dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Miscellaneous bug fixes

Browse Source 
divide by zero, inaccurate discount and totals, reflection of user input


git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@273 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
rogan.dawes
2008-01-14 14:02:11 +00:00
commit b0b94c4688
917 changed files with 73689 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

114
main/project/WebContent/lessons/Ajax/clientSideFiltering.jsp Normal file
View File

@ -0,0 +1,114 @@
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<%@ page import="java.io.*, javax.xml.xpath.*, org.xml.sax.InputSource,org.w3c.dom.*,org.apache.ecs.html.* " %>
<%
String userId = request.getParameter("userID");
NodeList nodes = null;
File d = new File(this.getServletContext().getRealPath("lessons/Ajax/employees.xml"));
if(d.exists()){
System.out.print("File does exist");
}
else{
System.out.print("File DOES NOT exist");
}
System.out.println(d.getAbsolutePath());
XPathFactory factory = XPathFactory.newInstance();
XPath xPath = factory.newXPath();
InputSource inputSource = new InputSource(new FileInputStream(d));
StringBuffer sb = new StringBuffer();
sb.append("/Employees/Employee/UserID | ");
sb.append("/Employees/Employee/FirstName | ");
sb.append("/Employees/Employee/LastName | ");
sb.append("/Employees/Employee/SSN | ");
sb.append("/Employees/Employee/Salary ");
String expression = sb.toString();
System.out.print("expression:" + expression);
nodes = (NodeList) xPath.evaluate(expression, inputSource,
XPathConstants.NODESET);
int nodesLength = nodes.getLength();
System.out.println("nodesLength:" + nodesLength);
TR tr;
int COLUMNS = 5;
Table t2 = null;
if (nodesLength > 0)
{
t2 = new Table().setCellSpacing(0).setCellPadding(0).setBorder(
1).setWidth("90%").setAlign("center");
tr = new TR();
tr.addElement(new TD().addElement("UserID"));
tr.addElement(new TD().addElement("First Name"));
tr.addElement(new TD().addElement("Last Name"));
tr.addElement(new TD().addElement("SSN"));
tr.addElement(new TD().addElement("Salary"));
t2.addElement(tr);
}
tr = new TR();
for (int i = 0; i < nodesLength; i++)
{
Node node = nodes.item(i);
if(i%COLUMNS==0){
tr = new TR();
tr.setID(node.getTextContent());
//tr.setStyle("display: none");
}
tr.addElement(new TD().addElement(node.getTextContent()));
if(i%COLUMNS==(COLUMNS-1)){
t2.addElement(tr);
}
}
if(t2 != null){
out.println(t2.toString());
}
else{
out.println("No Results");
}
%>

114
main/project/WebContent/lessons/Ajax/clientSideFiltering_backup.jsp Normal file
View File

@ -0,0 +1,114 @@
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<%@ page import="java.io.*, javax.xml.xpath.*, org.xml.sax.InputSource,org.w3c.dom.*,org.apache.ecs.html.* " %>
<%
String userId = request.getParameter("userID");
NodeList nodes = null;
File d = new File(this.getServletContext().getRealPath("lessons/Ajax/employees.xml"));
if(d.exists()){
System.out.print("File does exist");
}
else{
System.out.print("File DOES NOT exist");
}
System.out.println(d.getAbsolutePath());
XPathFactory factory = XPathFactory.newInstance();
XPath xPath = factory.newXPath();
InputSource inputSource = new InputSource(new FileInputStream(d));
StringBuffer sb = new StringBuffer();
sb.append("/Employees/Employee/UserID | ");
sb.append("/Employees/Employee/FirstName | ");
sb.append("/Employees/Employee/LastName | ");
sb.append("/Employees/Employee/SSN | ");
sb.append("/Employees/Employee/Salary ");
String expression = sb.toString();
System.out.print("expression:" + expression);
nodes = (NodeList) xPath.evaluate(expression, inputSource,
XPathConstants.NODESET);
int nodesLength = nodes.getLength();
System.out.println("nodesLength:" + nodesLength);
TR tr;
int COLUMNS = 5;
Table t2 = null;
if (nodesLength > 0)
{
t2 = new Table().setCellSpacing(0).setCellPadding(0).setBorder(
1).setWidth("90%").setAlign("center");
tr = new TR();
tr.addElement(new TD().addElement("UserID"));
tr.addElement(new TD().addElement("First Name"));
tr.addElement(new TD().addElement("Last Name"));
tr.addElement(new TD().addElement("SSN"));
tr.addElement(new TD().addElement("Salary"));
t2.addElement(tr);
}
tr = new TR();
for (int i = 0; i < nodesLength; i++)
{
Node node = nodes.item(i);
if(i%COLUMNS==0){
tr = new TR();
tr.setID(node.getTextContent());
//tr.setStyle("display: none");
}
tr.addElement(new TD().addElement(node.getTextContent()));
if(i%COLUMNS==(COLUMNS-1)){
t2.addElement(tr);
}
}
if(t2 != null){
out.println(t2.toString());
}
else{
out.println("No Results");
}
%>

30
main/project/WebContent/lessons/Ajax/clientSideValidation.jsp Normal file
View File

@ -0,0 +1,30 @@
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<% String coupon = request.getParameter("coupon");
if (coupon.equalsIgnoreCase("PLATINUM")){
out.print(".25");
}
else if (coupon.equalsIgnoreCase("GOLD")){
out.print(".5");
}
else if (coupon.equalsIgnoreCase("SILVER")){
out.print(".75");
}
else if (coupon.equalsIgnoreCase("BRONZE")){
out.print(".8");
}
else if (coupon.equalsIgnoreCase("PRESSONE")){
out.print(".9");
}
else if (coupon.equalsIgnoreCase("PRESSTWO")){
out.print(".95");
}
%>

251
main/project/WebContent/lessons/Ajax/employees.xml Normal file
View File

@ -0,0 +1,251 @@
<?xml version="1.0" encoding="UTF-8"?>
<Employees>
<Employee >
<UserID>101</UserID>
<FirstName>Larry</FirstName>
<LastName>Stooge</LastName>
<Street>9175 Guilford Rd</Street>
<CS>New York, NY</CS>
<Phone>443-689-0192</Phone>
<StartDate>1012000</StartDate>
<SSN>386-09-5451</SSN>
<Salary>55000</Salary>
<CreditCard>2578546969853547</CreditCard>
<Limit>5000</Limit>
<Comments>Does not work well with others</Comments>
<DisciplinaryExplanation>Constantly harassing coworkers</DisciplinaryExplanation>
<DisciplinaryDate>10106</DisciplinaryDate>
<Managers>
<Manager>102</Manager>
<Manager>111</Manager>
<Manager>112</Manager>
</Managers>
</Employee>
<Employee>
<UserID>102</UserID>
<FirstName>Moe</FirstName>
<LastName>Stooge</LastName>
<Street>3013 AMD Ave</Street>
<CS>New York, NY</CS>
<Phone>443-938-5301</Phone>
<StartDate>3082003</StartDate>
<SSN>936-18-4524</SSN>
<Salary>140000</Salary>
<CreditCard>NA</CreditCard>
<Limit>0</Limit>
<Comments>Very dominating over Larry and Curly</Comments>
<DisciplinaryExplanation>Hit Curly over head</DisciplinaryExplanation>
<DisciplinaryDate>101013</DisciplinaryDate>
<Managers>
<Manager>112</Manager>
</Managers>
</Employee>
<Employee>
<UserID>103</UserID>
<FirstName>Curly</FirstName>
<LastName>Stooge</LastName>
<Street>1112 Crusoe Lane</Street>
<CS>New York, NY</CS>
<Phone>410-667-6654</Phone>
<StartDate>2122001</StartDate>
<SSN>961-08-0047</SSN>
<Salary>50000</Salary>
<CreditCard>NA</CreditCard>
<Limit>0</Limit>
<Comments>Owes three-thousand to company for fradulent purchases</Comments>
<DisciplinaryExplanation>Hit Moe back</DisciplinaryExplanation>
<DisciplinaryDate>101014</DisciplinaryDate>
<Managers>
<Manager>102</Manager>
<Manager>111</Manager>
<Manager>112</Manager>
</Managers>
</Employee>
<Employee>
<UserID>104</UserID>
<FirstName>Eric</FirstName>
<LastName>Walker</LastName>
<Street>1160 Prescott Rd</Street>
<CS>New York, NY</CS>
<Phone>410-887-1193</Phone>
<StartDate>12152005</StartDate>
<SSN>445-66-5565</SSN>
<Salary>13000</Salary>
<CreditCard>NA</CreditCard>
<Limit>0</Limit>
<Comments>Late. Always needs help. Too intern-ish.</Comments>
<DisciplinaryExplanation>Bothering Larry about webgoat problems</DisciplinaryExplanation>
<DisciplinaryDate>101013</DisciplinaryDate>
<Managers>
<Manager>107</Manager>
<Manager>102</Manager>
<Manager>111</Manager>
<Manager>112</Manager>
</Managers>
</Employee>
<Employee>
<UserID>105</UserID>
<FirstName>Tom</FirstName>
<LastName>Cat</LastName>
<Street>2211 HyperThread Rd.</Street>
<CS>New York, NY</CS>
<Phone>443-599-0762</Phone>
<StartDate>1011999</StartDate>
<SSN>792-14-6364</SSN>
<Salary>80000</Salary>
<CreditCard>5481360857968521</CreditCard>
<Limit>30000</Limit>
<Comments>Co-Owner.</Comments>
<DisciplinaryExplanation>NA</DisciplinaryExplanation>
<DisciplinaryDate>0</DisciplinaryDate>
<Managers>
<Manager>106</Manager>
<Manager>102</Manager>
<Manager>111</Manager>
<Manager>112</Manager>
</Managers>
</Employee>
<Employee>
<UserID>106</UserID>
<FirstName>Jerry</FirstName>
<LastName>Mouse</LastName>
<Street>3011 Unix Drive</Street>
<CS>New York, NY</CS>
<Phone>443-699-3366</Phone>
<StartDate>1011999</StartDate>
<SSN>858-55-4452</SSN>
<Salary>70000</Salary>
<CreditCard>6981754825013564</CreditCard>
<Limit>20000</Limit>
<Comments>Co-Owner.</Comments>
<DisciplinaryExplanation>NA</DisciplinaryExplanation>
<DisciplinaryDate>0</DisciplinaryDate>
<Managers>
<Manager>102</Manager>
<Manager>111</Manager>
<Manager>112</Manager>
</Managers>
</Employee>
<Employee>
<UserID>107</UserID>
<FirstName>David</FirstName>
<LastName>Giambi</LastName>
<Street>5132 DIMM Avenue</Street>
<CS>New York, NY</CS>
<Phone>610-521-8413</Phone>
<StartDate>5011999</StartDate>
<SSN>439-20-9405</SSN>
<Salary>100000</Salary>
<CreditCard>6981754825018101</CreditCard>
<Limit>10000</Limit>
<Comments>Strong work habbit. Questionable ethics.</Comments>
<DisciplinaryExplanation>Hacked into accounting server. Modified personal pay.</DisciplinaryExplanation>
<DisciplinaryDate>61402</DisciplinaryDate>
<Managers>
<Manager>102</Manager>
<Manager>111</Manager>
<Manager>112</Manager>
</Managers>
</Employee>
<Employee>
<UserID>108</UserID>
<FirstName>Bruce</FirstName>
<LastName>McGuirre</LastName>
<Street>8899 FreeBSD Drive&lt;script&gt;alert(document.cookie)&lt;/script&gt; </Street>
<CS>New York, NY</CS>
<Phone>610-282-1103</Phone>
<StartDate>3012000</StartDate>
<SSN>707-95-9482</SSN>
<Salary>110000</Salary>
<CreditCard>6981754825854136</CreditCard>
<Limit>30000</Limit>
<Comments>Enjoys watching others struggle in exercises.</Comments>
<DisciplinaryExplanation>Tortuous Boot Camp workout at 5am. Employees felt sick.</DisciplinaryExplanation>
<DisciplinaryDate>61502</DisciplinaryDate>
<Managers>
<Manager>107</Manager>
<Manager>102</Manager>
<Manager>111</Manager>
<Manager>112</Manager>
</Managers>
</Employee>
<Employee>
<UserID>109</UserID>
<FirstName>Sean</FirstName>
<LastName>Livingston</LastName>
<Street>6422 dFlyBSD Road</Street>
<CS>New York, NY</CS>
<Phone>610-878-9549</Phone>
<StartDate>6012003</StartDate>
<SSN>136-55-1046</SSN>
<Salary>130000</Salary>
<CreditCard>6981754825014510</CreditCard>
<Limit>5000</Limit>
<Comments>Has some fascination with Steelers. Go Ravens.</Comments>
<DisciplinaryExplanation>Late to work 30 days in row due to excessive Halo 2</DisciplinaryExplanation>
<DisciplinaryDate>72804</DisciplinaryDate>
<Managers>
<Manager>107</Manager>
<Manager>102</Manager>
<Manager>111</Manager>
<Manager>112</Manager>
</Managers>
</Employee>
<Employee>
<UserID>110</UserID>
<FirstName>Joanne</FirstName>
<LastName>McDougal</LastName>
<Street>5567 Broadband Lane</Street>
<CS>New York, NY</CS>
<Phone>610-213-6341</Phone>
<StartDate>1012001</StartDate>
<SSN>789-54-2413</SSN>
<Salary>90000</Salary>
<CreditCard>6981754825081054</CreditCard>
<Limit>300</Limit>
<Comments>Finds it necessary to leave early every day.</Comments>
<DisciplinaryExplanation>Used company cc to purchase new car. Limit adjusted.</DisciplinaryExplanation>
<DisciplinaryDate>112005</DisciplinaryDate>
<Managers>
<Manager>106</Manager>
<Manager>102</Manager>
<Manager>111</Manager>
<Manager>112</Manager>
</Managers>
</Employee>
<Employee>
<UserID>111</UserID>
<FirstName>John</FirstName>
<LastName>Wayne</LastName>
<Street>129 Third St</Street>
<CS>New York, NY</CS>
<Phone>610-213-1134</Phone>
<StartDate>1012001</StartDate>
<SSN>129-69-4572</SSN>
<Salary>200000</Salary>
<CreditCard>4437334565679921</CreditCard>
<Limit>300</Limit>
<Comments></Comments>
<DisciplinaryExplanation></DisciplinaryExplanation>
<DisciplinaryDate>112005</DisciplinaryDate>
<Managers>
<Manager>112</Manager>
</Managers>
</Employee>
<Employee>
<UserID>112</UserID>
<FirstName>Neville</FirstName>
<LastName>Bartholomew</LastName>
<Street>1 Corporate Headquarters</Street>
<CS>San Jose, CA</CS>
<Phone>408-587-0024</Phone>
<StartDate>3012000</StartDate>
<SSN>111-111-1111</SSN>
<Salary>450000</Salary>
<CreditCard>4803389267684109</CreditCard>
<Limit>300</Limit>
<Comments></Comments>
<DisciplinaryExplanation></DisciplinaryExplanation>
<DisciplinaryDate>112005</DisciplinaryDate>
</Employee>
</Employees>

