dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Started testing. Having issues, but commiting stubs and making ticket to return

Browse Source
This commit is contained in:
Jason White
2017-07-19 08:56:48 -04:00
parent 89bfc3f12d
commit b57cfd06b1
3 changed files with 92 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
webgoat-lessons/auth-bypass/src/main/java/org/owasp/webgoat/plugin/AccountVerificationHelper.java
View File

@ -18,7 +18,7 @@ public class AccountVerificationHelper {
private static final Integer verifyUserId = new Integer(1223445);
private static final Map<String,String> userSecQuestions = new HashMap<>();
static {
userSecQuestions.put("secQuestion0","Mr. Hamurabi");
userSecQuestions.put("secQuestion0","Dr. Watson");
userSecQuestions.put("secQuestion1","Baker Street");
}
@ -37,7 +37,7 @@ public class AccountVerificationHelper {
}
if ((submittedAnswers.containsKey("secQuestion0") && submittedAnswers.get("secQuestion0").equals(secQuestionStore.get(verifyUserId).get("secQuestion0"))) &&
(submittedAnswers.containsKey("secQuestion1") && submittedAnswers.get("seQuestion1").equals(secQuestionStore.get(verifyUserId).get("secQuestion1"))) ) {
(submittedAnswers.containsKey("secQuestion1") && submittedAnswers.get("secQuestion1").equals(secQuestionStore.get(verifyUserId).get("secQuestion1"))) ) {
likely = true;
} else {
likely = false;

4
webgoat-lessons/auth-bypass/src/main/java/org/owasp/webgoat/plugin/VerifyAccount.java
View File

@ -7,6 +7,7 @@ import org.owasp.webgoat.assignments.AssignmentHints;
import org.owasp.webgoat.assignments.AssignmentPath;
import org.owasp.webgoat.assignments.AttackResult;
import org.owasp.webgoat.session.UserSessionData;
import org.owasp.webgoat.session.WebSession;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.*;
@ -28,6 +29,9 @@ import java.util.Map;
@AssignmentHints({"auth-bypass.hints.verify.1", "auth-bypass.hints.verify.2", "auth-bypass.hints.verify.3", "auth-bypass.hints.verify.4"})
public class VerifyAccount extends AssignmentEndpoint {
@Autowired
private WebSession webSession;
@Autowired
UserSessionData userSessionData;