valueOf(getScreenId()) +
|
|
||||||
"&menu=" + getDefaultCategory().getRanking().toString() +
|
|
||||||
"' style='cursor:hand'>" + results.getString( TITLE_COL ) + "</a>";
|
"' style='cursor:hand'>" + results.getString( TITLE_COL ) + "</a>";
|
||||||
TD td = new TD().addElement( link );
|
TD td = new TD().addElement( link );
|
||||||
TR tr = new TR().addElement( td );
|
TR tr = new TR().addElement( td );
|
||||||
@ -297,9 +295,7 @@ public class CSRF extends LessonAdapter {
|
|||||||
hints.add( "Enter some text and try to include an image in there." );
|
hints.add( "Enter some text and try to include an image in there." );
|
||||||
hints.add( "In order to make the picture almost invisible try to add width=\"1\" and height=\"1\"." );
|
hints.add( "In order to make the picture almost invisible try to add width=\"1\" and height=\"1\"." );
|
||||||
hints.add( "The format of an image in html is <pre><img src=\"[URL]\" width=\"1\" height=\"1\" /></pre>");
|
hints.add( "The format of an image in html is <pre><img src=\"[URL]\" width=\"1\" height=\"1\" /></pre>");
|
||||||
hints.add( "Include this URL in the message <pre><img src='http://localhost/WebGoat/attack?"+
|
hints.add( "Include this URL in the message <pre><img src='" + getLink() +
|
||||||
"Screen=" + String.valueOf(getScreenId()) +
|
|
||||||
"&menu=" + getDefaultCategory().getRanking().toString() +
|
|
||||||
"&transferFunds=5000' width=\"1\" height=\"1\" /></pre>");
|
"&transferFunds=5000' width=\"1\" height=\"1\" /></pre>");
|
||||||
|
|
||||||
return hints;
|
return hints;
|
||||||
|
|||||||
@ -95,9 +95,7 @@ public class DOMInjection extends LessonAdapter
|
|||||||
String lineSep = System.getProperty("line.separator");
|
String lineSep = System.getProperty("line.separator");
|
||||||
String script = "<script>" + lineSep + "function validate() {"
|
String script = "<script>" + lineSep + "function validate() {"
|
||||||
+ lineSep + "var keyField = document.getElementById('key');"
|
+ lineSep + "var keyField = document.getElementById('key');"
|
||||||
+ lineSep + "var url = '/WebGoat/attack?Screen="
|
+ lineSep + "var url = '" + getLink()
|
||||||
+ String.valueOf(getScreenId()) + "&menu="
|
|
||||||
+ getDefaultCategory().getRanking().toString()
|
|
||||||
+ "&from=ajax&key=' + encodeURIComponent(keyField.value);"
|
+ "&from=ajax&key=' + encodeURIComponent(keyField.value);"
|
||||||
+ lineSep + "if (typeof XMLHttpRequest != 'undefined') {"
|
+ lineSep + "if (typeof XMLHttpRequest != 'undefined') {"
|
||||||
+ lineSep + "req = new XMLHttpRequest();" + lineSep
|
+ lineSep + "req = new XMLHttpRequest();" + lineSep
|
||||||
|
|||||||
@ -135,10 +135,7 @@ public class JSONInjection extends LessonAdapter
|
|||||||
+ lineSep
|
+ lineSep
|
||||||
+ "if (toField.value.length < 3 ) { return; }"
|
+ "if (toField.value.length < 3 ) { return; }"
|
||||||
+ lineSep
|
+ lineSep
|
||||||
+ "var url = '/WebGoat/attack?Screen="
|
+ "var url = '" + getLink()
|
||||||
+ String.valueOf(getScreenId())
|
|
||||||
+ "&menu="
|
|
||||||
+ getDefaultCategory().getRanking().toString()
|
|
||||||
+ "&from=ajax&"
|
+ "&from=ajax&"
|
||||||
+ TRAVEL_FROM
|
+ TRAVEL_FROM
|
||||||
+ "=' + encodeURIComponent(fromField.value) +"
|
+ "=' + encodeURIComponent(fromField.value) +"
|
||||||
|
|||||||
@ -189,10 +189,7 @@ public class SilentTransactions extends LessonAdapter
|
|||||||
+ lineSep
|
+ lineSep
|
||||||
+ "function submitData(accountNo, balance) {"
|
+ "function submitData(accountNo, balance) {"
|
||||||
+ lineSep
|
+ lineSep
|
||||||
+ "var url = '/WebGoat/attack?Screen="
|
+ "var url = '" + getLink()
|
||||||
+ String.valueOf(getScreenId())
|
|
||||||
+ "&menu="
|
|
||||||
+ getDefaultCategory().getRanking().toString()
|
|
||||||
+ "&from=ajax&newAccount='+ accountNo+ '&amount=' + balance +'&confirm=' + document.getElementById('confirm').value; "
|
+ "&from=ajax&newAccount='+ accountNo+ '&amount=' + balance +'&confirm=' + document.getElementById('confirm').value; "
|
||||||
+ lineSep + "if (typeof XMLHttpRequest != 'undefined') {"
|
+ lineSep + "if (typeof XMLHttpRequest != 'undefined') {"
|
||||||
+ lineSep + "req = new XMLHttpRequest();" + lineSep
|
+ lineSep + "req = new XMLHttpRequest();" + lineSep
|
||||||
|
|||||||
@ -159,10 +159,7 @@ public class XMLInjection extends LessonAdapter
|
|||||||
+ lineSep
|
+ lineSep
|
||||||
+ "if (accountIDField.value.length < 6 ) { return; }"
|
+ "if (accountIDField.value.length < 6 ) { return; }"
|
||||||
+ lineSep
|
+ lineSep
|
||||||