37
main/project/WebContent/lessons/Ajax/eval.jsp Normal file
View File

@ -0,0 +1,37 @@
<%@ page language="java" contentType="text/html; charset=ISO-8859-1" import="java.util.regex.*" import="org.owasp.webgoat.lessons.DangerousEval"
pageEncoding="ISO-8859-1"%>
<%
String action = request.getParameter("action");
String field1 = request.getParameter("field1");
String field2 = request.getParameter("field2");
String regex1 = "^[0-9]{3}$";// any three digits
Pattern pattern1 = Pattern.compile(regex1);
if(action == null) action = "Purchase";
if(field1 == null) field1 = "123";
if(field2 == null) field2 = "-1";
/** For security reasons, we remove all '<' and '>' characters to prevent XSS **/
field1.replaceAll("<", "");
field1.replaceAll(">", "");
field2.replaceAll("<", "");
field2.replaceAll(">", "");
if("Purchase".equals(action))
{
if(!pattern1.matcher(field1).matches())
{
/** If they supplied the right attack, pass them **/
if(field1.indexOf("');") != -1 && field1.indexOf("alert") != -1 && field1.indexOf("document.cookie") != -1)
{
session.setAttribute(DangerousEval.PASSED, "true");
}
out.write("alert('Whoops: You entered an incorrect access code of \"" + field1 + "\"');");
}
else
{
out.write("alert('Purchase completed successfully with credit card \"" + field2 + "\" and access code \"" + field1 + "\"');");
}
}
%>

BIN
main/project/WebContent/lessons/Ajax/images/lesson1_header.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 44 KiB

BIN
main/project/WebContent/lessons/Ajax/images/lesson1_workspace.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 23 KiB

111
main/project/WebContent/lessons/Ajax/instructor/clientSideFiltering_i.jsp Normal file
View File

@ -0,0 +1,111 @@
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<%@ page import="java.io.*, javax.xml.xpath.*, org.xml.sax.InputSource,org.w3c.dom.*,org.apache.ecs.html.* " %>
<%
String userId = request.getParameter("userId");
NodeList nodes = null;
File d = new File(this.getServletContext().getRealPath("lessons/Ajax/employees.xml"));
if(d.exists()){
System.out.print("File does exist");
}
else{
System.out.print("File DOES NOT exist");
}
System.out.println(d.getAbsolutePath());
XPathFactory factory = XPathFactory.newInstance();
XPath xPath = factory.newXPath();
InputSource inputSource = new InputSource(new FileInputStream(d));
StringBuffer sb = new StringBuffer();
sb.append("/Employees/Employee [Managers/Manager/text()='" + userId + "']/UserID | ");
sb.append("/Employees/Employee [Managers/Manager/text()='" + userId + "']/FirstName | ");
sb.append("/Employees/Employee [Managers/Manager/text()='" + userId + "']/LastName | ");
sb.append("/Employees/Employee [Managers/Manager/text()='" + userId + "']/SSN | ");
sb.append("/Employees/Employee [Managers/Manager/text()='" + userId + "']/Salary ");
String expression = sb.toString();
System.out.print("expression:" + expression);
nodes = (NodeList) xPath.evaluate(expression, inputSource,
XPathConstants.NODESET);
int nodesLength = nodes.getLength();
System.out.println("nodesLength:" + nodesLength);
TR tr;
int COLUMNS = 5;
Table t2 = null;
if (nodesLength > 0)
{
t2 = new Table().setCellSpacing(0).setCellPadding(0).setBorder(
1).setWidth("90%").setAlign("center");
tr = new TR();
tr.addElement(new TD().addElement("UserID"));
tr.addElement(new TD().addElement("First Name"));
tr.addElement(new TD().addElement("Last Name"));
tr.addElement(new TD().addElement("SSN"));
tr.addElement(new TD().addElement("Salary"));
t2.addElement(tr);
}
tr = new TR();
for (int i = 0; i < nodesLength; i++)
{
Node node = nodes.item(i);
if(i%COLUMNS==0){
tr = new TR();
tr.setID(node.getTextContent());
//tr.setStyle("display: none");
}
tr.addElement(new TD().addElement(node.getTextContent()));
if(i%COLUMNS==(COLUMNS-1)){
t2.addElement(tr);
}
}
if(t2 != null){
out.println(t2.toString());
}
else{
out.println("No Results");
}
%>

1
main/project/WebContent/lessons/Ajax/sameOrigin.jsp Normal file
View File

@ -0,0 +1 @@
Good Response

19
main/project/WebContent/lessons/ConfManagement/config.jsp Normal file
View File

@ -0,0 +1,19 @@
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<%@page import="org.owasp.webgoat.session.WebSession"%>
<%
WebSession webSession = ((WebSession)session.getAttribute("websession"));
%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Configuration Page</title>
</head>
<body>
<% response.sendRedirect(webSession.getCurrentLesson().getLink() +
"&succeeded=yes");
%>
</body>
</html>

14
main/project/WebContent/lessons/CrossSiteScripting/CrossSiteScripting.css Normal file
View File

@ -0,0 +1,14 @@
#lesson_wrapper {height: 435px;width: 500px;}
#lesson_header {background-image: url(lessons/CrossSiteScripting/images/lesson1_header.jpg);width: 490px;padding-right: 10px;padding-top: 60px;background-repeat: no-repeat;}
.lesson_workspace {background-image: url(lessons/CrossSiteScripting/images/lesson1_workspace.jpg);width: 489px;height: 325px;padding-left: 10px;padding-top: 10px;background-repeat: no-repeat;}
.lesson_text {height: 240px;width: 460px;padding-top: 5px;}
#lesson_buttons_bottom {height: 20px;width: 460px;}
#lesson_b_b_left {width: 300px;float: left;}
#lesson_b_b_right input {width: 100px;float: right;}
.lesson_title_box {height: 20px;width: 420px;padding-left: 30px;}
.lesson_workspace { }
.lesson_txt_10 {font-family: Arial, Helvetica, sans-serif;font-size: 10px;}
.lesson_text_db {color: #0066FF}
#lesson_login {background-image: url(lessons/CrossSiteScripting/images/lesson1_loginWindow.jpg);height: 124px;width: 311px;background-repeat: no-repeat;padding-top: 30px;margin-left: 80px;margin-top: 50px;text-align: center;}
#lesson_login_txt {font-family: Arial, Helvetica, sans-serif;font-size: 12px;text-align: center;}
#lesson_search {background-image: url(lessons/CrossSiteScripting/images/lesson1_SearchWindow.jpg);height: 124px;width: 311px;background-repeat: no-repeat;padding-top: 30px;margin-left: 80px;margin-top: 50px;text-align: center;}

26
main/project/WebContent/lessons/CrossSiteScripting/CrossSiteScripting.jsp Normal file
View File

@ -0,0 +1,26 @@
<%@ page contentType="text/html; charset=ISO-8859-1" language="java"
import="org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.CrossSiteScripting.CrossSiteScripting"
errorPage="" %>
<style>
<jsp:include page="CrossSiteScripting.css" />
</style>
<%
WebSession webSession = ((WebSession)session.getAttribute("websession"));
CrossSiteScripting currentLesson = (CrossSiteScripting) webSession.getCurrentLesson();
%>
<div id="lesson_wrapper">
<div id="lesson_header"></div>
<div class="lesson_workspace">
<%
String subViewPage = currentLesson.getPage(webSession);
if (subViewPage != null)
{
//System.out.println("Including sub view page: " + subViewPage);
%>
<jsp:include page="<%=subViewPage%>" />
<%
}
%>
</div>
</div>

134
main/project/WebContent/lessons/CrossSiteScripting/EditProfile.jsp Normal file
View File

@ -0,0 +1,134 @@
<%@ page contentType="text/html; charset=ISO-8859-1" language="java"
import="java.util.*, org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.CrossSiteScripting.CrossSiteScripting"
errorPage="" %>
<%
WebSession webSession = ((WebSession)session.getAttribute("websession"));
Employee employee = (Employee) session.getAttribute("CrossSiteScripting.Employee");
%>
<div class="lesson_title_box"><strong>Welcome Back </strong><span class="lesson_text_db"><%=webSession.getUserNameInLesson()%></span></div>
<div class="lesson_text">
<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
<Table>
<TR><TD>
First Name:
</TD>
<TD>
<input class="lesson_text_db" name="<%=CrossSiteScripting.FIRST_NAME%>" type="text" value="<%=employee.getFirstName()%>"/>
</TD>
<TD>
Last Name:
</TD>
<TD>
<input class="lesson_text_db" name="<%=CrossSiteScripting.LAST_NAME%>" type="text" value="<%=employee.getLastName()%>"/>
</TD>
</TR>
<TR><TD>
Street:
</TD>
<TD>
<input class="lesson_text_db" name="<%=CrossSiteScripting.ADDRESS1%>" type="text" value="<%=employee.getAddress1()%>"/>
</TD>
<TD>
City/State:
<TD>
<input class="lesson_text_db" name="<%=CrossSiteScripting.ADDRESS2%>" type="text" value="<%=employee.getAddress2()%>"/>
</TD>
</TR>
<TR><TD>
Phone:
</TD>
<TD>
<input class="lesson_text_db" name="<%=CrossSiteScripting.PHONE_NUMBER%>" type="text" value="<%=employee.getPhoneNumber()%>"/>
</TD>
<TD>
Start Date:
</TD>
<TD>
<input class="lesson_text_db" name="<%=CrossSiteScripting.START_DATE%>" type="text" value="<%=employee.getStartDate()%>"/>
</TD>
</TR>
<TR><TD>
SSN:
</TD>
<TD>
<input class="lesson_text_db" name="<%=CrossSiteScripting.SSN%>" type="text" value="<%=employee.getSsn()%>"/>
</TD>
<TD>
Salary:
</TD>
<TD>
<input class="lesson_text_db" name="<%=CrossSiteScripting.SALARY%>" type="text" value="<%=employee.getSalary()%>"/>
</TD>
</TR>
<TR><TD>
Credit Card:
</TD>
<TD>
<input class="lesson_text_db" name="<%=CrossSiteScripting.CCN%>" type="text" value="<%=employee.getCcn()%>"/>
</TD>
<TD>
Credit Card Limit:
</TD>
<TD>
<input class="lesson_text_db" name="<%=CrossSiteScripting.CCN_LIMIT%>" type="text" value="<%=employee.getCcnLimit()%>"/>
</TD>
</TR>
<TR><TD>
Comments:
</TD>
<TD>
<input class="lesson_text_db" name="<%=CrossSiteScripting.DESCRIPTION%>" type="text" value="<%=employee.getPersonalDescription()%>"/>
</TD>
<TD>
Manager:
</TD>
<TD>
<select class="lesson_text_db" name="<%=CrossSiteScripting.MANAGER%>">
<%
List employees = (List) session.getAttribute("CrossSiteScripting.Staff");
Iterator i = employees.iterator();
while (i.hasNext())
{
EmployeeStub stub = (EmployeeStub) i.next();
%>
<option value="<%=Integer.toString(stub.getId())%>"><%=stub.getFirstName() + " " + stub.getLastName()%></option>
<%}%>
</select>
</TD>
</TR>
<TR><TD>
Disciplinary Explanation:
</TD>
<TD>
<textarea name="<%=CrossSiteScripting.DISCIPLINARY_NOTES%>" cols="16" rows="3" class="lesson_text_db" ><%=employee.getDisciplinaryActionNotes()%></textarea>
</TD>
<TD>
Disciplinary Action Dates:
</TD>
<TD>
<input class="lesson_text_db" name="<%=CrossSiteScripting.DISCIPLINARY_DATE%>" type="text" value="<%=employee.getDisciplinaryActionDate()%>"/>
</TD>
</TR>
</Table>
<BR>
<div class="lesson_buttons_bottom">
<table width="460" height="20" border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="57">
<input type="submit" name="action" value="<%=CrossSiteScripting.VIEWPROFILE_ACTION%>"/>
</td>
<td width="81">
<input name="<%=CrossSiteScripting.EMPLOYEE_ID%>" type="hidden" value="<%=employee.getId()%>">
<input name="<%=CrossSiteScripting.TITLE%>" type="hidden" value="<%=employee.getTitle()%>">
<input type="submit" name="action" value="<%=CrossSiteScripting.UPDATEPROFILE_ACTION%>"/>
</td>
<td width="211"></td>
<td width="83">
<input type="submit" name="action" value="<%=CrossSiteScripting.LOGOUT_ACTION%>"/>
</td>
</tr>
</table>
</div>
</form>
</div>

54
main/project/WebContent/lessons/CrossSiteScripting/ListStaff.jsp Normal file
View File

@ -0,0 +1,54 @@
<%@ page contentType="text/html; charset=ISO-8859-1" language="java"
import="java.util.*, org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.CrossSiteScripting.CrossSiteScripting"
errorPage="" %>
<%
WebSession webSession = ((WebSession)session.getAttribute("websession"));
int myUserId = webSession.getUserIdInLesson();
%>
<div class="lesson_title_box"><strong>Welcome Back </strong><span class="lesson_text_db"><%=webSession.getUserNameInLesson()%></span> - Staff Listing Page</div>
<br>
<br>
<br>
<p>Select from the list below </p>
<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
<table width="60%" border="0" cellpadding="3">
<tr>
<td> <label>
<select name="<%=CrossSiteScripting.EMPLOYEE_ID%>" size="11">
<%
List employees = (List) session.getAttribute("CrossSiteScripting." + CrossSiteScripting.STAFF_ATTRIBUTE_KEY);
Iterator i = employees.iterator();
while (i.hasNext())
{
EmployeeStub stub = (EmployeeStub) i.next();%>
<option value="<%=Integer.toString(stub.getId())%>"><%=stub.getFirstName() + " " + stub.getLastName()+ " (" + stub.getRole() + ")"%></option><%
}%>
</select>
</label></td>
<td>
<input type="submit" name="action" value="<%=CrossSiteScripting.SEARCHSTAFF_ACTION%>"/><br>
<input type="submit" name="action" value="<%=CrossSiteScripting.VIEWPROFILE_ACTION%>"/><br>
<%
if (webSession.isAuthorizedInLesson(myUserId, CrossSiteScripting.CREATEPROFILE_ACTION))
{
%>
<input type="submit" name="action" value="<%=CrossSiteScripting.CREATEPROFILE_ACTION%>"/><br>
<%
}
%>
<%
if (webSession.isAuthorizedInLesson(myUserId, CrossSiteScripting.DELETEPROFILE_ACTION))
{
%>
<input type="submit" name="action" value="<%=CrossSiteScripting.DELETEPROFILE_ACTION%>"/><br>
<%
}
%>
<br>
<input type="submit" name="action" value="<%=CrossSiteScripting.LOGOUT_ACTION%>"/>
</td>
</tr>
</table>
</form>

32
main/project/WebContent/lessons/CrossSiteScripting/Login.jsp Normal file
View File

@ -0,0 +1,32 @@
<%@ page contentType="text/html; charset=ISO-8859-1" language="java"
import="java.util.*, org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.CrossSiteScripting.CrossSiteScripting"
errorPage="" %>
<div id="lesson_login">
<div id="lesson_login_txt">
<%
WebSession webSession = ((WebSession)session.getAttribute("websession"));
%>
<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
<label>
<select name="<%=CrossSiteScripting.EMPLOYEE_ID%>">
<%
//System.out.println("Retrieving employees list");
List employees = (List) session.getAttribute("CrossSiteScripting." + CrossSiteScripting.STAFF_ATTRIBUTE_KEY);
Iterator i = employees.iterator();
while (i.hasNext())
{
EmployeeStub stub = (EmployeeStub) i.next();
%>
<option value="<%=Integer.toString(stub.getId())%>"><%=stub.getFirstName() + " " + stub.getLastName() + " (" + stub.getRole() + ")"%></option>
<%}%>
</select>
</label>
<br>
<label>Password
<input name="password" type="password" size="10" maxlength="8" />
</label>
<br>
<input type="submit" name="action" value="<%=CrossSiteScripting.LOGIN_ACTION%>"/>
</form>
</div>
</div>

