Minor Bugfixes
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@338 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
		| @ -265,7 +265,6 @@ public class SQLInjection extends GoatHillsFinancial | ||||
| 	} | ||||
| 	 | ||||
| 	public String getLessonSolutionFileName(WebSession s) { | ||||
| 		System.out.println("SOLUTION!!!"); | ||||
| 		String solutionFileName = null; | ||||
| 		String stage = getStage(s); | ||||
| 		solutionFileName = "/lesson_solutions/Lab SQL Injection/Lab " + stage + ".html"; | ||||
|  | ||||
| @ -35,10 +35,10 @@ First use any person from the list and see what you get. After doing this you | ||||
| can search for a specific person in Firebug. Make sure you find the hidden table with | ||||
| the information, including the salary and so on. In the same table you will find | ||||
| Neville. | ||||
| <center> | ||||
| <img src="/WebGoat/lesson_solutions/ClientSideFiltering_files/clientside_firebug.jpg" alt="Clientside Filtering" /> | ||||
|  | ||||
| <img src="/WebGoat/lesson_solutions/ClientSideFiltering_files/clientside_firebug.jpg" alt="Clientside Filtering" /><br> | ||||
| <font size="2"><b>Inspect HTML on Firebug</b></font> | ||||
| </center> | ||||
|  | ||||
| <p> | ||||
| Now write the salary into the text edit box and submit your answer! | ||||
| </p> | ||||
|  | ||||
| @ -38,10 +38,11 @@ Now enter a character in the coupon code field. The Javascript gets executed | ||||
| but stops at the breakpoint. On the right side you see the parameters | ||||
| and there values. Now use the step over symbol or F10. Now you can read | ||||
| the clear text of decrypted: | ||||
| <center> | ||||
| <br><br> | ||||
| <img src="/WebGoat/lesson_solutions/ClientSideValidation_files/ClientSideValidation_stage1.png" width=450px alt="Stage 1" /> | ||||
| <b>Figure 1 Firebug in action</b> | ||||
| </center> | ||||
| <br> | ||||
| <b><font size="2">Figure 1 Firebug in action</font></b> | ||||
|  | ||||
| <p> | ||||
| Now that you know the coupon name enter it in the coupon field, purchase something | ||||
| and you are done. | ||||
|  | ||||
| @ -33,7 +33,7 @@ to the Tomcat Setup in the Introduction section.</p> | ||||
| is free: <a href="http://www.wireshark.org/"> Wireshark</a>. Make sure  | ||||
| you are capturing on the right interface. Click on | ||||
| the submit button ans stop the capturing. Now analyze the captured data.</p> | ||||
| <div align="center"> | ||||
| <div align="left"> | ||||
| <img src="lesson_solutions/InsecureLogin_files/wireshark1.png"><br> | ||||
| <font size="2"> <b>Figure 1: Sniffed Traffic</b></font> | ||||
| </div> | ||||
|  | ||||
| @ -35,9 +35,9 @@ deletes employees. Of course you could just guess | ||||
| it because it has a really logical name. | ||||
| But we will look it up. So your first step is to log in as John with john as  | ||||
| password. Use WebScarab to intercept the delete request. | ||||
| <center> | ||||
|  | ||||
| <img src="/WebGoat/lesson_solutions/Lab Access Control/images/access_control_stage1.png" width=450px alt="deleteAction" /> | ||||
| </center> | ||||
|  | ||||
| As you can see the delete action is called DeleteProfile. | ||||
| Now log in as Tom. Click in the list on his name and make sure WebScarab  | ||||
| will intercept the next request. Click on a button, for example the  | ||||
|  | ||||
| @ -37,10 +37,10 @@ of another employee! | ||||
| </p> | ||||
| <p> | ||||
| Log in as Tom with tom as password. Click on Tom's name in the list and make sure | ||||
| webscarab will intercept the next request. Change the employee_id for example to 101. | ||||
