dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'next' of https://github.com/WebGoat/WebGoat into next

Browse Source
This commit is contained in:
diver-sity 2014-09-13 06:05:57 +10:00
commit bdb9d33bf6
9 changed files with 118 additions and 128 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

197
src/main/webapp/WEB-INF/pages/about.jsp
View File

@ -1,124 +1,97 @@
<%@ page contentType="text/html; charset=ISO-8859-1" language="java" <%@ page contentType="text/html; charset=ISO-8859-1" language="java"
errorPage=""%> errorPage=""%>
<!-- Latest compiled and minified CSS --> <!-- This modal content is included into the main_new.jsp -->
<link rel="stylesheet" href="plugins/bootstrap/css/bootstrap.min.css"/>
<link rel="stylesheet" href="css/webgoat.css" type="text/css" />
<div class="modal-content">
<div class="modal-header"> <div class="modal-header">
<button type="button" class="close" data-dismiss="modal"><span aria-hidden="true">&times;</span><span class="sr-only">Close</span></button> <button type="button" class="close" data-dismiss="modal" aria-hidden="true">&times;</button>
<h1 class="modal-title" id="myModalLabel">About WebGoat</h1> <h3 class="modal-title" id="myModalLabel">About WebGoat - Provided by the OWASP Foundation</h3>
</div> </div>
<div class="modal-body"> <div class="modal-body modal-scroll">
<p>Thank you for using WebGoat! This program is a demonstration of common web application flaws. <p>Thanks for hacking The Goat!</p>
The exercises are intended to provide hands on experience with <p>WebGoat is a demonstration of common web application flaws. The
application penetration testing techniques. </p> associated exercises are intended to provide hands-on experience with
<p>The WebGoat project is led techniques aimed at demonstrating and testing application penetration.
by Bruce Mayhew. Please send all comments to Bruce at [TODO, session was blowing up here for some reason].</p> </p>
<p>From the entire WebGoat team, we appreciate your interest and efforts
<div id="team"> in making applications not just better, but safer and more secure for
<table border="0" align="center" class="lessonText"> everyone. We, as well as our sacrificial goat, thank you.</p>
<tr> <p>Version: 6.0</p>
<td width="50%"> <div class="row">
<div align="center"><a href="http://www.owasp.org"><img <div class="col-md-6">
border="0" src="images/logos/owasp.jpg" alt="OWASP Foundation" <p>Contact us:
longdesc="http://www.owasp.org" /></a></div> <ul>
</td> <li>WebGoat mailing list: owasp-webgoat@lists.owasp.org</li>
<td width="50%"> <li>Bruce Mayhew: webgoat@owasp.org</li>
<div align="center"><a href="http://www.aspectsecurity.com"><img </ul>
border="0" src="images/logos/aspect.jpg" alt="Aspect Security" </p>
longdesc="http://www.aspectsecurity.com" /></a></div> </div>
</td> </div>
</tr> <div class="row">
<tr> <div class="col-md-6">
<td colspan="2"> <p>WebGoat Authors
<div align="center"><span class="style1"> <ul>
WebGoat Authors </span></div> <li>Bruce Mayhew (Project Lead)</li>
</td> <li>Jeff Williams (Original Idea)</li>
</tr> <li>Richard Lawson (Architect)</li>
<tr> <li>Jason White (Architect)</li>
<td colspan="2"> </ul>
<div align="center"><span class="style2"> </p>
Bruce Mayhew </span></div> </div>
</td> <div class="col-md-6">
</tr> <p>WebGoat Design Team
<tr> <ul>
<td colspan="2"> <li>Richard Lawson</li>
<div align="center"><span class="style2"> <li>Bruce Mayhew</li>
Jeff Williams </span></div> <li>Jason White</li>
</td> <li>Ali Looney (User Interface)</li>
</tr> <li>Jeff Wayman (Website and Docs)</li>