+ "var url = '/WebGoat/attack?Screen="
|
+ "var url = '" + getLink()
|
||||||
+ String.valueOf(getScreenId())
|
|
||||||
+ "&menu="
|
|
||||||
+ getDefaultCategory().getRanking().toString()
|
|
||||||
+ "&from=ajax&"
|
+ "&from=ajax&"
|
||||||
+ ACCOUNTID
|
+ ACCOUNTID
|
||||||
+ "=' + encodeURIComponent(accountIDField.value);"
|
+ "=' + encodeURIComponent(accountIDField.value);"
|
||||||
|
|||||||
@ -360,42 +360,7 @@ public class WebSession
|
|||||||
|
|
||||||
public String getRestartLink()
|
public String getRestartLink()
|
||||||
{
|
{
|
||||||
List<String> parameters = new ArrayList<String>();
|
return getCurrentLesson().getLink() + "&" + RESTART + "=" + getCurrentScreen();
|
||||||
|
|
||||||
String screenValue = request.getParameter(SCREEN);
|
|
||||||
if (screenValue != null)
|
|
||||||
parameters.add(SCREEN + "=" + screenValue);
|
|
||||||
|
|
||||||
String menuValue = request.getParameter(MENU);
|
|
||||||
if (menuValue != null)
|
|
||||||
parameters.add(MENU + "=" + menuValue);
|
|
||||||
|
|
||||||
parameters.add(RESTART + "=" + currentScreen);
|
|
||||||
|
|
||||||
return makeQuery("attack", parameters);
|
|
||||||
}
|
|
||||||
|
|
||||||
private String makeQuery(String resource, List parameters)
|
|
||||||
{
|
|
||||||
StringBuffer query = new StringBuffer(resource);
|
|
||||||
|
|
||||||
boolean isFirstParameter = true;
|
|
||||||
Iterator i = parameters.iterator();
|
|
||||||
|
|
||||||
while (i.hasNext())
|
|
||||||
{
|
|
||||||
String parameter = (String) i.next();
|
|
||||||
if (isFirstParameter)
|
|
||||||
{
|
|
||||||
query.append("?");
|
|
||||||
isFirstParameter = false;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
query.append("&");
|
|
||||||
query.append(parameter);
|
|
||||||
}
|
|
||||||
|
|
||||||
return query.toString();
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public String getCurrentLink()
|
public String getCurrentLink()
|
||||||
|
|||||||
@ -1,5 +1,9 @@
|
|||||||
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
|
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
|
||||||
pageEncoding="ISO-8859-1"%>
|
pageEncoding="ISO-8859-1"%>
|
||||||
|
<%@page import="org.owasp.webgoat.session.WebSession"%>
|
||||||
|
<%
|
||||||
|
WebSession webSession = ((WebSession)session.getAttribute("websession"));
|
||||||
|
%>
|
||||||
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
|
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
|
||||||
<html>
|
<html>
|
||||||
<head>
|
<head>
|
||||||
@ -7,9 +11,7 @@
|
|||||||
<title>Configuration Page</title>
|
<title>Configuration Page</title>
|
||||||
</head>
|
</head>
|
||||||
<body>
|
<body>
|
||||||
<% response.sendRedirect("/WebGoat/attack?" +
|
<% response.sendRedirect(webSession.getCurrentLesson().getLink() +
|
||||||
"Screen=" + request.getParameter("Screen") +
|
|
||||||
"&menu=" + request.getParameter("menu") +
|
|
||||||
"&succeeded=yes");
|
"&succeeded=yes");
|
||||||
%>
|
%>
|
||||||
|
|
||||||
|
|||||||
@ -7,7 +7,7 @@
|
|||||||
%>
|
%>
|
||||||
<div class="lesson_title_box"><strong>Welcome Back </strong><span class="lesson_text_db"><%=webSession.getUserNameInLesson()%></span></div>
|
<div class="lesson_title_box"><strong>Welcome Back </strong><span class="lesson_text_db"><%=webSession.getUserNameInLesson()%></span></div>
|
||||||
<div class="lesson_text">
|
<div class="lesson_text">
|
||||||
<form id="form1" name="form1" method="post" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||||
<Table>
|
<Table>
|
||||||
<TR><TD>
|
<TR><TD>
|
||||||
First Name:
|
First Name:
|
||||||
|
|||||||
@ -10,7 +10,7 @@
|
|||||||
<br>
|
<br>
|
||||||
<br>
|
<br>
|
||||||
<p>Select from the list below </p>
|
<p>Select from the list below </p>
|
||||||
<form id="form1" name="form1" method="post" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||||
<table width="60%" border="0" cellpadding="3">
|
<table width="60%" border="0" cellpadding="3">
|
||||||
<tr>
|
<tr>
|
||||||
<td> <label>
|
<td> <label>
|
||||||
|
|||||||
@ -6,7 +6,7 @@
|
|||||||
<%
|
<%
|
||||||
WebSession webSession = ((WebSession)session.getAttribute("websession"));
|
WebSession webSession = ((WebSession)session.getAttribute("websession"));
|
||||||
%>
|
%>
|
||||||
<form id="form1" name="form1" method="post" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||||
<label>
|
<label>
|
||||||
<select name="<%=CrossSiteScripting.EMPLOYEE_ID%>">
|
<select name="<%=CrossSiteScripting.EMPLOYEE_ID%>">
|
||||||
<%
|
<%
|
||||||
|
|||||||
@ -12,7 +12,7 @@
|
|||||||
<%
|
<%
|
||||||
}
|
}
|
