Merge branch 'next' of https://github.com/WebGoat/WebGoat into next
This commit is contained in:
		| @ -1,124 +1,97 @@ | |||||||
| <%@ page contentType="text/html; charset=ISO-8859-1" language="java" | <%@ page contentType="text/html; charset=ISO-8859-1" language="java" | ||||||
|          errorPage=""%> |          errorPage=""%> | ||||||
|  |  | ||||||
| <!-- Latest compiled and minified CSS --> | <!-- This modal content is included into the main_new.jsp --> | ||||||
| <link rel="stylesheet" href="plugins/bootstrap/css/bootstrap.min.css"/> |  | ||||||
| <link rel="stylesheet" href="css/webgoat.css" type="text/css" /> |  | ||||||
|  |  | ||||||
| <div class="modal-header"> | <div class="modal-content"> | ||||||
|     <button type="button" class="close" data-dismiss="modal"><span aria-hidden="true">×</span><span class="sr-only">Close</span></button> |     <div class="modal-header"> | ||||||
|     <h1 class="modal-title" id="myModalLabel">About WebGoat</h1> |         <button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button> | ||||||
| </div> |         <h3 class="modal-title" id="myModalLabel">About WebGoat - Provided by the OWASP Foundation</h3> | ||||||
| <div class="modal-body"> |  | ||||||
|     <p>Thank you for using WebGoat! This program is a demonstration of common web application flaws. |  | ||||||
|         The exercises are intended to provide hands on experience with |  | ||||||
|         application penetration testing techniques. </p> |  | ||||||
|     <p>The WebGoat project is led |  | ||||||
|         by Bruce Mayhew. Please send all comments to Bruce at [TODO, session was blowing up here for some reason].</p> |  | ||||||
|  |  | ||||||
|     <div id="team"> |  | ||||||
|         <table border="0" align="center" class="lessonText"> |  | ||||||
|             <tr> |  | ||||||
|                 <td width="50%"> |  | ||||||
|                     <div align="center"><a href="http://www.owasp.org"><img |  | ||||||
|                                 border="0" src="images/logos/owasp.jpg" alt="OWASP Foundation" |  | ||||||
|                                 longdesc="http://www.owasp.org" /></a></div> |  | ||||||
|                 </td> |  | ||||||
|                 <td width="50%"> |  | ||||||
|                     <div align="center"><a href="http://www.aspectsecurity.com"><img |  | ||||||
|                                 border="0" src="images/logos/aspect.jpg" alt="Aspect Security" |  | ||||||
|                                 longdesc="http://www.aspectsecurity.com" /></a></div> |  | ||||||
|                 </td> |  | ||||||
|             </tr> |  | ||||||
|             <tr> |  | ||||||
|                 <td colspan="2"> |  | ||||||
|                     <div align="center"><span class="style1"> |  | ||||||
|                             WebGoat Authors </span></div> |  | ||||||
|                 </td> |  | ||||||
|             </tr> |  | ||||||
|             <tr> |  | ||||||
|                 <td colspan="2"> |  | ||||||
|                     <div align="center"><span class="style2"> |  | ||||||
|                             Bruce Mayhew </span></div> |  | ||||||
|                 </td> |  | ||||||
|             </tr> |  | ||||||
|             <tr> |  | ||||||
|                 <td colspan="2"> |  | ||||||
|                     <div align="center"><span class="style2"> |  | ||||||
|                             Jeff Williams </span></div> |  | ||||||
|                 </td> |  | ||||||
|             </tr> |  | ||||||
|             <tr> |  | ||||||
|                 <td width="50%"> |  | ||||||
|                     <div align="center"><span class="style1"><br /> |  | ||||||
|                             WebGoat Design Team </span></div> |  | ||||||
|                 </td> |  | ||||||
|                 <td width="50%"> |  | ||||||