| <center> | ||||
| webscarab will intercept the next request. Change the employee_id for example to 101.<br><br> | ||||
|  | ||||
| <img src="/WebGoat/lesson_solutions/Lab Access Control/images/access_control_stage1.png" width=450px alt="deleteAction" /> | ||||
| </center> | ||||
|  | ||||
|  | ||||
| </body> | ||||
| </html> | ||||
| @ -23,9 +23,9 @@ Now should appear Tom's Profile. Click on the 'Edit Profile' Button and try an X | ||||
| For example: <script>alert("Got Ya");</script><br/> | ||||
| Click on the UpdateProfile Button and Log out.</p><p> | ||||
| <p> | ||||
| <center> | ||||
|  | ||||
| <img src="/WebGoat/lesson_solutions/Lab XSS/images/stored_xss.png" width=450px alt="stored_xss.png" /> | ||||
| </center> | ||||
|  | ||||
| <p> | ||||
| Now log in as Jerry with jerry as password. Select from the the list the profile of tom and hit the  | ||||
| ViewProfile Button. Congratulation! You have completed the lesson. | ||||
|  | ||||
| @ -33,13 +33,13 @@ works. In the second you have to break the strong authentication. | ||||
| <b>Stage 1</b><br> | ||||
| This stage should be rather straight forward. Give in as name Jane | ||||
| and as password tarzan. </p> | ||||
| <div align="center"><font size="2"> | ||||
| <div align="left"><font size="2"> | ||||
| <img src="lesson_solutions/MultiLevelLogin1_files/login.png"><br> | ||||
| <b>Figure 1: Login Screen</b> | ||||
| </font></div><br> | ||||
| Afthr clicking on the submit button | ||||
| you will be asked for the TAN. <br><br> | ||||
| <div align="center"><font size="2"> | ||||
| <div align="left"><font size="2"> | ||||
| <img src="lesson_solutions/MultiLevelLogin1_files/tan.png"><br> | ||||
| <b>Figure 2: TAN Screen</b> | ||||
| </font></div> | ||||
| @ -54,13 +54,13 @@ Now you will be asked for a TAN. Unfortunately you have only a already | ||||
| used TAN from the victim. Fill in the TAN you have and make sure that WebScarab | ||||
| will intercept the next request. Hit the submit button and change the hidden_tan | ||||
| value to 1. </p> | ||||
| <div align="center"><font size="2"> | ||||
| <div align="left"><font size="2"> | ||||
| <img src="lesson_solutions/MultiLevelLogin1_files/webscarab.png"><br> | ||||
| <b>Figure 3: Manipulation Of The Hidden Field With WebScarab</b> | ||||
| </font></div><br><br> | ||||
| Congratulations you are logged in as Jane.<br><br> | ||||
|  | ||||
| <div align="center"><font size="2"> | ||||
| <div align="left"><font size="2"> | ||||
| <img src="lesson_solutions/MultiLevelLogin1_files/success.png"><br> | ||||
| <b>Figure 4: Manipulation Of The Hidden Field With WebScarab</b> | ||||
| </font></div> | ||||
|  | ||||
| @ -34,7 +34,7 @@ Log in as Joe with password banana. Now make sure the next request will be inter | ||||
| by WebScarab. Fill in the TAN you are asked for and hit the submit button. | ||||
| Change now the hidden_user value from Joe to Jane and you are logged in  | ||||
| as Jane. | ||||
| <div align="center"> | ||||
| <div align="left"> | ||||
| <img src="lesson_solutions/MultiLevelLogin2_files/success.png"><br> | ||||
| <font size="2"><b>Figure 1: Manipulation Of The Hidden Field With WebScarab</b></font> | ||||
| </div> | ||||
|  | ||||
| @ -51,7 +51,7 @@ the link. Of course can WHATEVER be replaced by any other string. | ||||
| The link should look similar to following:<br> | ||||
| <a href=http://localhost/WebGoat/attack?Screen=46&menu=320&SID=WHATEVER> | ||||
| </p> | ||||
| <div align="center"><font size="2"> | ||||
| <div align="left"><font size="2"> | ||||
| <img src='lesson_solutions/SessionFixation_files/sf_stage1.png'><br> | ||||
