Refactored files to Maven standard Layout

Added plugin to produce executable jar. Now it is easy to run webgoat on all platforms.

src/main/java/org/owasp/webgoat/lessons/SilentTransactions.java

@@ -0,0 +1,289 @@
+
+package org.owasp.webgoat.lessons;
+
+import java.io.PrintWriter;
+import java.util.ArrayList;
+import java.util.List;
+import org.apache.ecs.Element;
+import org.apache.ecs.ElementContainer;
+import org.apache.ecs.StringElement;
+import org.apache.ecs.html.A;
+import org.apache.ecs.html.BR;
+import org.apache.ecs.html.Div;
+import org.apache.ecs.html.Form;
+import org.apache.ecs.html.H1;
+import org.apache.ecs.html.H3;
+import org.apache.ecs.html.IMG;
+import org.apache.ecs.html.Input;
+import org.apache.ecs.html.PRE;
+import org.apache.ecs.html.TD;
+import org.apache.ecs.html.TR;
+import org.apache.ecs.html.Table;
+import org.owasp.webgoat.session.WebSession;
+
+
+/***************************************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
+ * please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under the terms of the
+ * GNU General Public License as published by the Free Software Foundation; either version 2 of the
+ * License, or (at your option) any later version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
+ * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License along with this program; if
+ * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+ * 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository for free software
+ * projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ * 
+ * @author Sherif Koussa <a href="http://www.softwaresecured.com">Software Secured</a>
+ * @created December 26, 2006
+ */
+
+public class SilentTransactions extends LessonAdapter
+{
+
+	private final static Integer DEFAULT_RANKING = new Integer(40);
+
+	private final static Double CURRENT_BALANCE = 11987.09;
+
+	public final static A MAC_LOGO = new A().setHref("http://www.softwaresecured.com").addElement(new IMG("images/logos/softwaresecured.gif").setAlt("Software Secured").setBorder(0).setHspace(0).setVspace(0));
+	
+	public void handleRequest(WebSession s)
+	{
+
+		try
+		{
+			if (s.getParser().getRawParameter("from", "").equals("ajax"))
+			{
+				if (s.getParser().getRawParameter("confirm", "").equals("Confirm"))
+				{
+					String amount = s.getParser().getRawParameter("amount", "");
+					s.getResponse().setContentType("text/html");
+					s.getResponse().setHeader("Cache-Control", "no-cache");
+					PrintWriter out = new PrintWriter(s.getResponse().getOutputStream());
+					StringBuffer result = new StringBuffer();
+					result.append("<br><br>* Congratulations. You have successfully completed this lesson.<br>");
+					if (!amount.equals(""))
+					{
+						result.append("You have just silently authorized ");
+						result.append(amount);
+						result.append("$ without the user interaction.<br>");
+					}
+					result
+							.append("Now you can send out a spam email containing this link and whoever clicks on it<br>");
+					result.append(" and happens to be logged in the same time will loose their money !!");
+					out.print(result.toString());
+					out.flush();
+					out.close();
+					getLessonTracker(s).setCompleted(true);
+					return;
+				}
+				else if (s.getParser().getRawParameter("confirm", "").equals("Transferring"))
+				{
+					s.getResponse().setContentType("text/html");
+					s.getResponse().setHeader("Cache-Control", "no-cache");
+					PrintWriter out = new PrintWriter(s.getResponse().getOutputStream());
+					out.print("<br><br>The Transaction has Completed Successfully.");
+					out.flush();
+					out.close();
+					return;
+				}
+			}
+		} catch (Exception ex)
+		{
+			ex.printStackTrace();
+		}
+
+		Form form = new Form(getFormAction(), Form.POST).setName("form").setEncType("");
+
+		form.addElement(createContent(s));
+
+		setContent(form);
+
+	}
+
+	/**
+	 * Description of the Method
+	 * 
+	 * @param s
+	 *            Current WebSession
+	 */
+
+	protected Element createContent(WebSession s)
+	{
+		ElementContainer ec = new ElementContainer();
+		String lineSep = System.getProperty("line.separator");
+		String script = "<script>"
+				+ lineSep
+				+ "function processData(){"
+				+ lineSep
+				+ " var accountNo = document.getElementById('newAccount').value;"
+				+ lineSep
+				+ " var amount = document.getElementById('amount').value;"
+				+ lineSep
+				+ " if ( accountNo == ''){"
+				+ lineSep
+				+ " alert('Please enter a valid account number to transfer to.')"
+				+ lineSep
+				+ " return;"
+				+ lineSep
+				+ "}"
+				+ lineSep
+				+ " else if ( amount == ''){"
+				+ lineSep
+				+ " alert('Please enter a valid amount to transfer.')"
+				+ lineSep
+				+ " return;"
+				+ lineSep
+				+ "}"
+				+ lineSep