22
main/project/WebContent/lessons/CrossSiteScripting/SearchStaff.jsp Normal file
View File

@ -0,0 +1,22 @@
<%@ page contentType="text/html; charset=ISO-8859-1" language="java"
import="org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.CrossSiteScripting.CrossSiteScripting"
errorPage="" %>
<div id="lesson_search">
<%
WebSession webSession = ((WebSession)session.getAttribute("websession"));
String searchedName = request.getParameter(CrossSiteScripting.SEARCHNAME);
if (searchedName != null)
{
%>
Employee <%=searchedName%> not found.
<%
}
%>
<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
<label>Name
<input class="lesson_text_db" type="text" name="<%=CrossSiteScripting.SEARCHNAME%>"/>
</label>
<br>
<input type="submit" name="action" value="<%=CrossSiteScripting.FINDPROFILE_ACTION%>"/>
</form>
</div>

160
main/project/WebContent/lessons/CrossSiteScripting/ViewProfile.jsp Normal file
View File

@ -0,0 +1,160 @@
<!--
STAGE 4 FIXES Look for the <-- STAGE 4 - FIX
-->
<%@ page contentType="text/html; charset=ISO-8859-1" language="java"
import="org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.CrossSiteScripting.CrossSiteScripting" errorPage="" %>
<%
WebSession webSession = ((WebSession)session.getAttribute("websession"));
Employee employee = (Employee) session.getAttribute("CrossSiteScripting." + CrossSiteScripting.EMPLOYEE_ATTRIBUTE_KEY);
CrossSiteScripting lesson = (CrossSiteScripting) webSession.getCurrentLesson();
// int myUserId = getIntSessionAttribute(webSession, "CrossSiteScripting." + CrossSiteScripting.USER_ID);
%>
<div class="lesson_title_box"><strong>Welcome Back </strong><span class="lesson_text_db"><%=webSession.getUserNameInLesson()%></span></div>
<div class="lesson_text">
<Table>
<TR><TD>
First Name:
</TD>
<TD>
<%=employee.getFirstName()%>
</TD>
<TD>
Last Name:
</TD>
<TD>
<%=employee.getLastName()%>
</TD>
</TR>
<TR><TD>
Street:
</TD>
<TD>
<!-- STAGE 4 - FIX Note that the description value below gets encoded and address1 here is not -->
<%=employee.getAddress1()%>
</TD>
<TD>
City/State:
<TD>
<%=employee.getAddress2()%>
</TD>
</TR>
<TR><TD>
Phone:
</TD>
<TD>
<%=employee.getPhoneNumber()%>
</TD>
<TD>
Start Date:
</TD>
<TD>
<%=employee.getStartDate()%>
</TD>
</TR>
<TR><TD>
SSN:
</TD>
<TD>
<%=employee.getSsn()%>
</TD>
<TD>
Salary:
</TD>
<TD>
<%=employee.getSalary()%>
</TD>
</TR>
<TR><TD>
Credit Card:
</TD>
<TD>
<%=employee.getCcn()%>
</TD>
<TD>
Credit Card Limit:
</TD>
<TD>
<%=employee.getCcnLimit()%>
</TD>
</TR>
<TR><TD>
Comments:
</TD>
<TD>
<!-- Encode data that might contain HTML content to protect against XSS -->
<%=lesson.htmlEncode(webSession, employee.getPersonalDescription())%>
</TD>
<TD>
Manager:
</TD>
<TD>
<%=employee.getManager()%>
</TD>
</TR>
<TR><TD>
Disciplinary Explanation:
</TD>
<TD>
<%=employee.getDisciplinaryActionNotes()%>
</TD>
<TD>
Disciplinary Action Dates:
</TD>
<TD>
<%=employee.getDisciplinaryActionDate()%>
</TD>
</TR>
</Table>
</div>
<div class="lesson_buttons_bottom">
<table width="460" height="20" border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="50">
<%
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), CrossSiteScripting.LISTSTAFF_ACTION))
{
%>
<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
<input type="hidden" name="<%=CrossSiteScripting.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
<input type="submit" name="action" value="<%=CrossSiteScripting.LISTSTAFF_ACTION%>"/>
</form></td>
<%
}
%>
<td width="50">
<%
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), CrossSiteScripting.EDITPROFILE_ACTION))
{
%>
<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
<input type="hidden" name="<%=CrossSiteScripting.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
<input type="submit" name="action" value="<%=CrossSiteScripting.EDITPROFILE_ACTION%>"/>
</form>
<%
}
%>
</td>
<td width="60">
<%
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), CrossSiteScripting.DELETEPROFILE_ACTION))
{
%>
<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
<input type="hidden" name="<%=CrossSiteScripting.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
<input type="submit" name="action" value="<%=CrossSiteScripting.DELETEPROFILE_ACTION%>"/>
</form>
<%
}
%>
</td>
<td width="190">&nbsp;</td>
<td width="76">
<form method="POST">
<input type="submit" name="action" value="<%=CrossSiteScripting.LOGOUT_ACTION%>"/>
</form>
</td>
</tr>
</table>
</div>

3
main/project/WebContent/lessons/CrossSiteScripting/error.jsp Normal file
View File

@ -0,0 +1,3 @@
<%@ page contentType="text/html; charset=ISO-8859-1" language="java"
errorPage="" %>
<br><br><br>An error has occurred.

BIN
main/project/WebContent/lessons/CrossSiteScripting/images/lesson1_SearchWindow.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 34 KiB

BIN
main/project/WebContent/lessons/CrossSiteScripting/images/lesson1_header.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 44 KiB

BIN
main/project/WebContent/lessons/CrossSiteScripting/images/lesson1_loginWindow.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 9.7 KiB

BIN
main/project/WebContent/lessons/CrossSiteScripting/images/lesson1_menu.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 5.5 KiB

BIN
main/project/WebContent/lessons/CrossSiteScripting/images/lesson1_workspace.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 23 KiB

14
main/project/WebContent/lessons/DBCrossSiteScripting/DBCrossSiteScripting.css Executable file
View File

@ -0,0 +1,14 @@
#lesson_wrapper {height: 435px;width: 500px;}
#lesson_header {background-image: url(lessons/CrossSiteScripting/images/lesson1_header.jpg);width: 490px;padding-right: 10px;padding-top: 60px;background-repeat: no-repeat;}
.lesson_workspace {background-image: url(lessons/CrossSiteScripting/images/lesson1_workspace.jpg);width: 489px;height: 325px;padding-left: 10px;padding-top: 10px;background-repeat: no-repeat;}
.lesson_text {height: 240px;width: 460px;padding-top: 5px;}
#lesson_buttons_bottom {height: 20px;width: 460px;}
#lesson_b_b_left {width: 300px;float: left;}
#lesson_b_b_right input {width: 100px;float: right;}
.lesson_title_box {height: 20px;width: 420px;padding-left: 30px;}
.lesson_workspace { }
.lesson_txt_10 {font-family: Arial, Helvetica, sans-serif;font-size: 10px;}
.lesson_text_db {color: #0066FF}
#lesson_login {background-image: url(lessons/CrossSiteScripting/images/lesson1_loginWindow.jpg);height: 124px;width: 311px;background-repeat: no-repeat;padding-top: 30px;margin-left: 80px;margin-top: 50px;text-align: center;}
#lesson_login_txt {font-family: Arial, Helvetica, sans-serif;font-size: 12px;text-align: center;}
#lesson_search {background-image: url(lessons/DBCrossSiteScripting/images/lesson1_SearchWindow.jpg);height: 124px;width: 311px;background-repeat: no-repeat;padding-top: 30px;margin-left: 80px;margin-top: 50px;text-align: center;}

26
main/project/WebContent/lessons/DBCrossSiteScripting/DBCrossSiteScripting.jsp Executable file
View File

@ -0,0 +1,26 @@
<%@ page contentType="text/html; charset=ISO-8859-1" language="java"
import="org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.DBCrossSiteScripting.DBCrossSiteScripting"
errorPage="" %>
<style>
<jsp:include page="DBCrossSiteScripting.css" />
</style>
<%
WebSession webSession = ((WebSession)session.getAttribute("websession"));
DBCrossSiteScripting currentLesson = (DBCrossSiteScripting) webSession.getCurrentLesson();
%>
<div id="lesson_wrapper">
<div id="lesson_header"></div>
<div class="lesson_workspace">
<%
String subViewPage = currentLesson.getPage(webSession);
if (subViewPage != null)
{
//System.out.println("Including sub view page: " + subViewPage);
%>
<jsp:include page="<%=subViewPage%>" />
<%
}
%>
</div>
</div>

134
main/project/WebContent/lessons/DBCrossSiteScripting/EditProfile.jsp Executable file
View File

@ -0,0 +1,134 @@
<%@ page contentType="text/html; charset=ISO-8859-1" language="java"
import="java.util.*, org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.DBCrossSiteScripting.DBCrossSiteScripting"
errorPage="" %>
<%
WebSession webSession = ((WebSession)session.getAttribute("websession"));
Employee employee = (Employee) session.getAttribute("DBCrossSiteScripting.Employee");
%>
<div class="lesson_title_box"><strong>Welcome Back </strong><span class="lesson_text_db"><%=webSession.getUserNameInLesson()%></span></div>
<div class="lesson_text">
<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
<Table>
<TR><TD>
First Name:
</TD>
<TD>
<input class="lesson_text_db" name="<%=DBCrossSiteScripting.FIRST_NAME%>" type="text" value="<%=employee.getFirstName()%>"/>
</TD>
<TD>
Last Name:
</TD>
<TD>
<input class="lesson_text_db" name="<%=DBCrossSiteScripting.LAST_NAME%>" type="text" value="<%=employee.getLastName()%>"/>
</TD>
</TR>
<TR><TD>
Street:
</TD>
<TD>
<input class="lesson_text_db" name="<%=DBCrossSiteScripting.ADDRESS1%>" type="text" value="<%=employee.getAddress1()%>"/>
</TD>
<TD>
City/State:
<TD>
<input class="lesson_text_db" name="<%=DBCrossSiteScripting.ADDRESS2%>" type="text" value="<%=employee.getAddress2()%>"/>
</TD>
</TR>
<TR><TD>
Phone:
</TD>
<TD>
<input class="lesson_text_db" name="<%=DBCrossSiteScripting.PHONE_NUMBER%>" type="text" value="<%=employee.getPhoneNumber()%>"/>
</TD>
<TD>
Start Date:
</TD>
<TD>
<input class="lesson_text_db" name="<%=DBCrossSiteScripting.START_DATE%>" type="text" value="<%=employee.getStartDate()%>"/>
</TD>
</TR>
<TR><TD>
SSN:
</TD>
<TD>
<input class="lesson_text_db" name="<%=DBCrossSiteScripting.SSN%>" type="text" value="<%=employee.getSsn()%>"/>
</TD>
<TD>
Salary:
</TD>
<TD>
<input class="lesson_text_db" name="<%=DBCrossSiteScripting.SALARY%>" type="text" value="<%=employee.getSalary()%>"/>
</TD>
</TR>
<TR><TD>
Credit Card:
</TD>
<TD>
<input class="lesson_text_db" name="<%=DBCrossSiteScripting.CCN%>" type="text" value="<%=employee.getCcn()%>"/>
</TD>
<TD>
Credit Card Limit:
</TD>
<TD>
<input class="lesson_text_db" name="<%=DBCrossSiteScripting.CCN_LIMIT%>" type="text" value="<%=employee.getCcnLimit()%>"/>
</TD>
</TR>
<TR><TD>
Comments:
</TD>
<TD>
<input class="lesson_text_db" name="<%=DBCrossSiteScripting.DESCRIPTION%>" type="text" value="<%=employee.getPersonalDescription()%>"/>
</TD>
<TD>
Manager:
</TD>
<TD>
<select class="lesson_text_db" name="<%=DBCrossSiteScripting.MANAGER%>">
<%
List employees = (List) session.getAttribute("DBCrossSiteScripting.Staff");
Iterator i = employees.iterator();
while (i.hasNext())
{
EmployeeStub stub = (EmployeeStub) i.next();
%>
<option value="<%=Integer.toString(stub.getId())%>"><%=stub.getFirstName() + " " + stub.getLastName()%></option>
<%}%>
</select>
</TD>
</TR>
<TR><TD>
Disciplinary Explanation:
</TD>
<TD>
<textarea name="<%=DBCrossSiteScripting.DISCIPLINARY_NOTES%>" cols="16" rows="3" class="lesson_text_db" ><%=employee.getDisciplinaryActionNotes()%></textarea>
</TD>
<TD>
Disciplinary Action Dates:
</TD>
<TD>
<input class="lesson_text_db" name="<%=DBCrossSiteScripting.DISCIPLINARY_DATE%>" type="text" value="<%=employee.getDisciplinaryActionDate()%>"/>
</TD>
</TR>
</Table>
<BR>
<div class="lesson_buttons_bottom">
<table width="460" height="20" border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="57">
<input type="submit" name="action" value="<%=DBCrossSiteScripting.VIEWPROFILE_ACTION%>"/>
</td>
<td width="81">
<input name="<%=DBCrossSiteScripting.EMPLOYEE_ID%>" type="hidden" value="<%=employee.getId()%>">
<input name="<%=DBCrossSiteScripting.TITLE%>" type="hidden" value="<%=employee.getTitle()%>">
<input type="submit" name="action" value="<%=DBCrossSiteScripting.UPDATEPROFILE_ACTION%>"/>
</td>
<td width="211"></td>
<td width="83">
<input type="submit" name="action" value="<%=DBCrossSiteScripting.LOGOUT_ACTION%>"/>
</td>
</tr>
</table>
</div>
</form>
</div>

54
main/project/WebContent/lessons/DBCrossSiteScripting/ListStaff.jsp Executable file
View File

@ -0,0 +1,54 @@
<%@ page contentType="text/html; charset=ISO-8859-1" language="java"
import="java.util.*, org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.DBCrossSiteScripting.DBCrossSiteScripting"
errorPage="" %>
<%
WebSession webSession = ((WebSession)session.getAttribute("websession"));
int myUserId = webSession.getUserIdInLesson();
%>
<div class="lesson_title_box"><strong>Welcome Back </strong><span class="lesson_text_db"><%=webSession.getUserNameInLesson()%></span> - Staff Listing Page</div>
<br>
<br>
<br>
<p>Select from the list below </p>
<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
<table width="60%" border="0" cellpadding="3">
<tr>
<td> <label>
<select name="<%=DBCrossSiteScripting.EMPLOYEE_ID%>" size="11">
<%
List employees = (List) session.getAttribute("DBCrossSiteScripting." + DBCrossSiteScripting.STAFF_ATTRIBUTE_KEY);
Iterator i = employees.iterator();
while (i.hasNext())
{
EmployeeStub stub = (EmployeeStub) i.next();%>
<option value="<%=Integer.toString(stub.getId())%>"><%=stub.getFirstName() + " " + stub.getLastName()+ " (" + stub.getRole() + ")"%></option><%
}%>
</select>
</label></td>
<td>
<input type="submit" name="action" value="<%=DBCrossSiteScripting.SEARCHSTAFF_ACTION%>"/><br>
<input type="submit" name="action" value="<%=DBCrossSiteScripting.VIEWPROFILE_ACTION%>"/><br>
<%
if (webSession.isAuthorizedInLesson(myUserId, DBCrossSiteScripting.CREATEPROFILE_ACTION))
{
%>
<input type="submit" name="action" value="<%=DBCrossSiteScripting.CREATEPROFILE_ACTION%>"/><br>
<%
}
%>
<%
if (webSession.isAuthorizedInLesson(myUserId, DBCrossSiteScripting.DELETEPROFILE_ACTION))
{
%>
<input type="submit" name="action" value="<%=DBCrossSiteScripting.DELETEPROFILE_ACTION%>"/><br>
<%
}
%>
<br>
<input type="submit" name="action" value="<%=DBCrossSiteScripting.LOGOUT_ACTION%>"/>
</td>
</tr>
</table>
</form>