||||||
%>
|
%>
|
||||||
<form id="form1" name="form1" method="post" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||||
<label>Name
|
<label>Name
|
||||||
<input class="lesson_text_db" type="text" name="<%=CrossSiteScripting.SEARCHNAME%>"/>
|
<input class="lesson_text_db" type="text" name="<%=CrossSiteScripting.SEARCHNAME%>"/>
|
||||||
</label>
|
</label>
|
||||||
|
|||||||
@ -116,7 +116,7 @@ WebSession webSession = ((WebSession)session.getAttribute("websession"));
|
|||||||
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), CrossSiteScripting.LISTSTAFF_ACTION))
|
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), CrossSiteScripting.LISTSTAFF_ACTION))
|
||||||
{
|
{
|
||||||
%>
|
%>
|
||||||
<form method="POST" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||||
<input type="hidden" name="<%=CrossSiteScripting.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
|
<input type="hidden" name="<%=CrossSiteScripting.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
|
||||||
<input type="submit" name="action" value="<%=CrossSiteScripting.LISTSTAFF_ACTION%>"/>
|
<input type="submit" name="action" value="<%=CrossSiteScripting.LISTSTAFF_ACTION%>"/>
|
||||||
</form></td>
|
</form></td>
|
||||||
@ -128,7 +128,7 @@ WebSession webSession = ((WebSession)session.getAttribute("websession"));
|
|||||||
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), CrossSiteScripting.EDITPROFILE_ACTION))
|
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), CrossSiteScripting.EDITPROFILE_ACTION))
|
||||||
{
|
{
|
||||||
%>
|
%>
|
||||||
<form method="POST" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||||
<input type="hidden" name="<%=CrossSiteScripting.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
|
<input type="hidden" name="<%=CrossSiteScripting.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
|
||||||
<input type="submit" name="action" value="<%=CrossSiteScripting.EDITPROFILE_ACTION%>"/>
|
<input type="submit" name="action" value="<%=CrossSiteScripting.EDITPROFILE_ACTION%>"/>
|
||||||
</form>
|
</form>
|
||||||
@ -141,7 +141,7 @@ WebSession webSession = ((WebSession)session.getAttribute("websession"));
|
|||||||
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), CrossSiteScripting.DELETEPROFILE_ACTION))
|
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), CrossSiteScripting.DELETEPROFILE_ACTION))
|
||||||
{
|
{
|
||||||
%>
|
%>
|
||||||
<form method="POST" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||||
<input type="hidden" name="<%=CrossSiteScripting.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
|
<input type="hidden" name="<%=CrossSiteScripting.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
|
||||||
<input type="submit" name="action" value="<%=CrossSiteScripting.DELETEPROFILE_ACTION%>"/>
|
<input type="submit" name="action" value="<%=CrossSiteScripting.DELETEPROFILE_ACTION%>"/>
|
||||||
</form>
|
</form>
|
||||||
|
|||||||
@ -7,7 +7,7 @@
|
|||||||
%>
|
%>
|
||||||
<div class="lesson_title_box"><strong>Welcome Back </strong><span class="lesson_text_db"><%=webSession.getUserNameInLesson()%></span></div>
|
<div class="lesson_title_box"><strong>Welcome Back </strong><span class="lesson_text_db"><%=webSession.getUserNameInLesson()%></span></div>
|
||||||
<div class="lesson_text">
|
<div class="lesson_text">
|
||||||
<form id="form1" name="form1" method="post" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||||
<Table>
|
<Table>
|
||||||
<TR><TD>
|
<TR><TD>
|
||||||
First Name:
|
First Name:
|
||||||
|
|||||||
@ -10,7 +10,7 @@
|
|||||||
<br>
|
<br>
|
||||||
<br>
|
<br>
|
||||||
<p>Select from the list below </p>
|
<p>Select from the list below </p>
|
||||||
<form id="form1" name="form1" method="post" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||||
<table width="60%" border="0" cellpadding="3">
|
<table width="60%" border="0" cellpadding="3">
|
||||||
<tr>
|
<tr>
|
||||||
<td> <label>
|
<td> <label>
|
||||||
|
|||||||
@ -6,7 +6,7 @@
|
|||||||
<%
|
<%
|
||||||
WebSession webSession = ((WebSession)session.getAttribute("websession"));
|
WebSession webSession = ((WebSession)session.getAttribute("websession"));
|
||||||
%>
|
%>
|
||||||
<form id="form1" name="form1" method="post" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||||
<label>
|
<label>
|
||||||
<select name="<%=DBCrossSiteScripting.EMPLOYEE_ID%>">
|
<select name="<%=DBCrossSiteScripting.EMPLOYEE_ID%>">
|
||||||
<%
|
<%
|
||||||
|
|||||||
@ -12,7 +12,7 @@
|
|||||||
<%
|
<%
|
||||||
}
|
}
|