|                     <div align="center"><span class="style1"><br /> |  | ||||||
|                             V5.4 Lesson Contributers </span></div> |  | ||||||
|                 </td> |  | ||||||
|             </tr> |  | ||||||
|             <tr> |  | ||||||
|                 <td valign="top"> |  | ||||||
|                     <div align="center" class="style2">David Anderson</div> |  | ||||||
|                     <div align="center" class="style2">Laurence Casey (Graphics)</div> |  | ||||||
|                     <div align="center" class="style2">Rogan Dawes</div> |  | ||||||
|                     <div align="center" class="style2">Bruce Mayhew</div> |  | ||||||
|                 </td> |  | ||||||
|                 <td valign="top"> |  | ||||||
|                     <div align="center" class="style2">Sherif Koussa</div> |  | ||||||
|                     <div align="center" class="style2">Yiannis Pavlosoglou</div> |  | ||||||
|                     <div align="center" class="style2"></div> |  | ||||||
|  |  | ||||||
|                 </td> |  | ||||||
|             </tr> |  | ||||||
|             <tr> |  | ||||||
|                 <td height="25" valign="bottom"> |  | ||||||
|                     <div align="center"><span class="style1">Special Thanks |  | ||||||
|                             for V5.4</span></div> |  | ||||||
|                 </td> |  | ||||||
|                 <td height="25" valign="bottom"> |  | ||||||
|                     <div align="center"><span class="style1">Documentation |  | ||||||
|                             Contributers</span></div> |  | ||||||
|                 </td> |  | ||||||
|             </tr> |  | ||||||
|             <tr> |  | ||||||
|                 <td> |  | ||||||
|                     <div align="center" class="style2">Brian Ciomei (Multitude of bug fixes)</div> |  | ||||||
|                     <div align="center" class="style2">To all who have sent comments</div> |  | ||||||
|  |  | ||||||
|                 </td> |  | ||||||
|                 <td> |  | ||||||
|                     <div align="center" class="style2"> |  | ||||||
|                         <a href="http://www.zionsecurity.com/" target="_blank">Erwin Geirnaert</a></div> |  | ||||||
|                     <div align="center" class="style2"> |  | ||||||
|                         <a href="http://yehg.org/" target="_blank">Aung Khant</a></div> |  | ||||||
|                     <div align="center" class="style2"> |  | ||||||
|                         <a href="http://www.softwaresecured.com" target="blank">Sherif Koussa</a> |  | ||||||
|     </div> |     </div> | ||||||
|                 </td> |     <div class="modal-body modal-scroll"> | ||||||
|             </tr> |         <p>Thanks for hacking The Goat!</p>  | ||||||
|             <tr> | 		<p>WebGoat is a demonstration of common web application flaws. The | ||||||
|                 <td> |         associated exercises are intended to provide hands-on experience with | ||||||
|                     <div align="center" class="style2"> </div> |         techniques aimed at demonstrating and testing application penetration. | ||||||
|                 </td> |         </p> | ||||||
|             </tr> | 		<p>From the entire WebGoat team, we appreciate your interest and efforts | ||||||
|         </table> |         in making applications not just better, but safer and more secure for | ||||||
|  |         everyone. We, as well as our sacrificial goat, thank you.</p> | ||||||
|  |         <p>Version: 6.0</p> | ||||||
|  |         <div class="row"> | ||||||
|  |           <div class="col-md-6"> | ||||||
|  |               <p>Contact us: | ||||||
|  |               <ul> | ||||||
|  |                   <li>WebGoat mailing list: owasp-webgoat@lists.owasp.org</li> | ||||||
|  |                   <li>Bruce Mayhew:  webgoat@owasp.org</li> | ||||||
|  |               </ul> | ||||||