<tr> </ul>
<td width="50%"> </p>
<div align="center"><span class="style1"><br /> </div>
WebGoat Design Team </span></div> </div>
</td> <div class="row">
<td width="50%"> <div class="col-md-6">
<div align="center"><span class="style1"><br /> <p>Active Contributors
V5.4 Lesson Contributers </span></div> <ul>
</td> <li>Nanne Baars (Developer)</li>
</tr> <li>Dave Cowden (Everything)</li>
<tr> <li>Keith Gasser (Survey)</li>
<td valign="top"> <li>Li Simon (Developer)</li>
<div align="center" class="style2">David Anderson</div> </ul>
<div align="center" class="style2">Laurence Casey (Graphics)</div> </p>
<div align="center" class="style2">Rogan Dawes</div> </div>
<div align="center" class="style2">Bruce Mayhew</div> <div class="col-md-6">
</td> <p>Past Contributors
<td valign="top"> <ul>
<div align="center" class="style2">Sherif Koussa</div> <li>David Anderson (Developer/Design)</li>
<div align="center" class="style2">Yiannis Pavlosoglou</div> <li>Christopher Blum (Lessons)</li>
<div align="center" class="style2"></div> <li>Laurence Casey (Graphics)</li>
<li>Brian Ciomei (Bug fixes)</li>
</td> <li>Rogan Dawes (Lessons)</li>
</tr> <li>Erwin Geirnaert (Solutions)</li>
<tr> <li>Aung Knant (Documentation)</li>
<td height="25" valign="bottom"> <li>Ryan Knell (Lessons)</li>
<div align="center"><span class="style1">Special Thanks <li>Christine Koppeit (Build)</li>
for V5.4</span></div> <li>Sherif Kousa (Lessons/Documentation)</li>
</td> <li>Reto Lippuner (Lessons)</li>
<td height="25" valign="bottom"> <li>PartNet (Lessons)</li>
<div align="center"><span class="style1">Documentation <li>Yiannis Pavlosoglou (Lessons)</li>
Contributers</span></div> <li>Eric Sheridan (Lessons)</li>
</td> <li>Alex Smolen (Lessons)</li>
</tr> <li>Chuck Willis (Lessons)</li>
<tr> <li>Marcel Wirth (Lessons)</li>
<td> </ul>
<div align="center" class="style2">Brian Ciomei (Multitude of bug fixes)</div> </p>
<div align="center" class="style2">To all who have sent comments</div> <p>Did we miss you? Our sincere apologies, as we know there have
been many contributors over the years. If your name does not
</td> appear in any of the lists above, please send us a note. We'll
<td> get you added with no further sacrifices required.</p>
<div align="center" class="style2">
<a href="http://www.zionsecurity.com/" target="_blank">Erwin Geirnaert</a></div>
<div align="center" class="style2">
<a href="http://yehg.org/" target="_blank">Aung Khant</a></div>
<div align="center" class="style2">
<a href="http://www.softwaresecured.com" target="blank">Sherif Koussa</a>
</div> </div>
</td>
</tr>
<tr>
<td>
<div align="center" class="style2">&nbsp;</div>
</td>
</tr>
</table>
</div> </div>
<div align="center" class="style2">&nbsp;</div>
<div align="center" class="style2">&nbsp;</div>
<div align="center" class="style2">&nbsp;</div>
<div id="warning">WARNING<br />
While running this program, your machine is extremely vulnerable to
attack if you are not running on localhost. If you are NOT running on localhost (default configuration), You should disconnect from the network while using this program.
<br />
<br />
This program is for educational purposes only. Use of these techniques
without permission could lead to job termination, financial liability,
and/or criminal penalties.</div>
</div> </div>
<div class="modal-footer"> <div class="modal-footer">
<button type="button" class="btn btn-default" data-dismiss="modal">Close</button> <button type="button" class="btn btn-default" data-dismiss="modal">Close</button>
</div> </div>
</div>