||||||
%>
|
%>
|
||||||
<form id="form1" name="form1" method="post" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||||
<label>Name
|
<label>Name
|
||||||
<input class="lesson_text_db" type="text" name="<%=DBCrossSiteScripting.SEARCHNAME%>"/>
|
<input class="lesson_text_db" type="text" name="<%=DBCrossSiteScripting.SEARCHNAME%>"/>
|
||||||
</label>
|
</label>
|
||||||
|
|||||||
@ -109,7 +109,7 @@ WebSession webSession = ((WebSession)session.getAttribute("websession"));
|
|||||||
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), DBCrossSiteScripting.LISTSTAFF_ACTION))
|
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), DBCrossSiteScripting.LISTSTAFF_ACTION))
|
||||||
{
|
{
|
||||||
%>
|
%>
|
||||||
<form method="POST" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||||
<input type="hidden" name="<%=DBCrossSiteScripting.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
|
<input type="hidden" name="<%=DBCrossSiteScripting.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
|
||||||
<input type="submit" name="action" value="<%=DBCrossSiteScripting.LISTSTAFF_ACTION%>"/>
|
<input type="submit" name="action" value="<%=DBCrossSiteScripting.LISTSTAFF_ACTION%>"/>
|
||||||
</form></td>
|
</form></td>
|
||||||
@ -121,7 +121,7 @@ WebSession webSession = ((WebSession)session.getAttribute("websession"));
|
|||||||
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), DBCrossSiteScripting.EDITPROFILE_ACTION))
|
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), DBCrossSiteScripting.EDITPROFILE_ACTION))
|
||||||
{
|
{
|
||||||
%>
|
%>
|
||||||
<form method="POST" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||||
<input type="hidden" name="<%=DBCrossSiteScripting.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
|
<input type="hidden" name="<%=DBCrossSiteScripting.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
|
||||||
<input type="submit" name="action" value="<%=DBCrossSiteScripting.EDITPROFILE_ACTION%>"/>
|
<input type="submit" name="action" value="<%=DBCrossSiteScripting.EDITPROFILE_ACTION%>"/>
|
||||||
</form>
|
</form>
|
||||||
@ -134,7 +134,7 @@ WebSession webSession = ((WebSession)session.getAttribute("websession"));
|
|||||||
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), DBCrossSiteScripting.DELETEPROFILE_ACTION))
|
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), DBCrossSiteScripting.DELETEPROFILE_ACTION))
|
||||||
{
|
{
|
||||||
%>
|
%>
|
||||||
<form method="POST" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||||
<input type="hidden" name="<%=DBCrossSiteScripting.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
|
<input type="hidden" name="<%=DBCrossSiteScripting.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
|
||||||
<input type="submit" name="action" value="<%=DBCrossSiteScripting.DELETEPROFILE_ACTION%>"/>
|
<input type="submit" name="action" value="<%=DBCrossSiteScripting.DELETEPROFILE_ACTION%>"/>
|
||||||
</form>
|
</form>
|
||||||
|
|||||||
@ -7,7 +7,7 @@
|
|||||||
%>
|
%>
|
||||||
<div class="lesson_title_box"><strong>Welcome Back </strong><span class="lesson_text_db"><%=webSession.getUserNameInLesson()%></span></div>
|
<div class="lesson_title_box"><strong>Welcome Back </strong><span class="lesson_text_db"><%=webSession.getUserNameInLesson()%></span></div>
|
||||||
<div class="lesson_text">
|
<div class="lesson_text">
|
||||||
<form id="form1" name="form1" method="post" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||||
<Table>
|
<Table>
|
||||||
<TR><TD>
|
<TR><TD>
|
||||||
First Name:
|
First Name:
|
||||||
|
|||||||
@ -11,7 +11,7 @@
|
|||||||
<br>
|
<br>
|
||||||
<p>Select from the list below </p>
|
<p>Select from the list below </p>
|
||||||
|
|
||||||
<form id="form1" name="form1" method="post" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||||
<table width="60%" border="0" cellpadding="3">
|
<table width="60%" border="0" cellpadding="3">
|
||||||
<tr>
|
<tr>
|
||||||
<td> <label>
|
<td> <label>
|
||||||
|
|||||||
@ -6,7 +6,7 @@
|
|||||||
<%
|
<%
|
||||||
WebSession webSession = ((WebSession)session.getAttribute("websession"));
|
WebSession webSession = ((WebSession)session.getAttribute("websession"));
|
||||||
%>
|
%>
|
||||||
<form id="form1" name="form1" method="post" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||||
<label>
|
<label>
|
||||||
<select name="<%=DBSQLInjection.EMPLOYEE_ID%>">
|
<select name="<%=DBSQLInjection.EMPLOYEE_ID%>">
|
||||||
<%
|
<%
|
||||||
|
|||||||
@ -12,7 +12,7 @@
|
|||||||
<%
|
<%