|  |               </p> | ||||||
|           </div> |           </div> | ||||||
|     <div align="center" class="style2"> </div> |  		</div>        | ||||||
|     <div align="center" class="style2"> </div> |         <div class="row"> | ||||||
|     <div align="center" class="style2"> </div> |             <div class="col-md-6"> | ||||||
|     <div id="warning">WARNING<br /> |                 <p>WebGoat Authors | ||||||
|         While running this program, your machine is extremely vulnerable to |                 <ul> | ||||||
|         attack if you are not running on localhost. If you are NOT running on localhost (default configuration), You should disconnect from the network while using this program. |                     <li>Bruce Mayhew (Project Lead)</li> | ||||||
|         <br /> |                     <li>Jeff Williams (Original Idea)</li> | ||||||
|         <br /> |                     <li>Richard Lawson (Architect)</li> | ||||||
|         This program is for educational purposes only. Use of these techniques |                     <li>Jason White (Architect)</li> | ||||||
|         without permission could lead to job termination, financial liability, |                 </ul> | ||||||
|         and/or criminal penalties.</div> |                 </p> | ||||||
| </div> |             </div> | ||||||
| <div class="modal-footer"> |             <div class="col-md-6"> | ||||||
|  |                 <p>WebGoat Design Team | ||||||
|  |                 <ul> | ||||||
|  |                     <li>Richard Lawson</li> | ||||||
|  |                     <li>Bruce Mayhew</li> | ||||||
|  |                     <li>Jason White</li> | ||||||
|  |                     <li>Ali Looney (User Interface)</li> | ||||||
|  |                     <li>Jeff Wayman (Website and Docs)</li> | ||||||
|  |                 </ul> | ||||||
|  |                 </p> | ||||||
|  |             </div> | ||||||
|  |         </div> | ||||||
|  |         <div class="row"> | ||||||
|  |             <div class="col-md-6"> | ||||||
|  |                 <p>Active Contributors | ||||||
|  |                 <ul> | ||||||
|  |                     <li>Nanne Baars (Developer)</li> | ||||||
|  |                     <li>Dave Cowden (Everything)</li> | ||||||
|  |                     <li>Keith Gasser (Survey)</li> | ||||||
|  |                     <li>Li Simon (Developer)</li> | ||||||
|  |                 </ul> | ||||||
|  |                 </p> | ||||||
|  |             </div> | ||||||
|  |             <div class="col-md-6"> | ||||||
|  |                 <p>Past Contributors | ||||||
|  |                 <ul> | ||||||
|  |                     <li>David Anderson (Developer/Design)</li> | ||||||
|  |                     <li>Christopher Blum (Lessons)</li> | ||||||
|  |                     <li>Laurence Casey (Graphics)</li> | ||||||
|  |                     <li>Brian Ciomei (Bug fixes)</li> | ||||||
|  |                     <li>Rogan Dawes (Lessons)</li> | ||||||
|  |                     <li>Erwin Geirnaert (Solutions)</li> | ||||||
|  |                     <li>Aung Knant (Documentation)</li> | ||||||
|  |                     <li>Ryan Knell (Lessons)</li> | ||||||
|  |                     <li>Christine Koppeit (Build)</li> | ||||||
|  |                     <li>Sherif Kousa (Lessons/Documentation)</li> | ||||||
|  |                     <li>Reto Lippuner (Lessons)</li> | ||||||
|  |                     <li>PartNet (Lessons)</li> | ||||||
|  |                     <li>Yiannis Pavlosoglou (Lessons)</li> | ||||||
|  |                     <li>Eric Sheridan (Lessons)</li> | ||||||
|  |                     <li>Alex Smolen (Lessons)</li> | ||||||
|  |                     <li>Chuck Willis (Lessons)</li> | ||||||
|  |                     <li>Marcel Wirth (Lessons)</li> | ||||||
|  |                 </ul> | ||||||
|  |                 </p> | ||||||