32
main/project/WebContent/lessons/DBCrossSiteScripting/Login.jsp Executable file
View File

@ -0,0 +1,32 @@
<%@ page contentType="text/html; charset=ISO-8859-1" language="java"
import="java.util.*, org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.DBCrossSiteScripting.DBCrossSiteScripting"
errorPage="" %>
<div id="lesson_login">
<div id="lesson_login_txt">
<%
WebSession webSession = ((WebSession)session.getAttribute("websession"));
%>
<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
<label>
<select name="<%=DBCrossSiteScripting.EMPLOYEE_ID%>">
<%
//System.out.println("Retrieving employees list");
List employees = (List) session.getAttribute("DBCrossSiteScripting." + DBCrossSiteScripting.STAFF_ATTRIBUTE_KEY);
Iterator i = employees.iterator();
while (i.hasNext())
{
EmployeeStub stub = (EmployeeStub) i.next();
%>
<option value="<%=Integer.toString(stub.getId())%>"><%=stub.getFirstName() + " " + stub.getLastName() + " (" + stub.getRole() + ")"%></option>
<%}%>
</select>
</label>
<br>
<label>Password
<input name="password" type="password" size="10" maxlength="8" />
</label>
<br>
<input type="submit" name="action" value="<%=DBCrossSiteScripting.LOGIN_ACTION%>"/>
</form>
</div>
</div>

22
main/project/WebContent/lessons/DBCrossSiteScripting/SearchStaff.jsp Executable file
View File

@ -0,0 +1,22 @@
<%@ page contentType="text/html; charset=ISO-8859-1" language="java"
import="org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.DBCrossSiteScripting.DBCrossSiteScripting"
errorPage="" %>
<div id="lesson_search">
<%
WebSession webSession = ((WebSession)session.getAttribute("websession"));
String searchedName = request.getParameter(DBCrossSiteScripting.SEARCHNAME);
if (searchedName != null)
{
%>
Employee <%=searchedName%> not found.
<%
}
%>
<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
<label>Name
<input class="lesson_text_db" type="text" name="<%=DBCrossSiteScripting.SEARCHNAME%>"/>
</label>
<br>
<input type="submit" name="action" value="<%=DBCrossSiteScripting.FINDPROFILE_ACTION%>"/>
</form>
</div>

151
main/project/WebContent/lessons/DBCrossSiteScripting/ViewProfile.jsp Executable file
View File

@ -0,0 +1,151 @@
<%@ page contentType="text/html; charset=ISO-8859-1" language="java"
import="org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.DBCrossSiteScripting.DBCrossSiteScripting" errorPage="" %>
<%
WebSession webSession = ((WebSession)session.getAttribute("websession"));
Employee employee = (Employee) session.getAttribute("DBCrossSiteScripting." + DBCrossSiteScripting.EMPLOYEE_ATTRIBUTE_KEY);
%>
<div class="lesson_title_box"><strong>Welcome Back </strong><span class="lesson_text_db"><%=webSession.getUserNameInLesson()%></span></div>
<div class="lesson_text">
<Table>
<TR><TD>
First Name:
</TD>
<TD>
<%=employee.getFirstName()%>
</TD>
<TD>
Last Name:
</TD>
<TD>
<%=employee.getLastName()%>
</TD>
</TR>
<TR><TD>
Street:
</TD>
<TD>
<%=employee.getAddress1()%>
</TD>
<TD>
City/State:
<TD>
<%=employee.getAddress2()%>
</TD>
</TR>
<TR><TD>
Phone:
</TD>
<TD>
<%=employee.getPhoneNumber()%>
</TD>
<TD>
Start Date:
</TD>
<TD>
<%=employee.getStartDate()%>
</TD>
</TR>
<TR><TD>
SSN:
</TD>
<TD>
<%=employee.getSsn()%>
</TD>
<TD>
Salary:
</TD>
<TD>
<%=employee.getSalary()%>
</TD>
</TR>
<TR><TD>
Credit Card:
</TD>
<TD>
<%=employee.getCcn()%>
</TD>
<TD>
Credit Card Limit:
</TD>
<TD>
<%=employee.getCcnLimit()%>
</TD>
</TR>
<TR><TD>
Comments:
</TD>
<TD>
<%=employee.getPersonalDescription()%>
</TD>
<TD>
Manager:
</TD>
<TD>
<%=employee.getManager()%>
</TD>
</TR>
<TR><TD>
Disciplinary Explanation:
</TD>
<TD>
<%=employee.getDisciplinaryActionNotes()%>
</TD>
<TD>
Disciplinary Action Dates:
</TD>
<TD>
<%=employee.getDisciplinaryActionDate()%>
</TD>
</TR>
</Table>
</div>
<div class="lesson_buttons_bottom">
<table width="460" height="20" border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="50">
<%
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), DBCrossSiteScripting.LISTSTAFF_ACTION))
{
%>
<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
<input type="hidden" name="<%=DBCrossSiteScripting.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
<input type="submit" name="action" value="<%=DBCrossSiteScripting.LISTSTAFF_ACTION%>"/>
</form></td>
<%
}
%>
<td width="50">
<%
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), DBCrossSiteScripting.EDITPROFILE_ACTION))
{
%>
<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
<input type="hidden" name="<%=DBCrossSiteScripting.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
<input type="submit" name="action" value="<%=DBCrossSiteScripting.EDITPROFILE_ACTION%>"/>
</form>
<%
}
%>
</td>
<td width="60">
<%
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), DBCrossSiteScripting.DELETEPROFILE_ACTION))
{
%>
<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
<input type="hidden" name="<%=DBCrossSiteScripting.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
<input type="submit" name="action" value="<%=DBCrossSiteScripting.DELETEPROFILE_ACTION%>"/>
</form>
<%
}
%>
</td>
<td width="190">&nbsp;</td>
<td width="76">
<form method="POST">
<input type="submit" name="action" value="<%=DBCrossSiteScripting.LOGOUT_ACTION%>"/>
</form>
</td>
</tr>
</table>
</div>

3
main/project/WebContent/lessons/DBCrossSiteScripting/error.jsp Executable file
View File

@ -0,0 +1,3 @@
<%@ page contentType="text/html; charset=ISO-8859-1" language="java"
errorPage="" %>
<br><br><br>An error has occurred.

BIN
main/project/WebContent/lessons/DBCrossSiteScripting/images/lesson1_SearchWindow.jpg Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 34 KiB

BIN
main/project/WebContent/lessons/DBCrossSiteScripting/images/lesson1_header.jpg Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 44 KiB

BIN
main/project/WebContent/lessons/DBCrossSiteScripting/images/lesson1_loginWindow.jpg Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 9.7 KiB

BIN
main/project/WebContent/lessons/DBCrossSiteScripting/images/lesson1_menu.jpg Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 5.5 KiB

BIN
main/project/WebContent/lessons/DBCrossSiteScripting/images/lesson1_workspace.jpg Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 23 KiB

14
main/project/WebContent/lessons/DBSQLInjection/DBSQLInjection.css Executable file
View File

@ -0,0 +1,14 @@
#lesson_wrapper {height: 435px;width: 500px;}
#lesson_header {background-image: url(lessons/DBSQLInjection/images/lesson1_header.jpg);width: 490px;padding-right: 10px;padding-top: 60px;background-repeat: no-repeat;}
.lesson_workspace {background-image: url(lessons/DBSQLInjection/images/lesson1_workspace.jpg);width: 489px;height: 325px;padding-left: 10px;padding-top: 10px;background-repeat: no-repeat;}
.lesson_text {height: 240px;width: 460px;padding-top: 5px;}
#lesson_buttons_bottom {height: 20px;width: 460px;}
#lesson_b_b_left {width: 300px;float: left;}
#lesson_b_b_right input {width: 100px;float: right;}
.lesson_title_box {height: 20px;width: 420px;padding-left: 30px;}
.lesson_workspace { }
.lesson_txt_10 {font-family: Arial, Helvetica, sans-serif;font-size: 10px;}
.lesson_text_db {color: #0066FF}
#lesson_login {background-image: url(lessons/DBSQLInjection/images/lesson1_loginWindow.jpg);height: 124px;width: 311px;background-repeat: no-repeat;padding-top: 30px;margin-left: 80px;margin-top: 50px;text-align: center;}
#lesson_login_txt {font-family: Arial, Helvetica, sans-serif;font-size: 12px;text-align: center;}
#lesson_search {background-image: url(lessons/DBSQLInjection/images/lesson1_SearchWindow.jpg);height: 124px;width: 311px;background-repeat: no-repeat;padding-top: 30px;margin-left: 80px;margin-top: 50px;text-align: center;}

26
main/project/WebContent/lessons/DBSQLInjection/DBSQLInjection.jsp Executable file
View File

@ -0,0 +1,26 @@
<%@ page contentType="text/html; charset=ISO-8859-1" language="java"
import="org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.DBSQLInjection.DBSQLInjection"
errorPage="" %>
<style>
<jsp:include page="DBSQLInjection.css" />
</style>
<%
WebSession webSession = ((WebSession)session.getAttribute("websession"));
DBSQLInjection currentLesson = (DBSQLInjection) webSession.getCurrentLesson();
%>
<div id="lesson_wrapper">
<div id="lesson_header"></div>
<div class="lesson_workspace">
<%
String subViewPage = currentLesson.getPage(webSession);
if (subViewPage != null)
{
//System.out.println("Including sub view page: " + subViewPage);
%>
<jsp:include page="<%=subViewPage%>" />
<%
}
%>
</div>
</div>

133
main/project/WebContent/lessons/DBSQLInjection/EditProfile.jsp Executable file
View File

@ -0,0 +1,133 @@
<%@ page contentType="text/html; charset=ISO-8859-1" language="java"
import="java.util.*, org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.DBSQLInjection.DBSQLInjection"
errorPage="" %>
<%
WebSession webSession = ((WebSession)session.getAttribute("websession"));
Employee employee = (Employee) session.getAttribute("DBDBSQLInjection.Employee");
%>
<div class="lesson_title_box"><strong>Welcome Back </strong><span class="lesson_text_db"><%=webSession.getUserNameInLesson()%></span></div>
<div class="lesson_text">
<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
<Table>
<TR><TD>
First Name:
</TD>
<TD>
<input class="lesson_text_db" name="<%=DBSQLInjection.FIRST_NAME%>" type="text" value="<%=employee.getFirstName()%>"/>
</TD>
<TD>
Last Name:
</TD>
<TD>
<input class="lesson_text_db" name="<%=DBSQLInjection.LAST_NAME%>" type="text" value="<%=employee.getLastName()%>"/>
</TD>
</TR>
<TR><TD>
Street:
</TD>
<TD>
<input class="lesson_text_db" name="<%=DBSQLInjection.ADDRESS1%>" type="text" value="<%=employee.getAddress1()%>"/>
</TD>
<TD>
City/State:
<TD>
<input class="lesson_text_db" name="<%=DBSQLInjection.ADDRESS2%>" type="text" value="<%=employee.getAddress2()%>"/>
</TD>
</TR>
<TR><TD>
Phone:
</TD>
<TD>
<input class="lesson_text_db" name="<%=DBSQLInjection.PHONE_NUMBER%>" type="text" value="<%=employee.getPhoneNumber()%>"/>
</TD>
<TD>
Start Date:
</TD>
<TD>
<input class="lesson_text_db" name="<%=DBSQLInjection.START_DATE%>" type="text" value="<%=employee.getStartDate()%>"/>
</TD>
</TR>
<TR><TD>
SSN:
</TD>
<TD>
<input class="lesson_text_db" name="<%=DBSQLInjection.SSN%>" type="text" value="<%=employee.getSsn()%>"/>
</TD>
<TD>
Salary:
</TD>
<TD>
<input class="lesson_text_db" name="<%=DBSQLInjection.SALARY%>" type="text" value="<%=employee.getSalary()%>"/>
</TD>
</TR>
<TR><TD>
Credit Card:
</TD>
<TD>
<input class="lesson_text_db" name="<%=DBSQLInjection.CCN%>" type="text" value="<%=employee.getCcn()%>"/>
</TD>
<TD>
Credit Card Limit:
</TD>
<TD>
<input class="lesson_text_db" name="<%=DBSQLInjection.CCN_LIMIT%>" type="text" value="<%=employee.getCcnLimit()%>"/>
</TD>
</TR>
<TR><TD>
Comments:
</TD>
<TD>
<input class="lesson_text_db" name="<%=DBSQLInjection.DESCRIPTION%>" type="text" value="<%=employee.getPersonalDescription()%>"/>
</TD>
<TD>
Manager:
</TD>
<TD>
<select class="lesson_text_db" name="<%=DBSQLInjection.MANAGER%>">
<%
List employees = (List) session.getAttribute("DBSQLInjection.Staff");
Iterator i = employees.iterator();
while (i.hasNext())
{
EmployeeStub stub = (EmployeeStub) i.next();
%>
<option value="<%=Integer.toString(stub.getId())%>"><%=stub.getFirstName() + " " + stub.getLastName()%></option>
<%}%>
</select>
</TD>
</TR>
<TR><TD>
Disciplinary Explanation:
</TD>
<TD>
<textarea name="<%=DBSQLInjection.DISCIPLINARY_NOTES%>" cols="16" rows="3" class="lesson_text_db" ><%=employee.getDisciplinaryActionNotes()%></textarea>
</TD>
<TD>
Disciplinary Action Dates:
</TD>
<TD>
<input class="lesson_text_db" name="<%=DBSQLInjection.DISCIPLINARY_DATE%>" type="text" value="<%=employee.getDisciplinaryActionDate()%>"/>
</TD>
</TR>
</Table>
<BR>
<div class="lesson_buttons_bottom">
<table width="460" height="20" border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="57">
<input type="submit" name="action" value="<%=DBSQLInjection.VIEWPROFILE_ACTION%>"/>
</td>
<td width="81">
<input name="<%=DBSQLInjection.EMPLOYEE_ID%>" type="hidden" value="<%=employee.getId()%>">
<input name="<%=DBSQLInjection.TITLE%>" type="hidden" value="<%=employee.getTitle()%>">
<input type="submit" name="action" value="<%=DBSQLInjection.UPDATEPROFILE_ACTION%>"/>
</td>
<td width="211"></td>
<td width="83">
<input type="submit" name="action" value="<%=DBSQLInjection.LOGOUT_ACTION%>"/>
</td>
</tr>
</table>
</div></form>
</div>

55
main/project/WebContent/lessons/DBSQLInjection/ListStaff.jsp Executable file
View File