5
src/main/webapp/WEB-INF/pages/main_new.jsp
View File

@ -57,7 +57,7 @@
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" /> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
<title>WebGoat V6.0</title> <title>WebGoat</title>
</head> </head>
<body class="animated fadeIn" ng-app="goatApp"> <body class="animated fadeIn" ng-app="goatApp">
@ -354,10 +354,11 @@
} }
</script> </script>
<!-- Modal --> <!-- About WebGoat Modal -->
<div class="modal fade" id="aboutModal" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true"> <div class="modal fade" id="aboutModal" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
<div class="modal-dialog modal-lg"> <div class="modal-dialog modal-lg">
<div class="modal-content"> <div class="modal-content">
<jsp:include page="../pages/about.jsp"/>
</div> </div>
</div> </div>
</div> </div>

1
src/main/webapp/WEB-INF/spring-security.xml
View File

@ -21,6 +21,7 @@
<http use-expressions="true"> <http use-expressions="true">
<intercept-url pattern="/login.mvc" access="permitAll" /> <intercept-url pattern="/login.mvc" access="permitAll" />
<intercept-url pattern="/logout.mvc" access="permitAll" /> <intercept-url pattern="/logout.mvc" access="permitAll" />
<intercept-url pattern="/index.jsp" access="permitAll" />
<intercept-url pattern="/servlet/AdminServlet/**" access="hasAnyRole('ROLE_WEBGOAT_ADMIN','ROLE_SERVER_ADMIN')" /> <intercept-url pattern="/servlet/AdminServlet/**" access="hasAnyRole('ROLE_WEBGOAT_ADMIN','ROLE_SERVER_ADMIN')" />
<intercept-url pattern="/JavaSource/**" access="hasRole('ROLE_SERVER_ADMIN')" /> <intercept-url pattern="/JavaSource/**" access="hasRole('ROLE_SERVER_ADMIN')" />
<intercept-url pattern="/**" access="hasAnyRole('ROLE_WEBGOAT_USER','ROLE_WEBGOAT_ADMIN','ROLE_SERVER_ADMIN')" /> <intercept-url pattern="/**" access="hasAnyRole('ROLE_WEBGOAT_USER','ROLE_WEBGOAT_ADMIN','ROLE_SERVER_ADMIN')" />

2
src/main/webapp/WEB-INF/web.xml
View File

@ -323,7 +323,7 @@
</mime-mapping> </mime-mapping>
<welcome-file-list> <welcome-file-list>
<welcome-file>login.mvc</welcome-file> <welcome-file>index.jsp</welcome-file>
</welcome-file-list> </welcome-file-list>
</web-app> </web-app>

BIN
src/main/webapp/css/img/logoBG.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 18 KiB

21
src/main/webapp/css/main.css
View File

@ -74,16 +74,16 @@ img {
#header .brand { #header .brand {
float: left; float: left;
width: 240px; width: 240px;
min-height: 80px; height: 80px;
padding: 0 0 0 10px; padding: 0;
position: relative; position: relative;
background: #e84c3d url('img/logo.png') no-repeat 25px 26px; background: url('img/logoBG.jpg') no-repeat 0px 0px;
} }
#header .logo { #header .logo {
color: #fff; color: #fff;
font-size: 1.7em; font-size: 1.7em;
text-transform: uppercase; text-transform: uppercase;
padding: 23px 0 0 57px; padding: 23px 0 0 75px;
display: inline-block; display: inline-block;
} }
#header .logo span { #header .logo span {
@ -714,6 +714,17 @@ fieldset[disabled] .btn-warning.active {
color: #fff; color: #fff;
border: none; border: none;
} }
/* ==========================================================================
Modal
========================================================================== */
.modal-footer .btn + .btn {
margin-bottom: 5px;
}
.modal .modal-body.modal-scroll {
max-height: 350px;
overflow-y: auto;
}
/* ========================================================================== /* ==========================================================================
Media Queries Media Queries
========================================================================== */ ========================================================================== */
@ -774,7 +785,7 @@ fieldset[disabled] .btn-warning.active {
#topLinks { #topLinks {
float:right; float:right;
margin-right:5px;s margin-right:5px;
margin-top:3px; margin-top:3px;
} }

3
src/main/webapp/css/webgoat.css
View File

@ -1,3 +1,4 @@
/*
body{ body{
min-width: 800px; min-width: 800px;
font-family: Arial,sans-serif; font-family: Arial,sans-serif;
@ -49,7 +50,7 @@ h5{
font-size: 100%; font-size: 100%;
color: #334d55; color: #334d55;
} }
*/
ul{ ul{
list-style-type: square; list-style-type: square;
} }

3
src/main/webapp/index.jsp Normal file
View File

@ -0,0 +1,3 @@
<%@ page session="false" %>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
<c:redirect url="/login.mvc"/>

2
src/main/webapp/js/goatControllers.js
View File

@ -151,7 +151,7 @@ goat.controller('goatLesson', function($scope, $http, $modal, $log, $templateCac
$scope.showAbout = function() { $scope.showAbout = function() {
$('#aboutModal').modal({ $('#aboutModal').modal({
remote: 'about.mvc' //remote: 'about.mvc'
}); });
}; };