|  |                 <p>Did we miss you? Our sincere apologies, as we know there have | ||||||
|  |                 been many contributors over the years. If your name does not | ||||||
|  |                 appear in any of the lists above, please send us a note. We'll | ||||||
|  |                 get you added with no further sacrifices required.</p> | ||||||
|  |             </div> | ||||||
|  |         </div> | ||||||
|  |     </div> | ||||||
|  |     <div class="modal-footer"> | ||||||
|         <button type="button" class="btn btn-default" data-dismiss="modal">Close</button> |         <button type="button" class="btn btn-default" data-dismiss="modal">Close</button> | ||||||
|  |     </div> | ||||||
| </div> | </div> | ||||||
|  |  | ||||||
|  |  | ||||||
|  | |||||||
| @ -57,7 +57,7 @@ | |||||||
|  |  | ||||||
|  |  | ||||||
|         <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" /> |         <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" /> | ||||||
|         <title>WebGoat V6.0</title> |         <title>WebGoat</title> | ||||||
|     </head> |     </head> | ||||||
|  |  | ||||||
|     <body class="animated fadeIn" ng-app="goatApp"> |     <body class="animated fadeIn" ng-app="goatApp"> | ||||||
| @ -354,10 +354,11 @@ | |||||||
|                                             } |                                             } | ||||||
|  |  | ||||||
|         </script> |         </script> | ||||||
|         <!-- Modal --> |         <!-- About WebGoat Modal --> | ||||||
|         <div class="modal fade" id="aboutModal" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true"> |         <div class="modal fade" id="aboutModal" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true"> | ||||||
|             <div class="modal-dialog modal-lg"> |             <div class="modal-dialog modal-lg"> | ||||||
|                 <div class="modal-content"> |                 <div class="modal-content"> | ||||||
|  |                     <jsp:include page="../pages/about.jsp"/>  | ||||||
|                 </div> |                 </div> | ||||||
|             </div> |             </div> | ||||||
|         </div> |         </div> | ||||||
|  | |||||||
| @ -21,6 +21,7 @@ | |||||||
|     <http use-expressions="true">   |     <http use-expressions="true">   | ||||||
|         <intercept-url pattern="/login.mvc" access="permitAll" /> |         <intercept-url pattern="/login.mvc" access="permitAll" /> | ||||||
|         <intercept-url pattern="/logout.mvc" access="permitAll" />    |         <intercept-url pattern="/logout.mvc" access="permitAll" />    | ||||||
|  |         <intercept-url pattern="/index.jsp" access="permitAll" />           | ||||||
|         <intercept-url pattern="/servlet/AdminServlet/**" access="hasAnyRole('ROLE_WEBGOAT_ADMIN','ROLE_SERVER_ADMIN')" /> |         <intercept-url pattern="/servlet/AdminServlet/**" access="hasAnyRole('ROLE_WEBGOAT_ADMIN','ROLE_SERVER_ADMIN')" /> | ||||||
|         <intercept-url pattern="/JavaSource/**" access="hasRole('ROLE_SERVER_ADMIN')" />          	 |         <intercept-url pattern="/JavaSource/**" access="hasRole('ROLE_SERVER_ADMIN')" />          	 | ||||||
|         <intercept-url pattern="/**" access="hasAnyRole('ROLE_WEBGOAT_USER','ROLE_WEBGOAT_ADMIN','ROLE_SERVER_ADMIN')" /> |         <intercept-url pattern="/**" access="hasAnyRole('ROLE_WEBGOAT_USER','ROLE_WEBGOAT_ADMIN','ROLE_SERVER_ADMIN')" /> | ||||||
|  | |||||||
| @ -323,7 +323,7 @@ | |||||||
|     </mime-mapping> |     </mime-mapping> | ||||||
|      |      | ||||||
|     <welcome-file-list> |     <welcome-file-list> | ||||||
|         <welcome-file>login.mvc</welcome-file> |         <welcome-file>index.jsp</welcome-file> | ||||||
|     </welcome-file-list> |     </welcome-file-list> | ||||||
|  |  | ||||||
| </web-app> | </web-app> | ||||||
|  | |||||||
							