+				+ " var balanceValue = document.getElementById('balanceID').innerHTML;"
+				+ lineSep
+				+ " balanceValue = balanceValue.replace( new RegExp('$') , '');"
+				+ lineSep
+				+ " if ( parseFloat(amount) > parseFloat(balanceValue) ) {"
+				+ lineSep
+				+ " alert('You can not transfer more funds than what is available in your balance.')"
+				+ lineSep
+				+ " return;"
+				+ lineSep
+				+ "}"
+				+ lineSep
+				+ " document.getElementById('confirm').value  = 'Transferring'"
+				+ lineSep
+				+ "submitData(accountNo, amount);"
+				+ lineSep
+				+ " document.getElementById('confirm').value  = 'Confirm'"
+				+ lineSep
+				+ "balanceValue = parseFloat(balanceValue) - parseFloat(amount);"
+				+ lineSep
+				+ "balanceValue = balanceValue.toFixed(2);"
+				+ lineSep
+				+ "document.getElementById('balanceID').innerHTML = balanceValue + '$';"
+				+ lineSep
+				+ "}"
+				+ lineSep
+				+ "function submitData(accountNo, balance) {"
+				+ lineSep
+				+ "var url = '"
+				+ getLink()
+				+ "&from=ajax&newAccount='+ accountNo+ '&amount=' + balance +'&confirm=' + document.getElementById('confirm').value; "
+				+ lineSep + "if (typeof XMLHttpRequest != 'undefined') {" + lineSep + "req = new XMLHttpRequest();"
+				+ lineSep + "} else if (window.ActiveXObject) {" + lineSep
+				+ "req = new ActiveXObject('Microsoft.XMLHTTP');" + lineSep + "   }" + lineSep
+				+ "   req.open('GET', url, true);" + lineSep + "   req.onreadystatechange = callback;" + lineSep
+				+ "   req.send(null);" + lineSep + "}" + lineSep + "function callback() {" + lineSep
+				+ "    if (req.readyState == 4) { " + lineSep + "        if (req.status == 200) { " + lineSep
+				+ "                   var result =  req.responseText ;" + lineSep
+				+ "			 var resultsDiv = document.getElementById('resultsDiv');" + lineSep
+				+ "				resultsDiv.innerHTML = '';" + lineSep + "				resultsDiv.innerHTML = result;" + lineSep
+				+ "        }}}" + lineSep + "</script>" + lineSep;
+
+		ec.addElement(new StringElement(script));
+		ec.addElement(new H1("Welcome to WebGoat Banking System"));
+		ec.addElement(new BR());
+		ec.addElement(new H3("Account Summary:"));
+
+		Table t1 = new Table().setCellSpacing(0).setCellPadding(0).setBorder(1).setWidth("70%").setAlign("left");
+		ec.addElement(new BR());
+		TR tr = new TR();
+		tr.addElement(new TD(new StringElement("Account Balance:")));
+		tr.addElement(new TD(new StringElement("<div id='balanceID'>" + CURRENT_BALANCE.toString() + "$</div>")));
+		t1.addElement(tr);
+
+		tr = new TR();
+		tr.addElement(new TD(new StringElement("Transfer to Account:")));
+		Input newAccount = new Input();
+		newAccount.addAttribute("id", "newAccount");
+		newAccount.setType(Input.TEXT);
+		newAccount.setName("newAccount");
+		newAccount.setValue("");
+		tr.addElement(new TD(newAccount));
+		t1.addElement(tr);
+
+		tr = new TR();
+		tr.addElement(new TD(new StringElement("Transfer Amount:")));
+		Input amount = new Input();
+		amount.addAttribute("id", "amount");
+		amount.setType(Input.TEXT);
+		amount.setName("amount");
+		amount.setValue(0);
+		tr.addElement(new TD(amount));
+		t1.addElement(tr);
+
+		ec.addElement(t1);
+		ec.addElement(new BR());
+		ec.addElement(new BR());
+
+		ec.addElement(new PRE());
+		Input b = new Input();
+		b.setType(Input.BUTTON);
+		b.setName("confirm");
+		b.addAttribute("id", "confirm");
+		b.setValue("Confirm");
+		b.setOnClick("processData();");
+		ec.addElement(b);
+
+		ec.addElement(new BR());
+		Div div = new Div();
+		div.addAttribute("name", "resultsDiv");
+		div.addAttribute("id", "resultsDiv");
+		div.setStyle("font-weight: bold;color:red;");
+		ec.addElement(div);
+
+		return ec;
+	}
+
+	protected Category getDefaultCategory()
+	{
+		return Category.AJAX_SECURITY;
+	}
+
+	protected List<String> getHints(WebSession s)
+	{
+		List<String> hints = new ArrayList<String>();
+		hints.add("Check the javascript in the HTML source.");
+		hints.add("Check how the application calls a specific javascript function to execute the transaction.");
+		hints.add("Check the javascript functions processData and submitData()");
+		hints.add("Function submitData() is the one responsible for actually ececuting the transaction.");
+		hints.add("Check if your browser supports running javascript from the address bar.");
+		hints.add("Try to navigate to 'javascript:submitData(1234556,11000);'");
+		return hints;
+
+	}
+
+	protected Integer getDefaultRanking()
+	{
+		return DEFAULT_RANKING;
+	}
+
+	/**
+	 * Gets the title attribute of the HelloScreen object
+	 * 
+	 * @return The title value
+	 */
+	public String getTitle()
+	{
+		return ("Silent Transactions Attacks");
+	}
+
+	public Element getCredits()
+	{
+		return super.getCustomCredits("Created by Sherif Koussa&nbsp;", MAC_LOGO);
+	}
+
+}