|
||||||
}
|
}
|
||||||
%>
|
%>
|
||||||
<form id="form1" name="form1" method="post" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||||
<label>Name
|
<label>Name
|
||||||
<input class="lesson_text_db" type="text" name="<%=DBSQLInjection.SEARCHNAME%>"/>
|
<input class="lesson_text_db" type="text" name="<%=DBSQLInjection.SEARCHNAME%>"/>
|
||||||
</label>
|
</label>
|
||||||
|
|||||||
@ -109,7 +109,7 @@
|
|||||||
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), DBSQLInjection.LISTSTAFF_ACTION))
|
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), DBSQLInjection.LISTSTAFF_ACTION))
|
||||||
{
|
{
|
||||||
%>
|
%>
|
||||||
<form method="POST" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||||
<input type="hidden" name="<%=DBSQLInjection.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
|
<input type="hidden" name="<%=DBSQLInjection.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
|
||||||
<input type="submit" name="action" value="<%=DBSQLInjection.LISTSTAFF_ACTION%>"/>
|
<input type="submit" name="action" value="<%=DBSQLInjection.LISTSTAFF_ACTION%>"/>
|
||||||
</form>
|
</form>
|
||||||
@ -122,7 +122,7 @@
|
|||||||
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), DBSQLInjection.EDITPROFILE_ACTION))
|
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), DBSQLInjection.EDITPROFILE_ACTION))
|
||||||
{
|
{
|
||||||
%>
|
%>
|
||||||
<form method="POST" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||||
<input type="hidden" name="<%=DBSQLInjection.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
|
<input type="hidden" name="<%=DBSQLInjection.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
|
||||||
<input type="submit" name="action" value="<%=DBSQLInjection.EDITPROFILE_ACTION%>"/>
|
<input type="submit" name="action" value="<%=DBSQLInjection.EDITPROFILE_ACTION%>"/>
|
||||||
</form>
|
</form>
|
||||||
@ -135,7 +135,7 @@
|
|||||||
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), DBSQLInjection.DELETEPROFILE_ACTION))
|
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), DBSQLInjection.DELETEPROFILE_ACTION))
|
||||||
{
|
{
|
||||||
%>
|
%>
|
||||||
<form method="POST" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||||
<input type="hidden" name="<%=DBSQLInjection.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
|
<input type="hidden" name="<%=DBSQLInjection.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
|
||||||
<input type="submit" name="action" value="<%=DBSQLInjection.DELETEPROFILE_ACTION%>"/>
|
<input type="submit" name="action" value="<%=DBSQLInjection.DELETEPROFILE_ACTION%>"/>
|
||||||
</form>
|
</form>
|
||||||
|
|||||||
@ -7,7 +7,7 @@
|
|||||||
%>
|
%>
|
||||||
<div class="lesson_title_box"><strong>Welcome Back </strong><span class="lesson_text_db"><%=webSession.getUserNameInLesson()%></span> - Edit Profile Page</div>
|
<div class="lesson_title_box"><strong>Welcome Back </strong><span class="lesson_text_db"><%=webSession.getUserNameInLesson()%></span> - Edit Profile Page</div>
|
||||||
<div class="lesson_text">
|
<div class="lesson_text">
|
||||||
<form id="form1" name="form1" method="post" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||||
<Table border="0" cellpadding="0" cellspacing="0">
|
<Table border="0" cellpadding="0" cellspacing="0">
|
||||||
<TR><TD width="110">
|
<TR><TD width="110">
|
||||||
First Name:
|
First Name:
|
||||||
|
|||||||
@ -11,7 +11,7 @@
|
|||||||
<br>
|
<br>
|
||||||
<p>Select from the list below </p>
|
<p>Select from the list below </p>
|
||||||
|
|
||||||
<form id="form1" name="form1" method="post" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||||
<table width="60%" border="0" cellpadding="3">
|
<table width="60%" border="0" cellpadding="3">
|
||||||
<tr>
|
<tr>
|
||||||
<td> <label>
|
<td> <label>
|
||||||
|
|||||||
@ -6,7 +6,7 @@
|
|||||||
<%
|
<%
|
||||||
WebSession webSession = ((WebSession)session.getAttribute("websession"));
|
WebSession webSession = ((WebSession)session.getAttribute("websession"));
|
||||||
%>
|
%>
|
||||||
<form id="form1" name="form1" method="post" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||||
<label>
|
<label>
|
||||||
<select name="<%=GoatHillsFinancial.EMPLOYEE_ID%>">
|
<select name="<%=GoatHillsFinancial.EMPLOYEE_ID%>">
|
||||||
<%
|
<%
|
||||||
|
|||||||
@ -12,7 +12,7 @@
|
|||||||
<%
|
<%
|
||||||
}
|
}
|
||||||
%>
|
%>
|
||||||
<form id="form1" name="form1" method="post" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||||
<label>Name
|
<label>Name
|
||||||