								
								
									
										
											BIN
										
									
								
								src/main/webapp/css/img/logoBG.jpg
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										
											BIN
										
									
								
								src/main/webapp/css/img/logoBG.jpg
									
									
									
									
									
										Normal file
									
								
							
										
											Binary file not shown.
										
									
								
							| After Width: | Height: | Size: 18 KiB | 
| @ -74,16 +74,16 @@ img { | |||||||
| #header .brand { | #header .brand { | ||||||
|   float: left; |   float: left; | ||||||
|   width: 240px; |   width: 240px; | ||||||
|   min-height: 80px; |   height: 80px; | ||||||
|   padding: 0 0 0 10px; |   padding: 0; | ||||||
|   position: relative; |   position: relative; | ||||||
|   background: #e84c3d url('img/logo.png') no-repeat 25px 26px; |   background: url('img/logoBG.jpg') no-repeat 0px 0px; | ||||||
| } | } | ||||||
| #header .logo { | #header .logo { | ||||||
|   color: #fff; |   color: #fff; | ||||||
|   font-size: 1.7em; |   font-size: 1.7em; | ||||||
|   text-transform: uppercase; |   text-transform: uppercase; | ||||||
|   padding: 23px 0 0 57px; |   padding: 23px 0 0 75px; | ||||||
|   display: inline-block; |   display: inline-block; | ||||||
| } | } | ||||||
| #header .logo span { | #header .logo span { | ||||||
| @ -714,6 +714,17 @@ fieldset[disabled] .btn-warning.active { | |||||||
|   color: #fff; |   color: #fff; | ||||||
|   border: none; |   border: none; | ||||||
| } | } | ||||||
|  |  | ||||||
|  | /* ========================================================================== | ||||||
|  |   Modal | ||||||
|  |    ========================================================================== */ | ||||||
|  | .modal-footer .btn + .btn { | ||||||
|  |   margin-bottom: 5px; | ||||||
|  | } | ||||||
|  | .modal .modal-body.modal-scroll { | ||||||
|  |   max-height: 350px; | ||||||
|  |   overflow-y: auto; | ||||||
|  | } | ||||||
| /* ========================================================================== | /* ========================================================================== | ||||||
|    Media Queries |    Media Queries | ||||||
|    ========================================================================== */ |    ========================================================================== */ | ||||||
| @ -774,7 +785,7 @@ fieldset[disabled] .btn-warning.active { | |||||||
|  |  | ||||||
| #topLinks { | #topLinks { | ||||||
|   float:right; |   float:right; | ||||||
|   margin-right:5px;s |   margin-right:5px; | ||||||
|   margin-top:3px; |   margin-top:3px; | ||||||
| } | } | ||||||
|  |  | ||||||
|  | |||||||
| @ -1,3 +1,4 @@ | |||||||
|  | /* | ||||||
| body{  | body{  | ||||||
| 	min-width: 800px; | 	min-width: 800px; | ||||||
| 	font-family: Arial,sans-serif; | 	font-family: Arial,sans-serif; | ||||||
| @ -49,7 +50,7 @@ h5{ | |||||||
| 	font-size: 100%; | 	font-size: 100%; | ||||||
| 	color: #334d55; | 	color: #334d55; | ||||||
| } | } | ||||||
|  | */ | ||||||
| ul{ | ul{ | ||||||
| 	list-style-type: square; | 	list-style-type: square; | ||||||
| } | } | ||||||
|  | |||||||
							
								
								
									
										3
									
								
								src/main/webapp/index.jsp
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										3
									
								
								src/main/webapp/index.jsp
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,3 @@ | |||||||
|  | <%@ page session="false" %> | ||||||
|  | <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %> | ||||||
|  | <c:redirect url="/login.mvc"/> | ||||||
| @ -151,7 +151,7 @@ goat.controller('goatLesson', function($scope, $http, $modal, $log, $templateCac | |||||||
|  |  | ||||||
|     $scope.showAbout = function() { |     $scope.showAbout = function() { | ||||||
|         $('#aboutModal').modal({ |         $('#aboutModal').modal({ | ||||||
|             remote: 'about.mvc' |             //remote: 'about.mvc' | ||||||
|         }); |         }); | ||||||
|     }; |     }; | ||||||
|  |  | ||||||
|  | |||||||
		Reference in New Issue
	
	Block a user