@ -0,0 +1,55 @@
<%@ page contentType="text/html; charset=ISO-8859-1" language="java"
import="java.util.*, org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.DBSQLInjection.DBSQLInjection"
errorPage="" %>
<%
WebSession webSession = ((WebSession)session.getAttribute("websession"));
int myUserId = webSession.getUserIdInLesson();
%>
<div class="lesson_title_box"><strong>Welcome Back </strong><span class="lesson_text_db"><%=webSession.getUserNameInLesson()%></span> - Staff Listing Page</div>
<br>
<br>
<br>
<p>Select from the list below </p>
<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
<table width="60%" border="0" cellpadding="3">
<tr>
<td> <label>
<select name="<%=DBSQLInjection.EMPLOYEE_ID%>" size="11">
<%
List employees = (List) session.getAttribute("DBSQLInjection." + DBSQLInjection.STAFF_ATTRIBUTE_KEY);
Iterator i = employees.iterator();
while (i.hasNext())
{
EmployeeStub stub = (EmployeeStub) i.next();%>
<option value="<%=Integer.toString(stub.getId())%>"><%=stub.getFirstName() + " " + stub.getLastName()+ " (" + stub.getRole() + ")"%></option><%
}%>
</select>
</label></td>
<td>
<input type="submit" name="action" value="<%=DBSQLInjection.SEARCHSTAFF_ACTION%>"/><br>
<input type="submit" name="action" value="<%=DBSQLInjection.VIEWPROFILE_ACTION%>"/><br>
<%
if (webSession.isAuthorizedInLesson(myUserId, DBSQLInjection.CREATEPROFILE_ACTION))
{
%>
<input type="submit" name="action" value="<%=DBSQLInjection.CREATEPROFILE_ACTION%>"/><br>
<%
}
%>
<%
if (webSession.isAuthorizedInLesson(myUserId, DBSQLInjection.DELETEPROFILE_ACTION))
{
%>
<input type="submit" name="action" value="<%=DBSQLInjection.DELETEPROFILE_ACTION%>"/><br>
<%
}
%>
<br>
<input type="submit" name="action" value="<%=DBSQLInjection.LOGOUT_ACTION%>"/>
</td>
</tr>
</table>
</form>

32
main/project/WebContent/lessons/DBSQLInjection/Login.jsp Executable file
View File

@ -0,0 +1,32 @@
<%@ page contentType="text/html; charset=ISO-8859-1" language="java"
import="java.util.*, org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.DBSQLInjection.DBSQLInjection"
errorPage="" %>
<div id="lesson_login">
<div id="lesson_login_txt">
<%
WebSession webSession = ((WebSession)session.getAttribute("websession"));
%>
<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
<label>
<select name="<%=DBSQLInjection.EMPLOYEE_ID%>">
<%
//System.out.println("Retrieving employees list");
List employees = (List) session.getAttribute("DBSQLInjection." + DBSQLInjection.STAFF_ATTRIBUTE_KEY);
Iterator i = employees.iterator();
while (i.hasNext())
{
EmployeeStub stub = (EmployeeStub) i.next();
%>
<option value="<%=Integer.toString(stub.getId())%>"><%=stub.getFirstName() + " " + stub.getLastName() + " (" + stub.getRole() + ")"%></option>
<%}%>
</select>
</label>
<br>
<label>Password
<input name="password" type="password" size="10" maxlength="8" />
</label>
<br>
<input type="submit" name="action" value="<%=DBSQLInjection.LOGIN_ACTION%>"/>
</form>
</div>
</div>

22
main/project/WebContent/lessons/DBSQLInjection/SearchStaff.jsp Executable file
View File

@ -0,0 +1,22 @@
<%@ page contentType="text/html; charset=ISO-8859-1" language="java"
import="org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.DBSQLInjection.DBSQLInjection"
errorPage="" %>
<div id="lesson_search">
<%
WebSession webSession = ((WebSession)session.getAttribute("websession"));
String searchedName = request.getParameter(DBSQLInjection.SEARCHNAME);
if (searchedName != null)
{
%>
Employee <%=searchedName%> not found.
<%
}
%>
<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
<label>Name
<input class="lesson_text_db" type="text" name="<%=DBSQLInjection.SEARCHNAME%>"/>
</label>
<br>
<input type="submit" name="action" value="<%=DBSQLInjection.FINDPROFILE_ACTION%>"/>
</form>
</div>

154
main/project/WebContent/lessons/DBSQLInjection/ViewProfile.jsp Executable file
View File

@ -0,0 +1,154 @@
<%@ page contentType="text/html; charset=ISO-8859-1" language="java"
import="org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.DBSQLInjection.DBSQLInjection"
errorPage="" %>
<%
WebSession webSession = ((WebSession)session.getAttribute("websession"));
Employee employee = (Employee) session.getAttribute("DBSQLInjection." + DBSQLInjection.EMPLOYEE_ATTRIBUTE_KEY);
// int myUserId = getIntSessionAttribute(webSession, "DBSQLInjection." + DBSQLInjection.USER_ID);
%>
<div class="lesson_title_box"><strong>Welcome Back </strong><span class="lesson_text_db"><%=webSession.getUserNameInLesson()%></span></div>
<div class="lesson_text">
<Table>
<TR><TD>
First Name:
</TD>
<TD>
<%=employee.getFirstName()%>
</TD>
<TD>
Last Name:
</TD>
<TD>
<%=employee.getLastName()%>
</TD>
</TR>
<TR><TD>
Street:
</TD>
<TD>
<%=employee.getAddress1()%>
</TD>
<TD>
City/State:
<TD>
<%=employee.getAddress2()%>
</TD>
</TR>
<TR><TD>
Phone:
</TD>
<TD>
<%=employee.getPhoneNumber()%>
</TD>
<TD>
Start Date:
</TD>
<TD>
<%=employee.getStartDate()%>
</TD>
</TR>
<TR><TD>
SSN:
</TD>
<TD>
<%=employee.getSsn()%>
</TD>
<TD>
Salary:
</TD>
<TD>
<%=employee.getSalary()%>
</TD>
</TR>
<TR><TD>
Credit Card:
</TD>
<TD>
<%=employee.getCcn()%>
</TD>
<TD>
Credit Card Limit:
</TD>
<TD>
<%=employee.getCcnLimit()%>
</TD>
</TR>
<TR><TD>
Comments:
</TD>
<TD>
<%=employee.getPersonalDescription()%>
</TD>
<TD>
Manager:
</TD>
<TD>
<%=employee.getManager()%>
</TD>
</TR>
<TR><TD>
Disciplinary Explanation:
</TD>
<TD>
<%=employee.getDisciplinaryActionNotes()%>
</TD>
<TD>
Disciplinary Action Dates:
</TD>
<TD>
<%=employee.getDisciplinaryActionDate()%>
</TD>
</TR>
</Table>
</div>
<div class="lesson_buttons_bottom">
<table width="460" height="20" border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="50">
<%
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), DBSQLInjection.LISTSTAFF_ACTION))
{
%>
<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
<input type="hidden" name="<%=DBSQLInjection.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
<input type="submit" name="action" value="<%=DBSQLInjection.LISTSTAFF_ACTION%>"/>
</form>
<%
}
%>
</td>
<td width="50">
<%
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), DBSQLInjection.EDITPROFILE_ACTION))
{
%>
<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
<input type="hidden" name="<%=DBSQLInjection.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
<input type="submit" name="action" value="<%=DBSQLInjection.EDITPROFILE_ACTION%>"/>
</form>
<%
}
%>
</td>
<td width="60">
<%
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), DBSQLInjection.DELETEPROFILE_ACTION))
{
%>
<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
<input type="hidden" name="<%=DBSQLInjection.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
<input type="submit" name="action" value="<%=DBSQLInjection.DELETEPROFILE_ACTION%>"/>
</form>
<%
}
%>
</td>
<td width="190">&nbsp;</td>
<td width="76">
<form method="POST">
<input type="submit" name="action" value="<%=DBSQLInjection.LOGOUT_ACTION%>"/>
</form>
</td>
</tr>
</table>
</div>

3
main/project/WebContent/lessons/DBSQLInjection/error.jsp Executable file
View File

@ -0,0 +1,3 @@
<%@ page contentType="text/html; charset=ISO-8859-1" language="java"
errorPage="" %>
<br><br><br>An error has occurred.

BIN
main/project/WebContent/lessons/DBSQLInjection/images/lesson1_SearchWindow.jpg Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 34 KiB

BIN
main/project/WebContent/lessons/DBSQLInjection/images/lesson1_header.jpg Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 44 KiB

BIN
main/project/WebContent/lessons/DBSQLInjection/images/lesson1_loginWindow.jpg Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 9.7 KiB

BIN
main/project/WebContent/lessons/DBSQLInjection/images/lesson1_menu.jpg Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 5.5 KiB

BIN
main/project/WebContent/lessons/DBSQLInjection/images/lesson1_workspace.jpg Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 23 KiB

16
main/project/WebContent/lessons/General/redirect.jsp Normal file
View File

@ -0,0 +1,16 @@
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>HTTP Splitting</title>
</head>
<body>
<% response.sendRedirect("/WebGoat/attack?" +
"Screen=" + request.getParameter("Screen") +
"&menu=" + request.getParameter("menu") +
"&fromRedirect=yes&language=" + request.getParameter("language"));
%>
</body>
</html>

137
main/project/WebContent/lessons/GoatHillsFinancial/EditProfile.jsp Executable file
View File

@ -0,0 +1,137 @@
<%@ page contentType="text/html; charset=ISO-8859-1" language="java"
import="java.util.*, org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.GoatHillsFinancial.GoatHillsFinancial"
errorPage="" %>
<%
WebSession webSession = ((WebSession)session.getAttribute("websession"));
Employee employee = (Employee) session.getAttribute("GoatHillsFinancial.Employee");
%>
<div class="lesson_title_box"><strong>Welcome Back </strong><span class="lesson_text_db"><%=webSession.getUserNameInLesson()%></span> - Edit Profile Page</div>
<div class="lesson_text">
<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
<Table border="0" cellpadding="0" cellspacing="0">
<TR><TD width="110">
First Name:
</TD>
<TD width="193">
<input class="lesson_text_db" name="<%=GoatHillsFinancial.FIRST_NAME%>" type="text" value="<%=employee.getFirstName()%>"/>
</TD>
<TD width="110">
Last Name: </TD>
<TD width="196">
<input class="lesson_text_db" name="<%=GoatHillsFinancial.LAST_NAME%>" type="text" value="<%=employee.getLastName()%>"/>
</TD>
</TR>
<TR><TD>
Street:
</TD>
<TD>
<input class="lesson_text_db" name="<%=GoatHillsFinancial.ADDRESS1%>" type="text" value="<%=employee.getAddress1()%>"/>
</TD>
<TD>
City/State:
<TD>
<input class="lesson_text_db" name="<%=GoatHillsFinancial.ADDRESS2%>" type="text" value="<%=employee.getAddress2()%>"/>
</TD>
</TR>
<TR><TD>
Phone:
</TD>
<TD>
<input class="lesson_text_db" name="<%=GoatHillsFinancial.PHONE_NUMBER%>" type="text" value="<%=employee.getPhoneNumber()%>"/>
</TD>
<TD>
Start Date:
</TD>
<TD>
<input class="lesson_text_db" name="<%=GoatHillsFinancial.START_DATE%>" type="text" value="<%=employee.getStartDate()%>"/>
</TD>
</TR>
<TR><TD>
SSN:
</TD>
<TD>
<input class="lesson_text_db" name="<%=GoatHillsFinancial.SSN%>" type="text" value="<%=employee.getSsn()%>"/>
</TD>
<TD>
Salary:
</TD>
<TD>
<input class="lesson_text_db" name="<%=GoatHillsFinancial.SALARY%>" type="text" value="<%=employee.getSalary()%>"/>
</TD>
</TR>
<TR><TD>
Credit Card:
</TD>
<TD>
<input class="lesson_text_db" name="<%=GoatHillsFinancial.CCN%>" type="text" value="<%=employee.getCcn()%>"/>
</TD>
<TD>
Credit Card Limit:
</TD>
<TD>
<input class="lesson_text_db" name="<%=GoatHillsFinancial.CCN_LIMIT%>" type="text" value="<%=employee.getCcnLimit()%>"/>
</TD>
</TR>
<TR><TD>
Comments:
</TD>
<TD colspan="3">
<input name="<%=GoatHillsFinancial.DESCRIPTION%>" type="text" class="lesson_text_db" value="<%=employee.getPersonalDescription()%>" size="58"/>
</TD>
<TR>
<TD colspan="2">
Disciplinary Explanation:
</TD>
<TD>
Disc. Date:
</TD>
<TD>
<input class="lesson_text_db" name="<%=GoatHillsFinancial.DISCIPLINARY_DATE%>" type="text" value="<%=employee.getDisciplinaryActionDate()%>"/>
</TD>
</TR>
<TR>
<TD colspan="4">
<textarea name="<%=GoatHillsFinancial.DISCIPLINARY_NOTES%>" cols="53" rows="2" class="lesson_text_db" ><%=employee.getDisciplinaryActionNotes()%></textarea>
</TD>
</TR>
<TR>
<TD>
Manager:
</TD>
<TD>
<select class="lesson_text_db" name="<%=GoatHillsFinancial.MANAGER%>">
<%
List employees = (List) session.getAttribute("GoatHillsFinancial.Staff");
Iterator i = employees.iterator();
while (i.hasNext())
{
EmployeeStub stub = (EmployeeStub) i.next();
%>
<option value="<%=Integer.toString(stub.getId())%>"><%=stub.getFirstName() + " " + stub.getLastName()%></option>
<%}%>
</select>
</TD>
</TR>
</Table>
<BR>
<div class="lesson_buttons_bottom">
<table width="460" height="20" border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="57">
<input type="submit" name="action" value="<%=GoatHillsFinancial.VIEWPROFILE_ACTION%>"/>
</td>
<td width="81">
<input name="<%=GoatHillsFinancial.EMPLOYEE_ID%>" type="hidden" value="<%=employee.getId()%>">
<input name="<%=GoatHillsFinancial.TITLE%>" type="hidden" value="<%=employee.getTitle()%>">
<input type="submit" name="action" value="<%=GoatHillsFinancial.UPDATEPROFILE_ACTION%>"/>
</td>
<td width="211"></td>
<td width="83">
<input type="submit" name="action" value="<%=GoatHillsFinancial.LOGOUT_ACTION%>"/>
</td>
</tr>
</table>
</div></form>
</div>

14
main/project/WebContent/lessons/GoatHillsFinancial/GoatHillsFinancial.css Executable file
View File

@ -0,0 +1,14 @@
#lesson_wrapper {height: 435px;width: 500px;}
#lesson_header {background-image: url(lessons/GoatHillsFinancial/images/lesson1_header.jpg);width: 490px;padding-right: 10px;padding-top: 60px;background-repeat: no-repeat;}
.lesson_workspace {background-image: url(lessons/GoatHillsFinancial/images/lesson1_workspace.jpg);width: 489px;height: 325px;padding-left: 10px;padding-top: 10px;background-repeat: no-repeat;}
.lesson_text {height: 240px;width: 460px;padding-top: 5px;}
#lesson_buttons_bottom {height: 20px;width: 460px;}
#lesson_b_b_left {width: 300px;float: left;}
#lesson_b_b_right input {width: 100px;float: right;}
.lesson_title_box {height: 20px;width: 420px;padding-left: 30px;}
.lesson_workspace { }
.lesson_txt_10 {font-family: Arial, Helvetica, sans-serif;font-size: 10px;}
.lesson_text_db {color: #0066FF}
#lesson_login {background-image: url(lessons/GoatHillsFinancial/images/lesson1_loginWindow.jpg);height: 124px;width: 311px;background-repeat: no-repeat;padding-top: 30px;margin-left: 80px;margin-top: 50px;text-align: center;}
#lesson_login_txt {font-family: Arial, Helvetica, sans-serif;font-size: 12px;text-align: center;}
#lesson_search {background-image: url(lessons/GoatHillsFinancial/images/lesson1_SearchWindow.jpg);height: 124px;width: 311px;background-repeat: no-repeat;padding-top: 30px;margin-left: 80px;margin-top: 50px;text-align: center;}

30
main/project/WebContent/lessons/GoatHillsFinancial/GoatHillsFinancial.jsp Executable file
View File