<input class="lesson_text_db" type="text" name="<%=GoatHillsFinancial.SEARCHNAME%>"/>
|
<input class="lesson_text_db" type="text" name="<%=GoatHillsFinancial.SEARCHNAME%>"/>
|
||||||
</label>
|
</label>
|
||||||
|
|||||||
@ -113,7 +113,7 @@
|
|||||||
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), GoatHillsFinancial.LISTSTAFF_ACTION))
|
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), GoatHillsFinancial.LISTSTAFF_ACTION))
|
||||||
{
|
{
|
||||||
%>
|
%>
|
||||||
<form method="POST" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||||
<input type="hidden" name="<%=GoatHillsFinancial.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
|
<input type="hidden" name="<%=GoatHillsFinancial.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
|
||||||
<input type="submit" name="action" value="<%=GoatHillsFinancial.LISTSTAFF_ACTION%>"/>
|
<input type="submit" name="action" value="<%=GoatHillsFinancial.LISTSTAFF_ACTION%>"/>
|
||||||
</form>
|
</form>
|
||||||
@ -125,7 +125,7 @@
|
|||||||
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), GoatHillsFinancial.EDITPROFILE_ACTION))
|
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), GoatHillsFinancial.EDITPROFILE_ACTION))
|
||||||
{
|
{
|
||||||
%>
|
%>
|
||||||
<form method="POST" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||||
<input type="hidden" name="<%=GoatHillsFinancial.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
|
<input type="hidden" name="<%=GoatHillsFinancial.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
|
||||||
<input type="submit" name="action" value="<%=GoatHillsFinancial.EDITPROFILE_ACTION%>"/>
|
<input type="submit" name="action" value="<%=GoatHillsFinancial.EDITPROFILE_ACTION%>"/>
|
||||||
</form>
|
</form>
|
||||||
@ -138,7 +138,7 @@
|
|||||||
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), GoatHillsFinancial.DELETEPROFILE_ACTION))
|
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), GoatHillsFinancial.DELETEPROFILE_ACTION))
|
||||||
{
|
{
|
||||||
%>
|
%>
|
||||||
<form method="POST" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||||
<input type="hidden" name="<%=GoatHillsFinancial.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
|
<input type="hidden" name="<%=GoatHillsFinancial.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
|
||||||
<input type="submit" name="action" value="<%=GoatHillsFinancial.DELETEPROFILE_ACTION%>"/>
|
<input type="submit" name="action" value="<%=GoatHillsFinancial.DELETEPROFILE_ACTION%>"/>
|
||||||
</form>
|
</form>
|
||||||
|
|||||||
@ -7,7 +7,7 @@
|
|||||||
%>
|
%>
|
||||||
<br><br><br>An error has occurred.
|
<br><br><br>An error has occurred.
|
||||||
<br><br><br>
|
<br><br><br>
|
||||||
<form method="POST" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||||
|
|
||||||
<input type="submit" name="action" value="<%=GoatHillsFinancial.LOGIN_ACTION%>"/>
|
<input type="submit" name="action" value="<%=GoatHillsFinancial.LOGIN_ACTION%>"/>
|
||||||
</form>
|
</form>
|
||||||
@ -7,7 +7,7 @@
|
|||||||
%>
|
%>
|
||||||
<div class="lesson_title_box"><strong>Welcome Back </strong><span class="lesson_text_db"><%=webSession.getUserNameInLesson()%></span> - Edit Profile Page</div>
|
<div class="lesson_title_box"><strong>Welcome Back </strong><span class="lesson_text_db"><%=webSession.getUserNameInLesson()%></span> - Edit Profile Page</div>
|
||||||
<div class="lesson_text">
|
<div class="lesson_text">
|
||||||
<form id="form1" name="form1" method="post" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||||
<Table border="0" cellpadding="0" cellspacing="0">
|
<Table border="0" cellpadding="0" cellspacing="0">
|
||||||
<TR><TD width="110">
|
<TR><TD width="110">
|
||||||
First Name:
|
First Name:
|
||||||
|
|||||||
@ -11,7 +11,7 @@
|
|||||||
<br>
|
<br>
|
||||||
<p>Select from the list below </p>
|
<p>Select from the list below </p>
|
||||||
|
|
||||||
<form id="form1" name="form1" method="post" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||||
<table width="60%" border="0" cellpadding="3">
|
<table width="60%" border="0" cellpadding="3">
|
||||||
<tr>
|
<tr>
|
||||||
<td> <label>
|
<td> <label>
|
||||||
|
|||||||
@ -6,7 +6,7 @@
|
|||||||
<%
|
<%
|
||||||
WebSession webSession = ((WebSession)session.getAttribute("websession"));
|
WebSession webSession = ((WebSession)session.getAttribute("websession"));
|
||||||
%>
|
%>
|
||||||
<form id="form1" name="form1" method="post" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||||
<label>
|
<label>
|
||||||