| <b>Figure 1: Phishing Mail</b> | ||||
| </font> | ||||
| @ -64,7 +64,7 @@ Point with the mouse on the link and you will notice the | ||||
| SID in the status bar of your browser. This is the easiest | ||||
| stage as you have only to click on the link	'Goat Hills Financial'. | ||||
| </p> | ||||
| <div align="center"><font size="2"> | ||||
| <div align="left"><font size="2"> | ||||
| <img src='lesson_solutions/SessionFixation_files/sf_stage2.png'><br> | ||||
| <b>Figure 2: Received Phishing Mail</b> | ||||
| </font> | ||||
| @ -78,7 +78,7 @@ the URL is the SID visible. All | ||||
| you have to do is to log in with your user name Jane | ||||
| and your password tarzan. | ||||
| </p> | ||||
| <div align="center"><font size="2"> | ||||
| <div align="left"><font size="2"> | ||||
| <img src='lesson_solutions/SessionFixation_files/sf_stage3.png'><br> | ||||
| <b>Figure 3: Goat Hills Financial Login Screen</b> | ||||
| </font> | ||||
| @ -98,7 +98,7 @@ Goat Hill Financial. Take a look at the URL and | ||||
| you will see that your SID is NOVALIDSESSION. | ||||
| Change this string to the SID you have chosen | ||||
| at the beginning of this lesson and hit enter.</p> | ||||
| <div align="center"><font size="2"> | ||||
| <div align="left"><font size="2"> | ||||
| <img src='lesson_solutions/SessionFixation_files/sf_stage4_1.png'><br> | ||||
| <b>Figure 4: Browser Address Bar Before Changes</b> | ||||
| <br><br> | ||||
| @ -109,7 +109,7 @@ at the beginning of this lesson and hit enter.</p> | ||||
| <br><br> | ||||
| Congratulation! You are logged in as Jane | ||||
| and the lesson was successful. | ||||
| <div align="center"><font size="2"> | ||||
| <div align="left"><font size="2"> | ||||
| <img src='lesson_solutions/SessionFixation_files/sf_success.png'><br> | ||||
| <b>Figure 6: Successful Completion Of The Lesson</b> | ||||
| </font> | ||||
|  | ||||
| @ -637,7 +637,7 @@ query: SELECT * FROM weather_data WHERE station = 101<o:p></o:p></span></p> | ||||
| <p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Intercept the post request with WebScarab and replace 101 with 101 or 1=1!<o:p></o:p></span></p> | ||||
|  | ||||
| <p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p> </o:p></span></p> | ||||
| <center> | ||||
|  | ||||
| <img src = "/WebGoat/lesson_solutions/SqlNumericInjection_files/numericinjection.png" width=350px> | ||||
|  | ||||
|  | ||||
| @ -647,13 +647,13 @@ field-begin'></span><span style='mso-spacerun:yes'> | ||||
| style='mso-no-proof:yes'>1</span><!--[if supportFields]><span style='mso-element: | ||||
| field-end'></span><![endif]--> Intercepted Request with WebScarab<span style='font-family: | ||||
| "Arial","sans-serif"'><o:p></o:p></span></p> | ||||
| </center> | ||||
|  | ||||
| <br/> | ||||
| <br/> | ||||
| <p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>As the SQL Statement is true for every station you get | ||||
| a list of all stations:<o:p></o:p></span></p> | ||||
|  | ||||
| <center> | ||||
|  | ||||
| <img src = "/WebGoat/lesson_solutions/SqlNumericInjection_files/numericinjection_solved.png" width=350px> | ||||
|  | ||||
|  | ||||
| @ -663,7 +663,7 @@ field-begin'></span><span style='mso-spacerun:yes'> | ||||
| style='mso-no-proof:yes'>2</span><!--[if supportFields]><span style='mso-element: | ||||
| field-end'></span><![endif]--> All stations are visible<span style='font-family: | ||||
| "Arial","sans-serif"'><o:p></o:p></span></p> | ||||
| </center> | ||||
|  | ||||
|  | ||||
| <p class=MsoNormal><o:p> </o:p></p> | ||||
|  | ||||
|  | ||||
		Reference in New Issue
	
	Block a user