@ -0,0 +1,30 @@
<%@ page contentType="text/html; charset=ISO-8859-1" language="java"
import="org.owasp.webgoat.session.*"
errorPage="" %>
<%@page import="org.owasp.webgoat.lessons.GoatHillsFinancial.GoatHillsFinancial;"%>
<style>
<jsp:include page="GoatHillsFinancial.css" />
</style>
<%
WebSession webSession = ((WebSession)session.getAttribute("websession"));
System.out.println("WebSession is " + webSession);
GoatHillsFinancial currentLesson = (GoatHillsFinancial) webSession.getCurrentLesson();
System.out.println("CurrentLesson = " + currentLesson);
%>
<div id="lesson_wrapper">
<div id="lesson_header"></div>
<div class="lesson_workspace">
<%
String subViewPage = currentLesson.getPage(webSession);
System.out.println("SubViewPage is " + subViewPage);
if (subViewPage != null)
{
//System.out.println("Including sub view page: " + subViewPage);
%>
<jsp:include page="<%=subViewPage%>" />
<%
}
%>
</div>
</div>

55
main/project/WebContent/lessons/GoatHillsFinancial/ListStaff.jsp Executable file
View File

@ -0,0 +1,55 @@
<%@ page contentType="text/html; charset=ISO-8859-1" language="java"
import="java.util.*, org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.GoatHillsFinancial.GoatHillsFinancial"
errorPage="" %>
<%
WebSession webSession = ((WebSession)session.getAttribute("websession"));
int myUserId = webSession.getUserIdInLesson();
%>
<div class="lesson_title_box"><strong>Welcome Back </strong><span class="lesson_text_db"><%=webSession.getUserNameInLesson()%></span> - Staff Listing Page</div>
<br>
<br>
<br>
<p>Select from the list below </p>
<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
<table width="60%" border="0" cellpadding="3">
<tr>
<td> <label>
<select name="<%=GoatHillsFinancial.EMPLOYEE_ID%>" size="11">
<%
List employees = (List) session.getAttribute("GoatHillsFinancial." + GoatHillsFinancial.STAFF_ATTRIBUTE_KEY);
Iterator i = employees.iterator();
while (i.hasNext())
{
EmployeeStub stub = (EmployeeStub) i.next();%>
<option value="<%=Integer.toString(stub.getId())%>"><%=stub.getFirstName() + " " + stub.getLastName()+ " (" + stub.getRole() + ")"%></option><%
}%>
</select>
</label></td>
<td>
<input type="submit" name="action" value="<%=GoatHillsFinancial.SEARCHSTAFF_ACTION%>"/><br>
<input type="submit" name="action" value="<%=GoatHillsFinancial.VIEWPROFILE_ACTION%>"/><br>
<%
if (webSession.isAuthorizedInLesson(myUserId, GoatHillsFinancial.CREATEPROFILE_ACTION))
{
%>
<input type="submit" name="action" value="<%=GoatHillsFinancial.CREATEPROFILE_ACTION%>"/><br>
<%
}
%>
<%
if (webSession.isAuthorizedInLesson(myUserId, GoatHillsFinancial.DELETEPROFILE_ACTION))
{
%>
<input type="submit" name="action" value="<%=GoatHillsFinancial.DELETEPROFILE_ACTION%>"/><br>
<%
}
%>
<br>
<input type="submit" name="action" value="<%=GoatHillsFinancial.LOGOUT_ACTION%>"/>
</td>
</tr>
</table>
</form>

32
main/project/WebContent/lessons/GoatHillsFinancial/Login.jsp Executable file
View File

@ -0,0 +1,32 @@
<%@ page contentType="text/html; charset=ISO-8859-1" language="java"
import="java.util.*, org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.GoatHillsFinancial.GoatHillsFinancial"
errorPage="" %>
<div id="lesson_login">
<div id="lesson_login_txt">
<%
WebSession webSession = ((WebSession)session.getAttribute("websession"));
%>
<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
<label>
<select name="<%=GoatHillsFinancial.EMPLOYEE_ID%>">
<%
//System.out.println("Retrieving employees list");
List employees = (List) session.getAttribute("GoatHillsFinancial." + GoatHillsFinancial.STAFF_ATTRIBUTE_KEY);
Iterator i = employees.iterator();
while (i.hasNext())
{
EmployeeStub stub = (EmployeeStub) i.next();
%>
<option value="<%=Integer.toString(stub.getId())%>"><%=stub.getFirstName() + " " + stub.getLastName() + " (" + stub.getRole() + ")"%></option>
<%}%>
</select>
</label>
<br>
<label>Password
<input name="password" type="password" size="10" maxlength="8" />
</label>
<br>
<input type="submit" name="action" value="<%=GoatHillsFinancial.LOGIN_ACTION%>"/>
</form>
</div>
</div>

22
main/project/WebContent/lessons/GoatHillsFinancial/SearchStaff.jsp Executable file
View File

@ -0,0 +1,22 @@
<%@ page contentType="text/html; charset=ISO-8859-1" language="java"
import="org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.GoatHillsFinancial.GoatHillsFinancial"
errorPage="" %>
<div id="lesson_search">
<%
WebSession webSession = ((WebSession)session.getAttribute("websession"));
String searchedName = request.getParameter(GoatHillsFinancial.SEARCHNAME);
if (searchedName != null)
{
%>
Employee <%=searchedName%> not found.
<%
}
%>
<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
<label>Name
<input class="lesson_text_db" type="text" name="<%=GoatHillsFinancial.SEARCHNAME%>"/>
</label>
<br>
<input type="submit" name="action" value="<%=GoatHillsFinancial.FINDPROFILE_ACTION%>"/>
</form>
</div>

157
main/project/WebContent/lessons/GoatHillsFinancial/ViewProfile.jsp Executable file
View File

@ -0,0 +1,157 @@
<%@ page contentType="text/html; charset=ISO-8859-1" language="java"
import="org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.GoatHillsFinancial.GoatHillsFinancial"
errorPage="" %>
<%
Employee employee = (Employee) session.getAttribute("GoatHillsFinancial." + GoatHillsFinancial.EMPLOYEE_ATTRIBUTE_KEY);
WebSession webSession = ((WebSession)session.getAttribute("websession"));
// int myUserId = getIntSessionAttribute(webSession, "GoatHillsFinancial." + GoatHillsFinancial.USER_ID);
%>
<div class="lesson_title_box"><strong>Welcome Back </strong><span class="lesson_text_db"><%=webSession.getUserNameInLesson()%></span> - View Profile Page</div>
<div class="lesson_text">
<Table>
<TR><TD>
First Name:
</TD>
<TD>
<span class="lesson_text_db"><%=employee.getFirstName()%></span>
</TD>
<TD>
Last Name:
</TD>
<TD>
<span class="lesson_text_db"><%=employee.getLastName()%></span>
</TD>
</TR>
<TR><TD>
Street:
</TD>
<TD>
<span class="lesson_text_db"><%=employee.getAddress1()%></span>
</TD>
<TD>
City/State:
<TD>
<span class="lesson_text_db"><%=employee.getAddress2()%></span>
</TD>
</TR>
<TR><TD>
Phone:
</TD>
<TD>
<span class="lesson_text_db"><%=employee.getPhoneNumber()%></span>
</TD>
<TD>
Start Date:
</TD>
<TD>
<span class="lesson_text_db"><%=employee.getStartDate()%></span>
</TD>
</TR>
<TR><TD>
SSN:
</TD>
<TD>
<span class="lesson_text_db"><%=employee.getSsn()%></span>
</TD>
<TD>
Salary:
</TD>
<TD>
<span class="lesson_text_db"><%=employee.getSalary()%></span>
</TD>
</TR>
<TR><TD>
Credit Card:
</TD>
<TD>
<span class="lesson_text_db"><%=employee.getCcn()%></span>
</TD>
<TD>
Credit Card Limit:
</TD>
<TD>
<span class="lesson_text_db"><%=employee.getCcnLimit()%></span>
</TD>
</TR>
<TR><TD>
Comments:
</TD>
<TD colspan="3">
<span class="lesson_text_db"><%=employee.getPersonalDescription()%></span>
</TD>
</TR>
<TR>
<TD colspan="2">
Disciplinary Explanation:
</TD>
<TD>
Disc. Dates:
</TD>
<TD>
<span class="lesson_text_db"><%=employee.getDisciplinaryActionDate()%></span>
</TD>
<TR>
<TD colspan="4">
<span class="lesson_text_db"><%=employee.getDisciplinaryActionNotes()%></span>
</TD>
</TR>
<TR>
<TD>
Manager:
</TD>
<TD>
<span class="lesson_text_db"><%=employee.getManager()%></span>
</TD>
</TR>
</Table>
</div>
<div class="lesson_buttons_bottom">
<table width="460" height="20" border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="50">
<%
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), GoatHillsFinancial.LISTSTAFF_ACTION))
{
%>
<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
<input type="hidden" name="<%=GoatHillsFinancial.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
<input type="submit" name="action" value="<%=GoatHillsFinancial.LISTSTAFF_ACTION%>"/>
</form>
<%
}%>
</td>
<td width="50">
<%
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), GoatHillsFinancial.EDITPROFILE_ACTION))
{
%>
<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
<input type="hidden" name="<%=GoatHillsFinancial.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
<input type="submit" name="action" value="<%=GoatHillsFinancial.EDITPROFILE_ACTION%>"/>
</form>
<%
}
%>
</td>
<td width="60">
<%
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), GoatHillsFinancial.DELETEPROFILE_ACTION))
{
%>
<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
<input type="hidden" name="<%=GoatHillsFinancial.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
<input type="submit" name="action" value="<%=GoatHillsFinancial.DELETEPROFILE_ACTION%>"/>
</form>
<%
}
%>
</td>
<td width="190">&nbsp;</td>
<td width="76">
<form method="POST">
<input type="submit" name="action" value="<%=GoatHillsFinancial.LOGOUT_ACTION%>"/>
</form>
</td>
</tr>
</table>
</div>

13
main/project/WebContent/lessons/GoatHillsFinancial/error.jsp Executable file
View File

@ -0,0 +1,13 @@
<%@ page contentType="text/html; charset=ISO-8859-1" language="java"
import="org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.GoatHillsFinancial.GoatHillsFinancial"
errorPage="" %>
<%
WebSession webSession = ((WebSession)session.getAttribute("websession"));
// int myUserId = getIntSessionAttribute(webSession, "GoatHillsFinancial." + GoatHillsFinancial.USER_ID);
%>
<br><br><br>An error has occurred.
<br><br><br>
<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
<input type="submit" name="action" value="<%=GoatHillsFinancial.LOGIN_ACTION%>"/>
</form>

BIN
main/project/WebContent/lessons/GoatHillsFinancial/images/accessControl.jpg Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 34 KiB

BIN
main/project/WebContent/lessons/GoatHillsFinancial/images/dbSchema.jpg Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 102 KiB

BIN
main/project/WebContent/lessons/GoatHillsFinancial/images/lesson1_SearchWindow.jpg Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 34 KiB

BIN
main/project/WebContent/lessons/GoatHillsFinancial/images/lesson1_header.jpg Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 44 KiB

BIN
main/project/WebContent/lessons/GoatHillsFinancial/images/lesson1_loginWindow.jpg Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 9.7 KiB

BIN
main/project/WebContent/lessons/GoatHillsFinancial/images/lesson1_menu.jpg Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 5.5 KiB

BIN
main/project/WebContent/lessons/GoatHillsFinancial/images/lesson1_workspace.jpg Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 23 KiB

BIN
main/project/WebContent/lessons/GoatHillsFinancial/images/orgChart.jpg Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 86 KiB

137
main/project/WebContent/lessons/RoleBasedAccessControl/EditProfile.jsp Normal file
View File

@ -0,0 +1,137 @@
<%@ page contentType="text/html; charset=ISO-8859-1" language="java"
import="java.util.*, org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.RoleBasedAccessControl.RoleBasedAccessControl"
errorPage="" %>
<%
WebSession webSession = ((WebSession)session.getAttribute("websession"));
Employee employee = (Employee) session.getAttribute("RoleBasedAccessControl.Employee");
%>
<div class="lesson_title_box"><strong>Welcome Back </strong><span class="lesson_text_db"><%=webSession.getUserNameInLesson()%></span> - Edit Profile Page</div>
<div class="lesson_text">
<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
<Table border="0" cellpadding="0" cellspacing="0">
<TR><TD width="110">
First Name:
</TD>
<TD width="193">
<input class="lesson_text_db" name="<%=RoleBasedAccessControl.FIRST_NAME%>" type="text" value="<%=employee.getFirstName()%>"/>
</TD>
<TD width="110">
Last Name: </TD>
<TD width="196">
<input class="lesson_text_db" name="<%=RoleBasedAccessControl.LAST_NAME%>" type="text" value="<%=employee.getLastName()%>"/>
</TD>
</TR>
<TR><TD>
Street:
</TD>
<TD>
<input class="lesson_text_db" name="<%=RoleBasedAccessControl.ADDRESS1%>" type="text" value="<%=employee.getAddress1()%>"/>
</TD>
<TD>
City/State:
<TD>
<input class="lesson_text_db" name="<%=RoleBasedAccessControl.ADDRESS2%>" type="text" value="<%=employee.getAddress2()%>"/>
</TD>
</TR>
<TR><TD>
Phone:
</TD>
<TD>
<input class="lesson_text_db" name="<%=RoleBasedAccessControl.PHONE_NUMBER%>" type="text" value="<%=employee.getPhoneNumber()%>"/>
</TD>
<TD>
Start Date:
</TD>
<TD>
<input class="lesson_text_db" name="<%=RoleBasedAccessControl.START_DATE%>" type="text" value="<%=employee.getStartDate()%>"/>
</TD>
</TR>
<TR><TD>
SSN:
</TD>
<TD>
<input class="lesson_text_db" name="<%=RoleBasedAccessControl.SSN%>" type="text" value="<%=employee.getSsn()%>"/>
</TD>
<TD>
Salary:
</TD>
<TD>
<input class="lesson_text_db" name="<%=RoleBasedAccessControl.SALARY%>" type="text" value="<%=employee.getSalary()%>"/>
</TD>
</TR>
<TR><TD>
Credit Card:
</TD>
<TD>
<input class="lesson_text_db" name="<%=RoleBasedAccessControl.CCN%>" type="text" value="<%=employee.getCcn()%>"/>
</TD>
<TD>
Credit Card Limit:
</TD>
<TD>
<input class="lesson_text_db" name="<%=RoleBasedAccessControl.CCN_LIMIT%>" type="text" value="<%=employee.getCcnLimit()%>"/>
</TD>
</TR>
<TR><TD>
Comments:
</TD>
<TD colspan="3">
<input name="<%=RoleBasedAccessControl.DESCRIPTION%>" type="text" class="lesson_text_db" value="<%=employee.getPersonalDescription()%>" size="58"/>
</TD>
<TR>
<TD colspan="2">
Disciplinary Explanation:
</TD>
<TD>
Disc. Date:
</TD>
<TD>
<input class="lesson_text_db" name="<%=RoleBasedAccessControl.DISCIPLINARY_DATE%>" type="text" value="<%=employee.getDisciplinaryActionDate()%>"/>
</TD>
</TR>
<TR>
<TD colspan="4">
<textarea name="<%=RoleBasedAccessControl.DISCIPLINARY_NOTES%>" cols="53" rows="2" wrap="off" class="lesson_text_db" ><%=employee.getDisciplinaryActionNotes()%></textarea>
</TD>
</TR>
<TR>
<TD>
Manager:
</TD>
<TD>
<select class="lesson_text_db" name="<%=RoleBasedAccessControl.MANAGER%>">
<%
List employees = (List) session.getAttribute("RoleBasedAccessControl.Staff");
Iterator i = employees.iterator();
while (i.hasNext())
{
EmployeeStub stub = (EmployeeStub) i.next();
%>
<option value="<%=Integer.toString(stub.getId())%>"><%=stub.getFirstName() + " " + stub.getLastName()%></option>
<%}%>
</select>
</TD>
</TR>
</Table>
<BR>
<div class="lesson_buttons_bottom">
<table width="460" height="20" border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="57">
<input type="submit" name="action" value="<%=RoleBasedAccessControl.VIEWPROFILE_ACTION%>"/>
</td>
<td width="81">
<input name="<%=RoleBasedAccessControl.EMPLOYEE_ID%>" type="hidden" value="<%=employee.getId()%>">
<input name="<%=RoleBasedAccessControl.TITLE%>" type="hidden" value="<%=employee.getTitle()%>">
<input type="submit" name="action" value="<%=RoleBasedAccessControl.UPDATEPROFILE_ACTION%>"/>
</td>
<td width="211"></td>
<td width="83">
<input type="submit" name="action" value="<%=RoleBasedAccessControl.LOGOUT_ACTION%>"/>
</td>
</tr>
</table>
</div></form>
</div>

