dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

clarifying instructions and importing a .js

Browse Source 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@252 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
rogan.dawes 2008-01-10 10:45:44 +00:00
parent dc3ad6453d
commit b3591580a9
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DOMXSS.java
View File

@ -123,6 +123,8 @@ public class DOMXSS extends SequentialLessonAdapter {
ec.addElement(new Script().setSrc("javascript/DOMXSS.js")); ec.addElement(new Script().setSrc("javascript/DOMXSS.js"));
ec.addElement(new Script().setSrc("javascript/escape.js"));
ec.addElement(new H1().setID("greeting")); ec.addElement(new H1().setID("greeting"));
ec.addElement(new StringElement("Enter your name: ")); ec.addElement(new StringElement("Enter your name: "));
@ -208,9 +210,9 @@ public class DOMXSS extends SequentialLessonAdapter {
if (getLessonTracker(s).getStage() == 1) { if (getLessonTracker(s).getStage() == 1) {
instructions = "STAGE 1:\tFor this exercise, your mission is to deface this website using the image at the following location: <a href = '/WebGoat/images/logos/owasp.jpg'>OWASP IMAGE</a>"; instructions = "STAGE 1:\tFor this exercise, your mission is to deface this website using the image at the following location: <a href = '/WebGoat/images/logos/owasp.jpg'>OWASP IMAGE</a>";
} else if (getLessonTracker(s).getStage() == 2) { } else if (getLessonTracker(s).getStage() == 2) {
instructions = "STAGE 2:\tNow, try to create a pop up using the image tag"; instructions = "STAGE 2:\tNow, try to create a JavaScript alert up using the image tag";
} else if (getLessonTracker(s).getStage() == 3) { } else if (getLessonTracker(s).getStage() == 3) {
instructions = "STAGE 3:\tNext, try to create a pop up using the IFRAME tag."; instructions = "STAGE 3:\tNext, try to create a JavaScript alert up using the IFRAME tag.";
} else if (getLessonTracker(s).getStage() == 4) { } else if (getLessonTracker(s).getStage() == 4) {
instructions = "STAGE 4:\tUse the following to create a fake login form:<br><br>" + "Please enter your password:&lt;BR&gt;&lt;input type = \"password\" name=\"pass\"/&gt;&lt;button " + instructions = "STAGE 4:\tUse the following to create a fake login form:<br><br>" + "Please enter your password:&lt;BR&gt;&lt;input type = \"password\" name=\"pass\"/&gt;&lt;button " +
"onClick=\"javascript:alert('I have your password: ' + pass.value);\"&gt;Submit&lt;/button&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;"; "onClick=\"javascript:alert('I have your password: ' + pass.value);\"&gt;Submit&lt;/button&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;";