<select name="<%=RoleBasedAccessControl.EMPLOYEE_ID%>">
|
<select name="<%=RoleBasedAccessControl.EMPLOYEE_ID%>">
|
||||||
<%
|
<%
|
||||||
|
|||||||
@ -12,7 +12,7 @@
|
|||||||
<%
|
<%
|
||||||
}
|
}
|
||||||
%>
|
%>
|
||||||
<form id="form1" name="form1" method="post" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||||
<label>Name
|
<label>Name
|
||||||
<input class="lesson_text_db" type="text" name="<%=RoleBasedAccessControl.SEARCHNAME%>"/>
|
<input class="lesson_text_db" type="text" name="<%=RoleBasedAccessControl.SEARCHNAME%>"/>
|
||||||
</label>
|
</label>
|
||||||
|
|||||||
@ -113,7 +113,7 @@
|
|||||||
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), RoleBasedAccessControl.LISTSTAFF_ACTION))
|
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), RoleBasedAccessControl.LISTSTAFF_ACTION))
|
||||||
{
|
{
|
||||||
%>
|
%>
|
||||||
<form method="POST" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||||
<input type="hidden" name="<%=RoleBasedAccessControl.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
|
<input type="hidden" name="<%=RoleBasedAccessControl.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
|
||||||
<input type="submit" name="action" value="<%=RoleBasedAccessControl.LISTSTAFF_ACTION%>"/>
|
<input type="submit" name="action" value="<%=RoleBasedAccessControl.LISTSTAFF_ACTION%>"/>
|
||||||
</form>
|
</form>
|
||||||
@ -125,7 +125,7 @@
|
|||||||
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), RoleBasedAccessControl.EDITPROFILE_ACTION))
|
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), RoleBasedAccessControl.EDITPROFILE_ACTION))
|
||||||
{
|
{
|
||||||
%>
|
%>
|
||||||
<form method="POST" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||||
<input type="hidden" name="<%=RoleBasedAccessControl.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
|
<input type="hidden" name="<%=RoleBasedAccessControl.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
|
||||||
<input type="submit" name="action" value="<%=RoleBasedAccessControl.EDITPROFILE_ACTION%>"/>
|
<input type="submit" name="action" value="<%=RoleBasedAccessControl.EDITPROFILE_ACTION%>"/>
|
||||||
</form>
|
</form>
|
||||||
@ -138,7 +138,7 @@
|
|||||||
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), RoleBasedAccessControl.DELETEPROFILE_ACTION))
|
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), RoleBasedAccessControl.DELETEPROFILE_ACTION))
|
||||||
{
|
{
|
||||||
%>
|
%>
|
||||||
<form method="POST" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||||
<input type="hidden" name="<%=RoleBasedAccessControl.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
|
<input type="hidden" name="<%=RoleBasedAccessControl.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
|
||||||
<input type="submit" name="action" value="<%=RoleBasedAccessControl.DELETEPROFILE_ACTION%>"/>
|
<input type="submit" name="action" value="<%=RoleBasedAccessControl.DELETEPROFILE_ACTION%>"/>
|
||||||
</form>
|
</form>
|
||||||
|
|||||||
@ -7,7 +7,7 @@
|
|||||||
%>
|
%>
|
||||||
<br><br><br>An error has occurred.
|
<br><br><br>An error has occurred.
|
||||||
<br><br><br>
|
<br><br><br>
|
||||||
<form method="POST" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||||
|
|
||||||
<input type="submit" name="action" value="<%=RoleBasedAccessControl.LOGIN_ACTION%>"/>
|
<input type="submit" name="action" value="<%=RoleBasedAccessControl.LOGIN_ACTION%>"/>
|
||||||
</form>
|
</form>
|
||||||
@ -7,7 +7,7 @@
|
|||||||
%>
|
%>
|
||||||
<div class="lesson_title_box"><strong>Welcome Back </strong><span class="lesson_text_db"><%=webSession.getUserNameInLesson()%></span></div>
|
<div class="lesson_title_box"><strong>Welcome Back </strong><span class="lesson_text_db"><%=webSession.getUserNameInLesson()%></span></div>
|
||||||
<div class="lesson_text">
|
<div class="lesson_text">
|
||||||
<form id="form1" name="form1" method="post" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||||
<Table>
|
<Table>
|
||||||
<TR><TD>
|
<TR><TD>
|
||||||
First Name:
|
First Name:
|
||||||
|
|||||||
@ -11,7 +11,7 @@
|
|||||||
<br>
|
<br>
|
||||||
<p>Select from the list below </p>
|
<p>Select from the list below </p>
|
||||||
|
|
||||||
<form id="form1" name="form1" method="post" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||||
<table width="60%" border="0" cellpadding="3">
|
<table width="60%" border="0" cellpadding="3">
|
||||||
<tr>
|
<tr>
|
||||||
<td> <label>
|
<td> <label>
|
||||||
|
|||||||
@ -6,7 +6,7 @@
|
|||||||
<%
|
<%
|
||||||