55
main/project/WebContent/lessons/RoleBasedAccessControl/ListStaff.jsp Normal file
View File

@ -0,0 +1,55 @@
<%@ page contentType="text/html; charset=ISO-8859-1" language="java"
import="java.util.*, org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.RoleBasedAccessControl.RoleBasedAccessControl"
errorPage="" %>
<%
WebSession webSession = ((WebSession)session.getAttribute("websession"));
int myUserId = webSession.getUserIdInLesson();
%>
<div class="lesson_title_box"><strong>Welcome Back </strong><span class="lesson_text_db"><%=webSession.getUserNameInLesson()%></span> - Staff Listing Page</div>
<br>
<br>
<br>
<p>Select from the list below </p>
<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
<table width="60%" border="0" cellpadding="3">
<tr>
<td> <label>
<select name="<%=RoleBasedAccessControl.EMPLOYEE_ID%>" size="11">
<%
List employees = (List) session.getAttribute("RoleBasedAccessControl." + RoleBasedAccessControl.STAFF_ATTRIBUTE_KEY);
Iterator i = employees.iterator();
while (i.hasNext())
{
EmployeeStub stub = (EmployeeStub) i.next();%>
<option value="<%=Integer.toString(stub.getId())%>"><%=stub.getFirstName() + " " + stub.getLastName()+ " (" + stub.getRole() + ")"%></option><%
}%>
</select>
</label></td>
<td>
<input type="submit" name="action" value="<%=RoleBasedAccessControl.SEARCHSTAFF_ACTION%>"/><br>
<input type="submit" name="action" value="<%=RoleBasedAccessControl.VIEWPROFILE_ACTION%>"/><br>
<%
if (webSession.isAuthorizedInLesson(myUserId, RoleBasedAccessControl.CREATEPROFILE_ACTION))
{
%>
<input type="submit" name="action" value="<%=RoleBasedAccessControl.CREATEPROFILE_ACTION%>"/><br>
<%
}
%>
<%
if (webSession.isAuthorizedInLesson(myUserId, RoleBasedAccessControl.DELETEPROFILE_ACTION))
{
%>
<input type="submit" name="action" value="<%=RoleBasedAccessControl.DELETEPROFILE_ACTION%>"/><br>
<%
}
%>
<br>
<input type="submit" name="action" value="<%=RoleBasedAccessControl.LOGOUT_ACTION%>"/>
</td>
</tr>
</table>
</form>

32
main/project/WebContent/lessons/RoleBasedAccessControl/Login.jsp Normal file
View File

@ -0,0 +1,32 @@
<%@ page contentType="text/html; charset=ISO-8859-1" language="java"
import="java.util.*, org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.RoleBasedAccessControl.RoleBasedAccessControl"
errorPage="" %>
<div id="lesson_login">
<div id="lesson_login_txt">
<%
WebSession webSession = ((WebSession)session.getAttribute("websession"));
%>
<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
<label>
<select name="<%=RoleBasedAccessControl.EMPLOYEE_ID%>">
<%
//System.out.println("Retrieving employees list");
List employees = (List) session.getAttribute("RoleBasedAccessControl." + RoleBasedAccessControl.STAFF_ATTRIBUTE_KEY);
Iterator i = employees.iterator();
while (i.hasNext())
{
EmployeeStub stub = (EmployeeStub) i.next();
%>
<option value="<%=Integer.toString(stub.getId())%>"><%=stub.getFirstName() + " " + stub.getLastName() + " (" + stub.getRole() + ")"%></option>
<%}%>
</select>
</label>
<br>
<label>Password
<input name="password" type="password" size="10" maxlength="8" />
</label>
<br>
<input type="submit" name="action" value="<%=RoleBasedAccessControl.LOGIN_ACTION%>"/>
</form>
</div>
</div>

14
main/project/WebContent/lessons/RoleBasedAccessControl/RoleBasedAccessControl.css Normal file
View File

@ -0,0 +1,14 @@
#lesson_wrapper {height: 435px;width: 500px;}
#lesson_header {background-image: url(lessons/RoleBasedAccessControl/images/lesson1_header.jpg);width: 490px;padding-right: 10px;padding-top: 60px;background-repeat: no-repeat;}
.lesson_workspace {background-image: url(lessons/RoleBasedAccessControl/images/lesson1_workspace.jpg);width: 489px;height: 325px;padding-left: 10px;padding-top: 10px;background-repeat: no-repeat;}
.lesson_text {height: 240px;width: 460px;padding-top: 5px;}
#lesson_buttons_bottom {height: 20px;width: 460px;}
#lesson_b_b_left {width: 300px;float: left;}
#lesson_b_b_right input {width: 100px;float: right;}
.lesson_title_box {height: 20px;width: 420px;padding-left: 30px;}
.lesson_workspace { }
.lesson_txt_10 {font-family: Arial, Helvetica, sans-serif;font-size: 10px;}
.lesson_text_db {color: #0066FF}
#lesson_login {background-image: url(lessons/RoleBasedAccessControl/images/lesson1_loginWindow.jpg);height: 124px;width: 311px;background-repeat: no-repeat;padding-top: 30px;margin-left: 80px;margin-top: 50px;text-align: center;}
#lesson_login_txt {font-family: Arial, Helvetica, sans-serif;font-size: 12px;text-align: center;}
#lesson_search {background-image: url(lessons/RoleBasedAccessControl/images/lesson1_SearchWindow.jpg);height: 124px;width: 311px;background-repeat: no-repeat;padding-top: 30px;margin-left: 80px;margin-top: 50px;text-align: center;}

26
main/project/WebContent/lessons/RoleBasedAccessControl/RoleBasedAccessControl.jsp Normal file
View File

@ -0,0 +1,26 @@
<%@ page contentType="text/html; charset=ISO-8859-1" language="java"
import="org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.RoleBasedAccessControl.RoleBasedAccessControl"
errorPage="" %>
<style>
<jsp:include page="RoleBasedAccessControl.css" />
</style>
<%
WebSession webSession = ((WebSession)session.getAttribute("websession"));
RoleBasedAccessControl currentLesson = (RoleBasedAccessControl) webSession.getCurrentLesson();
%>
<div id="lesson_wrapper">
<div id="lesson_header"></div>
<div class="lesson_workspace">
<%
String subViewPage = currentLesson.getPage(webSession);
if (subViewPage != null)
{
//System.out.println("Including sub view page: " + subViewPage);
%>
<jsp:include page="<%=subViewPage%>" />
<%
}
%>
</div>
</div>

22
main/project/WebContent/lessons/RoleBasedAccessControl/SearchStaff.jsp Normal file
View File

@ -0,0 +1,22 @@
<%@ page contentType="text/html; charset=ISO-8859-1" language="java"
import="org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.RoleBasedAccessControl.RoleBasedAccessControl"
errorPage="" %>
<div id="lesson_search">
<%
WebSession webSession = ((WebSession)session.getAttribute("websession"));
String searchedName = request.getParameter(RoleBasedAccessControl.SEARCHNAME);
if (searchedName != null)
{
%>
Employee <%=searchedName%> not found.
<%
}
%>
<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
<label>Name
<input class="lesson_text_db" type="text" name="<%=RoleBasedAccessControl.SEARCHNAME%>"/>
</label>
<br>
<input type="submit" name="action" value="<%=RoleBasedAccessControl.FINDPROFILE_ACTION%>"/>
</form>
</div>

157
main/project/WebContent/lessons/RoleBasedAccessControl/ViewProfile.jsp Normal file
View File

@ -0,0 +1,157 @@
<%@ page contentType="text/html; charset=ISO-8859-1" language="java"
import="org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.RoleBasedAccessControl.RoleBasedAccessControl"
errorPage="" %>
<%
Employee employee = (Employee) session.getAttribute("RoleBasedAccessControl." + RoleBasedAccessControl.EMPLOYEE_ATTRIBUTE_KEY);
WebSession webSession = ((WebSession)session.getAttribute("websession"));
// int myUserId = getIntSessionAttribute(webSession, "RoleBasedAccessControl." + RoleBasedAccessControl.USER_ID);
%>
<div class="lesson_title_box"><strong>Welcome Back </strong><span class="lesson_text_db"><%=webSession.getUserNameInLesson()%></span> - View Profile Page</div>
<div class="lesson_text">
<Table>
<TR><TD>
First Name:
</TD>
<TD>
<span class="lesson_text_db"><%=employee.getFirstName()%></span>
</TD>
<TD>
Last Name:
</TD>
<TD>
<span class="lesson_text_db"><%=employee.getLastName()%></span>
</TD>
</TR>
<TR><TD>
Street:
</TD>
<TD>
<span class="lesson_text_db"><%=employee.getAddress1()%></span>
</TD>
<TD>
City/State:
<TD>
<span class="lesson_text_db"><%=employee.getAddress2()%></span>
</TD>
</TR>
<TR><TD>
Phone:
</TD>
<TD>
<span class="lesson_text_db"><%=employee.getPhoneNumber()%></span>
</TD>
<TD>
Start Date:
</TD>
<TD>
<span class="lesson_text_db"><%=employee.getStartDate()%></span>
</TD>
</TR>
<TR><TD>
SSN:
</TD>
<TD>
<span class="lesson_text_db"><%=employee.getSsn()%></span>
</TD>
<TD>
Salary:
</TD>
<TD>
<span class="lesson_text_db"><%=employee.getSalary()%></span>
</TD>
</TR>
<TR><TD>
Credit Card:
</TD>
<TD>
<span class="lesson_text_db"><%=employee.getCcn()%></span>
</TD>
<TD>
Credit Card Limit:
</TD>
<TD>
<span class="lesson_text_db"><%=employee.getCcnLimit()%></span>
</TD>
</TR>
<TR><TD>
Comments:
</TD>
<TD colspan="3">
<span class="lesson_text_db"><%=employee.getPersonalDescription()%></span>
</TD>
</TR>
<TR>
<TD colspan="2">
Disciplinary Explanation:
</TD>
<TD>
Disc. Dates:
</TD>
<TD>
<span class="lesson_text_db"><%=employee.getDisciplinaryActionDate()%></span>
</TD>
<TR>
<TD colspan="4">
<span class="lesson_text_db"><%=employee.getDisciplinaryActionNotes()%></span>
</TD>
</TR>
<TR>
<TD>
Manager:
</TD>
<TD>
<span class="lesson_text_db"><%=employee.getManager()%></span>
</TD>
</TR>
</Table>
</div>
<div class="lesson_buttons_bottom">
<table width="460" height="20" border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="50">
<%
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), RoleBasedAccessControl.LISTSTAFF_ACTION))
{
%>
<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
<input type="hidden" name="<%=RoleBasedAccessControl.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
<input type="submit" name="action" value="<%=RoleBasedAccessControl.LISTSTAFF_ACTION%>"/>
</form>
<%
}%>
</td>
<td width="50">
<%
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), RoleBasedAccessControl.EDITPROFILE_ACTION))
{
%>
<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
<input type="hidden" name="<%=RoleBasedAccessControl.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
<input type="submit" name="action" value="<%=RoleBasedAccessControl.EDITPROFILE_ACTION%>"/>
</form>
<%
}
%>
</td>
<td width="60">
<%
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), RoleBasedAccessControl.DELETEPROFILE_ACTION))
{
%>
<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
<input type="hidden" name="<%=RoleBasedAccessControl.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
<input type="submit" name="action" value="<%=RoleBasedAccessControl.DELETEPROFILE_ACTION%>"/>
</form>
<%
}
%>
</td>
<td width="190">&nbsp;</td>
<td width="76">
<form method="POST">
<input type="submit" name="action" value="<%=RoleBasedAccessControl.LOGOUT_ACTION%>"/>
</form>
</td>
</tr>
</table>
</div>

13
main/project/WebContent/lessons/RoleBasedAccessControl/error.jsp Normal file
View File

@ -0,0 +1,13 @@
<%@ page contentType="text/html; charset=ISO-8859-1" language="java"
import="org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.RoleBasedAccessControl.RoleBasedAccessControl"
errorPage="" %>
<%
WebSession webSession = ((WebSession)session.getAttribute("websession"));
// int myUserId = getIntSessionAttribute(webSession, "RoleBasedAccessControl." + RoleBasedAccessControl.USER_ID);
%>
<br><br><br>An error has occurred.
<br><br><br>
<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
<input type="submit" name="action" value="<%=RoleBasedAccessControl.LOGIN_ACTION%>"/>
</form>

BIN
main/project/WebContent/lessons/RoleBasedAccessControl/images/accessControl.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 34 KiB

BIN
main/project/WebContent/lessons/RoleBasedAccessControl/images/dbSchema.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 102 KiB

BIN
main/project/WebContent/lessons/RoleBasedAccessControl/images/lesson1_SearchWindow.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 34 KiB

BIN
main/project/WebContent/lessons/RoleBasedAccessControl/images/lesson1_header.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 44 KiB

BIN
main/project/WebContent/lessons/RoleBasedAccessControl/images/lesson1_loginWindow.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 9.7 KiB

BIN
main/project/WebContent/lessons/RoleBasedAccessControl/images/lesson1_menu.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 5.5 KiB

BIN
main/project/WebContent/lessons/RoleBasedAccessControl/images/lesson1_workspace.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 23 KiB

BIN
main/project/WebContent/lessons/RoleBasedAccessControl/images/orgChart.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 86 KiB

133
main/project/WebContent/lessons/SQLInjection/EditProfile.jsp Normal file
View File

