dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Changed CSRF per Bruce's comments

Browse Source 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@56 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
sherif.fathy 2006-12-30 17:30:30 +00:00
parent 63043b0f34
commit ae225126ae
2 changed files with 20 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CSRF.java
View File

@ -132,7 +132,7 @@ public class CSRF extends LessonAdapter {
* @param s Description of the Parameter
* @return Description of the Return Value
*/
public static Element makeList( WebSession s )
public Element makeList( WebSession s )
{
Table t = new Table( 0 ).setCellSpacing( 0 ).setCellPadding( 0 ).setBorder( 0 );
@ -154,7 +154,11 @@ public class CSRF extends LessonAdapter {
for ( int i = 0; results.next(); i++ )
{
A a = ECSFactory.makeLink( results.getString( TITLE_COL ), NUMBER, results.getInt( NUM_COL ) );
TD td = new TD().addElement( a );
String link = "<a href='attack?" + NUMBER + "=" + results.getInt( NUM_COL ) +
"&Screen=" + String.valueOf(getScreenId()) +
"&menu=" + getDefaultCategory().getRanking().toString() +
"' style='cursor:hand'>" + results.getString( TITLE_COL ) + "</a>";
TD td = new TD().addElement( link );
TR tr = new TR().addElement( td );
t.addElement( tr );
}
@ -168,6 +172,12 @@ public class CSRF extends LessonAdapter {
ElementContainer ec = new ElementContainer();
ec.addElement( new H1( "Message List" ) );
ec.addElement( t );
String transferFunds = s.getParser().getRawParameter("transferFunds" , "");
if (transferFunds.length() != 0)
{
makeSuccess(s);
}
return ( ec );
}
@ -220,14 +230,7 @@ public class CSRF extends LessonAdapter {
t.addElement( row3 );
ec.addElement( t );
// Some sanity checks that the script may be correct
String transferFunds = s.getParser().getRawParameter("transferFunds" , "");
if (transferFunds.length() != 0)
{
makeSuccess(s);
}
}
else
{
@ -236,6 +239,7 @@ public class CSRF extends LessonAdapter {
ec.addElement( new P().addElement( "Could not find message " + messageNum ) );
}
}
}
catch ( Exception e )
{
@ -265,7 +269,11 @@ public class CSRF extends LessonAdapter {
hints.add( "Enter some text and try to include an image in there." );
hints.add( "In order to make the picture almost invisible try to add width=\"1\" and height=\"1\"." );
hints.add( "The format of an image in html is <pre>&lt;img src=\"[URL]\" width=\"1\" height=\"1\" /&gt;</pre>");
hints.add( "Include this URL in the message <pre>&lt;img src='http://localhost:8080/WebGoat/attack?"+
"&Screen=" + String.valueOf(getScreenId()) +
"&menu=" + getDefaultCategory().getRanking().toString() +
"&transferFunds=5000' width=\"1\" height=\"1\" /&gt;</pre>");
return hints;
}

4
webgoat/main/project/WebContent/lesson_plans/CSRF.html
View File

@ -21,7 +21,5 @@ In this way, the attacker can make the victim perform actions that they didn't i
</div>
<p><b>General Goal(s):</b> </p>
<!-- Start Instructions -->
* Your goal is to send an email to a newsgroup.<br>
* Try to include a 1x1 pixel image that includes a URL that transfers funds to your account.<br>
* Whoever receives this email and happens to be authenticated at that time will be a victim.
Your goal is to send an email to a newsgroup that contains an image whose URL is pointing to a malacious request. Try to include a 1x1 pixel image that includes a URL. The URL should point to the CSRF lesson with an extra parameter "transferFunds=4000". You can copy the shortcut from the left hand menu, right click on the left hand menu and choose copy shortcut. Whoever receives this email and happens to be authenticated at that time will have his funds transfered. When you think the attack is successfull, refresh the page and you will find the green check on the left hand side menu.
<!-- Stop Instructions -->