WebSession webSession = ((WebSession)session.getAttribute("websession"));
|
WebSession webSession = ((WebSession)session.getAttribute("websession"));
|
||||||
%>
|
%>
|
||||||
<form id="form1" name="form1" method="post" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||||
<label>
|
<label>
|
||||||
<select name="<%=SQLInjection.EMPLOYEE_ID%>">
|
<select name="<%=SQLInjection.EMPLOYEE_ID%>">
|
||||||
<%
|
<%
|
||||||
|
|||||||
@ -12,7 +12,7 @@
|
|||||||
<%
|
<%
|
||||||
}
|
}
|
||||||
%>
|
%>
|
||||||
<form id="form1" name="form1" method="post" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||||
<label>Name
|
<label>Name
|
||||||
<input class="lesson_text_db" type="text" name="<%=SQLInjection.SEARCHNAME%>"/>
|
<input class="lesson_text_db" type="text" name="<%=SQLInjection.SEARCHNAME%>"/>
|
||||||
</label>
|
</label>
|
||||||
|
|||||||
@ -109,7 +109,7 @@
|
|||||||
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), SQLInjection.LISTSTAFF_ACTION))
|
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), SQLInjection.LISTSTAFF_ACTION))
|
||||||
{
|
{
|
||||||
%>
|
%>
|
||||||
<form method="POST" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||||
<input type="hidden" name="<%=SQLInjection.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
|
<input type="hidden" name="<%=SQLInjection.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
|
||||||
<input type="submit" name="action" value="<%=SQLInjection.LISTSTAFF_ACTION%>"/>
|
<input type="submit" name="action" value="<%=SQLInjection.LISTSTAFF_ACTION%>"/>
|
||||||
</form>
|
</form>
|
||||||
@ -122,7 +122,7 @@
|
|||||||
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), SQLInjection.EDITPROFILE_ACTION))
|
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), SQLInjection.EDITPROFILE_ACTION))
|
||||||
{
|
{
|
||||||
%>
|
%>
|
||||||
<form method="POST" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||||
<input type="hidden" name="<%=SQLInjection.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
|
<input type="hidden" name="<%=SQLInjection.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
|
||||||
<input type="submit" name="action" value="<%=SQLInjection.EDITPROFILE_ACTION%>"/>
|
<input type="submit" name="action" value="<%=SQLInjection.EDITPROFILE_ACTION%>"/>
|
||||||
</form>
|
</form>
|
||||||
@ -135,7 +135,7 @@
|
|||||||
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), SQLInjection.DELETEPROFILE_ACTION))
|
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), SQLInjection.DELETEPROFILE_ACTION))
|
||||||
{
|
{
|
||||||
%>
|
%>
|
||||||
<form method="POST" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||||
<input type="hidden" name="<%=SQLInjection.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
|
<input type="hidden" name="<%=SQLInjection.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
|
||||||
<input type="submit" name="action" value="<%=SQLInjection.DELETEPROFILE_ACTION%>"/>
|
<input type="submit" name="action" value="<%=SQLInjection.DELETEPROFILE_ACTION%>"/>
|
||||||
</form>
|
</form>
|
||||||
|
|||||||
@ -141,7 +141,7 @@ StringBuffer buildList = new StringBuffer();
|
|||||||
<a href="<%= webSession.getCurrentLesson().getLink() %>&show=Params" target="_top" onclick="MM_nbGroup('down','group1','params','',1)"
|
<a href="<%= webSession.getCurrentLesson().getLink() %>&show=Params" target="_top" onclick="MM_nbGroup('down','group1','params','',1)"
|
||||||
onmouseover="MM_nbGroup('over','params','images/buttons/paramsOver.jpg','',1)"
|
onmouseover="MM_nbGroup('over','params','images/buttons/paramsOver.jpg','',1)"
|
||||||
onmouseout="MM_nbGroup('out')">
|
onmouseout="MM_nbGroup('out')">
|
||||||
<img src="images/buttons/params.jpg" alt="Show Params" name="attack?show=Params" width="92" height="20" border="0" id="params"/>
|
<img src="images/buttons/params.jpg" alt="Show Params" name="<%= webSession.getCurrentLesson().getLink() %>&show=Params" width="92" height="20" border="0" id="params"/>
|
||||||
</a>
|
</a>
|
||||||
<a href="<%= webSession.getCurrentLesson().getLink() %>&show=Cookies" target="_top" onclick="MM_nbGroup('down','group1','cookies','',1)"
|
<a href="<%= webSession.getCurrentLesson().getLink() %>&show=Cookies" target="_top" onclick="MM_nbGroup('down','group1','cookies','',1)"
|
||||||
onmouseover="MM_nbGroup('over','cookies','images/buttons/cookiesOver.jpg','',1)"
|
onmouseover="MM_nbGroup('over','cookies','images/buttons/cookiesOver.jpg','',1)"
|
||||||
|
|||||||
Reference in New Issue
Block a user