@ -0,0 +1,133 @@
<%@ page contentType="text/html; charset=ISO-8859-1" language="java"
import="java.util.*, org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.SQLInjection.SQLInjection"
errorPage="" %>
<%
WebSession webSession = ((WebSession)session.getAttribute("websession"));
Employee employee = (Employee) session.getAttribute("SQLInjection.Employee");
%>
<div class="lesson_title_box"><strong>Welcome Back </strong><span class="lesson_text_db"><%=webSession.getUserNameInLesson()%></span></div>
<div class="lesson_text">
<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
<Table>
<TR><TD>
First Name:
</TD>
<TD>
<input class="lesson_text_db" name="<%=SQLInjection.FIRST_NAME%>" type="text" value="<%=employee.getFirstName()%>"/>
</TD>
<TD>
Last Name:
</TD>
<TD>
<input class="lesson_text_db" name="<%=SQLInjection.LAST_NAME%>" type="text" value="<%=employee.getLastName()%>"/>
</TD>
</TR>
<TR><TD>
Street:
</TD>
<TD>
<input class="lesson_text_db" name="<%=SQLInjection.ADDRESS1%>" type="text" value="<%=employee.getAddress1()%>"/>
</TD>
<TD>
City/State:
<TD>
<input class="lesson_text_db" name="<%=SQLInjection.ADDRESS2%>" type="text" value="<%=employee.getAddress2()%>"/>
</TD>
</TR>
<TR><TD>
Phone:
</TD>
<TD>
<input class="lesson_text_db" name="<%=SQLInjection.PHONE_NUMBER%>" type="text" value="<%=employee.getPhoneNumber()%>"/>
</TD>
<TD>
Start Date:
</TD>
<TD>
<input class="lesson_text_db" name="<%=SQLInjection.START_DATE%>" type="text" value="<%=employee.getStartDate()%>"/>
</TD>
</TR>
<TR><TD>
SSN:
</TD>
<TD>
<input class="lesson_text_db" name="<%=SQLInjection.SSN%>" type="text" value="<%=employee.getSsn()%>"/>
</TD>
<TD>
Salary:
</TD>
<TD>
<input class="lesson_text_db" name="<%=SQLInjection.SALARY%>" type="text" value="<%=employee.getSalary()%>"/>
</TD>
</TR>
<TR><TD>
Credit Card:
</TD>
<TD>
<input class="lesson_text_db" name="<%=SQLInjection.CCN%>" type="text" value="<%=employee.getCcn()%>"/>
</TD>
<TD>
Credit Card Limit:
</TD>
<TD>
<input class="lesson_text_db" name="<%=SQLInjection.CCN_LIMIT%>" type="text" value="<%=employee.getCcnLimit()%>"/>
</TD>
</TR>
<TR><TD>
Comments:
</TD>
<TD>
<input class="lesson_text_db" name="<%=SQLInjection.DESCRIPTION%>" type="text" value="<%=employee.getPersonalDescription()%>"/>
</TD>
<TD>
Manager:
</TD>
<TD>
<select class="lesson_text_db" name="<%=SQLInjection.MANAGER%>">
<%
List employees = (List) session.getAttribute("SQLInjection.Staff");
Iterator i = employees.iterator();
while (i.hasNext())
{
EmployeeStub stub = (EmployeeStub) i.next();
%>
<option value="<%=Integer.toString(stub.getId())%>"><%=stub.getFirstName() + " " + stub.getLastName()%></option>
<%}%>
</select>
</TD>
</TR>
<TR><TD>
Disciplinary Explanation:
</TD>
<TD>
<textarea name="<%=SQLInjection.DISCIPLINARY_NOTES%>" cols="16" rows="3" class="lesson_text_db" ><%=employee.getDisciplinaryActionNotes()%></textarea>
</TD>
<TD>
Disciplinary Action Dates:
</TD>
<TD>
<input class="lesson_text_db" name="<%=SQLInjection.DISCIPLINARY_DATE%>" type="text" value="<%=employee.getDisciplinaryActionDate()%>"/>
</TD>
</TR>
</Table>
<BR>
<div class="lesson_buttons_bottom">
<table width="460" height="20" border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="57">
<input type="submit" name="action" value="<%=SQLInjection.VIEWPROFILE_ACTION%>"/>
</td>
<td width="81">
<input name="<%=SQLInjection.EMPLOYEE_ID%>" type="hidden" value="<%=employee.getId()%>">
<input name="<%=SQLInjection.TITLE%>" type="hidden" value="<%=employee.getTitle()%>">
<input type="submit" name="action" value="<%=SQLInjection.UPDATEPROFILE_ACTION%>"/>
</td>
<td width="211"></td>
<td width="83">
<input type="submit" name="action" value="<%=SQLInjection.LOGOUT_ACTION%>"/>
</td>
</tr>
</table>
</div></form>
</div>

55
main/project/WebContent/lessons/SQLInjection/ListStaff.jsp Normal file
View File

@ -0,0 +1,55 @@
<%@ page contentType="text/html; charset=ISO-8859-1" language="java"
import="java.util.*, org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.SQLInjection.SQLInjection"
errorPage="" %>
<%
WebSession webSession = ((WebSession)session.getAttribute("websession"));
int myUserId = webSession.getUserIdInLesson();
%>
<div class="lesson_title_box"><strong>Welcome Back </strong><span class="lesson_text_db"><%=webSession.getUserNameInLesson()%></span> - Staff Listing Page</div>
<br>
<br>
<br>
<p>Select from the list below </p>
<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
<table width="60%" border="0" cellpadding="3">
<tr>
<td> <label>
<select name="<%=SQLInjection.EMPLOYEE_ID%>" size="11">
<%
List employees = (List) session.getAttribute("SQLInjection." + SQLInjection.STAFF_ATTRIBUTE_KEY);
Iterator i = employees.iterator();
while (i.hasNext())
{
EmployeeStub stub = (EmployeeStub) i.next();%>
<option value="<%=Integer.toString(stub.getId())%>"><%=stub.getFirstName() + " " + stub.getLastName()+ " (" + stub.getRole() + ")"%></option><%
}%>
</select>
</label></td>
<td>
<input type="submit" name="action" value="<%=SQLInjection.SEARCHSTAFF_ACTION%>"/><br>
<input type="submit" name="action" value="<%=SQLInjection.VIEWPROFILE_ACTION%>"/><br>
<%
if (webSession.isAuthorizedInLesson(myUserId, SQLInjection.CREATEPROFILE_ACTION))
{
%>
<input type="submit" name="action" value="<%=SQLInjection.CREATEPROFILE_ACTION%>"/><br>
<%
}
%>
<%
if (webSession.isAuthorizedInLesson(myUserId, SQLInjection.DELETEPROFILE_ACTION))
{
%>
<input type="submit" name="action" value="<%=SQLInjection.DELETEPROFILE_ACTION%>"/><br>
<%
}
%>
<br>
<input type="submit" name="action" value="<%=SQLInjection.LOGOUT_ACTION%>"/>
</td>
</tr>
</table>
</form>

32
main/project/WebContent/lessons/SQLInjection/Login.jsp Normal file
View File

@ -0,0 +1,32 @@
<%@ page contentType="text/html; charset=ISO-8859-1" language="java"
import="java.util.*, org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.SQLInjection.SQLInjection"
errorPage="" %>
<div id="lesson_login">
<div id="lesson_login_txt">
<%
WebSession webSession = ((WebSession)session.getAttribute("websession"));
%>
<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
<label>
<select name="<%=SQLInjection.EMPLOYEE_ID%>">
<%
//System.out.println("Retrieving employees list");
List employees = (List) session.getAttribute("SQLInjection." + SQLInjection.STAFF_ATTRIBUTE_KEY);
Iterator i = employees.iterator();
while (i.hasNext())
{
EmployeeStub stub = (EmployeeStub) i.next();
%>
<option value="<%=Integer.toString(stub.getId())%>"><%=stub.getFirstName() + " " + stub.getLastName() + " (" + stub.getRole() + ")"%></option>
<%}%>
</select>
</label>
<br>
<label>Password
<input name="password" type="password" size="10" maxlength="8" />
</label>
<br>
<input type="submit" name="action" value="<%=SQLInjection.LOGIN_ACTION%>"/>
</form>
</div>
</div>

14
main/project/WebContent/lessons/SQLInjection/SQLInjection.css Normal file
View File

@ -0,0 +1,14 @@
#lesson_wrapper {height: 435px;width: 500px;}
#lesson_header {background-image: url(lessons/SQLInjection/images/lesson1_header.jpg);width: 490px;padding-right: 10px;padding-top: 60px;background-repeat: no-repeat;}
.lesson_workspace {background-image: url(lessons/SQLInjection/images/lesson1_workspace.jpg);width: 489px;height: 325px;padding-left: 10px;padding-top: 10px;background-repeat: no-repeat;}
.lesson_text {height: 240px;width: 460px;padding-top: 5px;}
#lesson_buttons_bottom {height: 20px;width: 460px;}
#lesson_b_b_left {width: 300px;float: left;}
#lesson_b_b_right input {width: 100px;float: right;}
.lesson_title_box {height: 20px;width: 420px;padding-left: 30px;}
.lesson_workspace { }
.lesson_txt_10 {font-family: Arial, Helvetica, sans-serif;font-size: 10px;}
.lesson_text_db {color: #0066FF}
#lesson_login {background-image: url(lessons/SQLInjection/images/lesson1_loginWindow.jpg);height: 124px;width: 311px;background-repeat: no-repeat;padding-top: 30px;margin-left: 80px;margin-top: 50px;text-align: center;}
#lesson_login_txt {font-family: Arial, Helvetica, sans-serif;font-size: 12px;text-align: center;}
#lesson_search {background-image: url(lessons/SQLInjection/images/lesson1_SearchWindow.jpg);height: 124px;width: 311px;background-repeat: no-repeat;padding-top: 30px;margin-left: 80px;margin-top: 50px;text-align: center;}

26
main/project/WebContent/lessons/SQLInjection/SQLInjection.jsp Normal file
View File

@ -0,0 +1,26 @@
<%@ page contentType="text/html; charset=ISO-8859-1" language="java"
import="org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.SQLInjection.SQLInjection"
errorPage="" %>
<style>
<jsp:include page="SQLInjection.css" />
</style>
<%
WebSession webSession = ((WebSession)session.getAttribute("websession"));
SQLInjection currentLesson = (SQLInjection) webSession.getCurrentLesson();
%>
<div id="lesson_wrapper">
<div id="lesson_header"></div>
<div class="lesson_workspace">
<%
String subViewPage = currentLesson.getPage(webSession);
if (subViewPage != null)
{
//System.out.println("Including sub view page: " + subViewPage);
%>
<jsp:include page="<%=subViewPage%>" />
<%
}
%>
</div>
</div>

22
main/project/WebContent/lessons/SQLInjection/SearchStaff.jsp Normal file
View File

@ -0,0 +1,22 @@
<%@ page contentType="text/html; charset=ISO-8859-1" language="java"
import="org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.SQLInjection.SQLInjection"
errorPage="" %>
<div id="lesson_search">
<%
WebSession webSession = ((WebSession)session.getAttribute("websession"));
String searchedName = request.getParameter(SQLInjection.SEARCHNAME);
if (searchedName != null)
{
%>
Employee <%=searchedName%> not found.
<%
}
%>
<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
<label>Name
<input class="lesson_text_db" type="text" name="<%=SQLInjection.SEARCHNAME%>"/>
</label>
<br>
<input type="submit" name="action" value="<%=SQLInjection.FINDPROFILE_ACTION%>"/>
</form>
</div>

154
main/project/WebContent/lessons/SQLInjection/ViewProfile.jsp Normal file
View File

@ -0,0 +1,154 @@
<%@ page contentType="text/html; charset=ISO-8859-1" language="java"
import="org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.SQLInjection.SQLInjection"
errorPage="" %>
<%
WebSession webSession = ((WebSession)session.getAttribute("websession"));
Employee employee = (Employee) session.getAttribute("SQLInjection." + SQLInjection.EMPLOYEE_ATTRIBUTE_KEY);
// int myUserId = getIntSessionAttribute(webSession, "SQLInjection." + SQLInjection.USER_ID);
%>
<div class="lesson_title_box"><strong>Welcome Back </strong><span class="lesson_text_db"><%=webSession.getUserNameInLesson()%></span></div>
<div class="lesson_text">
<Table>
<TR><TD>
First Name:
</TD>
<TD>
<%=employee.getFirstName()%>
</TD>
<TD>
Last Name:
</TD>
<TD>
<%=employee.getLastName()%>
</TD>
</TR>
<TR><TD>
Street:
</TD>
<TD>
<%=employee.getAddress1()%>
</TD>
<TD>
City/State:
<TD>
<%=employee.getAddress2()%>
</TD>
</TR>
<TR><TD>
Phone:
</TD>
<TD>
<%=employee.getPhoneNumber()%>
</TD>
<TD>
Start Date:
</TD>
<TD>
<%=employee.getStartDate()%>
</TD>
</TR>
<TR><TD>
SSN:
</TD>
<TD>
<%=employee.getSsn()%>
</TD>
<TD>
Salary:
</TD>
<TD>
<%=employee.getSalary()%>
</TD>
</TR>
<TR><TD>
Credit Card:
</TD>
<TD>
<%=employee.getCcn()%>
</TD>
<TD>
Credit Card Limit:
</TD>
<TD>
<%=employee.getCcnLimit()%>
</TD>
</TR>
<TR><TD>
Comments:
</TD>
<TD>
<%=employee.getPersonalDescription()%>
</TD>
<TD>
Manager:
</TD>
<TD>
<%=employee.getManager()%>
</TD>
</TR>
<TR><TD>
Disciplinary Explanation:
</TD>
<TD>
<%=employee.getDisciplinaryActionNotes()%>
</TD>
<TD>
Disciplinary Action Dates:
</TD>
<TD>
<%=employee.getDisciplinaryActionDate()%>
</TD>
</TR>
</Table>
</div>
<div class="lesson_buttons_bottom">
<table width="460" height="20" border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="50">
<%
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), SQLInjection.LISTSTAFF_ACTION))
{
%>
<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
<input type="hidden" name="<%=SQLInjection.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
<input type="submit" name="action" value="<%=SQLInjection.LISTSTAFF_ACTION%>"/>
</form>
<%
}
%>
</td>
<td width="50">
<%
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), SQLInjection.EDITPROFILE_ACTION))
{
%>
<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
<input type="hidden" name="<%=SQLInjection.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
<input type="submit" name="action" value="<%=SQLInjection.EDITPROFILE_ACTION%>"/>
</form>
<%
}
%>
</td>
<td width="60">
<%
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), SQLInjection.DELETEPROFILE_ACTION))
{
%>
<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
<input type="hidden" name="<%=SQLInjection.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
<input type="submit" name="action" value="<%=SQLInjection.DELETEPROFILE_ACTION%>"/>
</form>
<%
}
%>
</td>
<td width="190">&nbsp;</td>
<td width="76">
<form method="POST">
<input type="submit" name="action" value="<%=SQLInjection.LOGOUT_ACTION%>"/>
</form>
</td>
</tr>
</table>
</div>

3
main/project/WebContent/lessons/SQLInjection/error.jsp Normal file
View File

@ -0,0 +1,3 @@
<%@ page contentType="text/html; charset=ISO-8859-1" language="java"
errorPage="" %>
<br><br><br>An error has occurred.

BIN
main/project/WebContent/lessons/SQLInjection/images/lesson1_SearchWindow.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 34 KiB

BIN
main/project/WebContent/lessons/SQLInjection/images/lesson1_header.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 44 KiB

BIN
main/project/WebContent/lessons/SQLInjection/images/lesson1_loginWindow.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 9.7 KiB

BIN
main/project/WebContent/lessons/SQLInjection/images/lesson1_menu.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 5.5 KiB

BIN
main/project/WebContent/lessons/SQLInjection/images/lesson1_workspace.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 23 KiB

21
main/project/WebContent/lessons/XPATHInjection/EmployeesData.xml Normal file
View File

@ -0,0 +1,21 @@
<?xml version="1.0" encoding="ISO-8859-1"?>
<employees>
<employee id="1">
<loginID>Mike</loginID>
<accountno>11123</accountno>
<passwd>test123</passwd>
<salary>468100</salary>
</employee>
<employee id="2">
<loginID>John</loginID>
<accountno>63458</accountno>
<passwd>myownpass</passwd>
<salary>559833</salary>
</employee>
<employee id="3">
<loginID>Sarah</loginID>
<accountno>23363</accountno>
<passwd>secret</passwd>
<salary>84000</salary>
</employee>
</employees>