From c001a67b95d005151b542c72f5a2d6dcd3f2f705 Mon Sep 17 00:00:00 2001 From: "wirth.marcel" Date: Mon, 14 Apr 2008 13:28:25 +0000 Subject: [PATCH] Minor Bugfixes git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@338 4033779f-a91e-0410-96ef-6bf7bf53c507 --- .../webgoat/lessons/SQLInjection/SQLInjection.java | 1 - .../lesson_solutions/ClientSideFiltering.html | 6 +++--- .../lesson_solutions/ClientSideValidation.html | 7 ++++--- .../WebContent/lesson_solutions/InsecureLogin.html | 2 +- .../Lab Bypass Business Layer Access Control.html | 4 ++-- .../Lab Bypass Data Layer Access Control.html | 6 +++--- .../lesson_solutions/Lab XSS/Lab Stored XSS.html | 4 ++-- .../WebContent/lesson_solutions/MultiLevelLogin1.html | 8 ++++---- .../WebContent/lesson_solutions/MultiLevelLogin2.html | 2 +- .../WebContent/lesson_solutions/SessionFixation.html | 10 +++++----- .../lesson_solutions/SqlNumericInjection.html | 8 ++++---- 11 files changed, 29 insertions(+), 29 deletions(-) diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/SQLInjection.java b/main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/SQLInjection.java index ff5dcca1d..3e35123ac 100644 --- a/main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/SQLInjection.java +++ b/main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/SQLInjection.java @@ -265,7 +265,6 @@ public class SQLInjection extends GoatHillsFinancial } public String getLessonSolutionFileName(WebSession s) { - System.out.println("SOLUTION!!!"); String solutionFileName = null; String stage = getStage(s); solutionFileName = "/lesson_solutions/Lab SQL Injection/Lab " + stage + ".html"; diff --git a/main/project/WebContent/lesson_solutions/ClientSideFiltering.html b/main/project/WebContent/lesson_solutions/ClientSideFiltering.html index b8d320d97..cd3cde05c 100644 --- a/main/project/WebContent/lesson_solutions/ClientSideFiltering.html +++ b/main/project/WebContent/lesson_solutions/ClientSideFiltering.html @@ -35,10 +35,10 @@ First use any person from the list and see what you get. After doing this you can search for a specific person in Firebug. Make sure you find the hidden table with the information, including the salary and so on. In the same table you will find Neville. -
-Clientside Filtering + +Clientside Filtering
Inspect HTML on Firebug -
+

Now write the salary into the text edit box and submit your answer!

diff --git a/main/project/WebContent/lesson_solutions/ClientSideValidation.html b/main/project/WebContent/lesson_solutions/ClientSideValidation.html index 6d0e354ad..5885088a4 100644 --- a/main/project/WebContent/lesson_solutions/ClientSideValidation.html +++ b/main/project/WebContent/lesson_solutions/ClientSideValidation.html @@ -38,10 +38,11 @@ Now enter a character in the coupon code field. The Javascript gets executed but stops at the breakpoint. On the right side you see the parameters and there values. Now use the step over symbol or F10. Now you can read the clear text of decrypted: -
+

Stage 1 -Figure 1 Firebug in action -
+
+Figure 1 Firebug in action +

Now that you know the coupon name enter it in the coupon field, purchase something and you are done. diff --git a/main/project/WebContent/lesson_solutions/InsecureLogin.html b/main/project/WebContent/lesson_solutions/InsecureLogin.html index 94521d640..513495659 100644 --- a/main/project/WebContent/lesson_solutions/InsecureLogin.html +++ b/main/project/WebContent/lesson_solutions/InsecureLogin.html @@ -33,7 +33,7 @@ to the Tomcat Setup in the Introduction section.

is free: Wireshark. Make sure you are capturing on the right interface. Click on the submit button ans stop the capturing. Now analyze the captured data.

-
+

Figure 1: Sniffed Traffic
diff --git a/main/project/WebContent/lesson_solutions/Lab Access Control/Lab Bypass Business Layer Access Control.html b/main/project/WebContent/lesson_solutions/Lab Access Control/Lab Bypass Business Layer Access Control.html index 10af41c8e..eed12859d 100644 --- a/main/project/WebContent/lesson_solutions/Lab Access Control/Lab Bypass Business Layer Access Control.html +++ b/main/project/WebContent/lesson_solutions/Lab Access Control/Lab Bypass Business Layer Access Control.html @@ -35,9 +35,9 @@ deletes employees. Of course you could just guess it because it has a really logical name. But we will look it up. So your first step is to log in as John with john as password. Use WebScarab to intercept the delete request. -
+ deleteAction -
+ As you can see the delete action is called DeleteProfile. Now log in as Tom. Click in the list on his name and make sure WebScarab will intercept the next request. Click on a button, for example the diff --git a/main/project/WebContent/lesson_solutions/Lab Access Control/Lab Bypass Data Layer Access Control.html b/main/project/WebContent/lesson_solutions/Lab Access Control/Lab Bypass Data Layer Access Control.html index 90426e4f8..737824523 100644 --- a/main/project/WebContent/lesson_solutions/Lab Access Control/Lab Bypass Data Layer Access Control.html +++ b/main/project/WebContent/lesson_solutions/Lab Access Control/Lab Bypass Data Layer Access Control.html @@ -37,10 +37,10 @@ of another employee!

Log in as Tom with tom as password. Click on Tom's name in the list and make sure -webscarab will intercept the next request. Change the employee_id for example to 101. -

+webscarab will intercept the next request. Change the employee_id for example to 101.

+ deleteAction -
+ \ No newline at end of file diff --git a/main/project/WebContent/lesson_solutions/Lab XSS/Lab Stored XSS.html b/main/project/WebContent/lesson_solutions/Lab XSS/Lab Stored XSS.html index cf91d25ad..55a9512b3 100644 --- a/main/project/WebContent/lesson_solutions/Lab XSS/Lab Stored XSS.html +++ b/main/project/WebContent/lesson_solutions/Lab XSS/Lab Stored XSS.html @@ -23,9 +23,9 @@ Now should appear Tom's Profile. Click on the 'Edit Profile' Button and try an X For example: <script>alert("Got Ya");</script>
Click on the UpdateProfile Button and Log out.

-

+ stored_xss.png -
+

Now log in as Jerry with jerry as password. Select from the the list the profile of tom and hit the ViewProfile Button. Congratulation! You have completed the lesson. diff --git a/main/project/WebContent/lesson_solutions/MultiLevelLogin1.html b/main/project/WebContent/lesson_solutions/MultiLevelLogin1.html index b80f5db03..48fd163a7 100644 --- a/main/project/WebContent/lesson_solutions/MultiLevelLogin1.html +++ b/main/project/WebContent/lesson_solutions/MultiLevelLogin1.html @@ -33,13 +33,13 @@ works. In the second you have to break the strong authentication. Stage 1
This stage should be rather straight forward. Give in as name Jane and as password tarzan.

-
+

Figure 1: Login Screen

Afthr clicking on the submit button you will be asked for the TAN.

-
+

Figure 2: TAN Screen
@@ -54,13 +54,13 @@ Now you will be asked for a TAN. Unfortunately you have only a already used TAN from the victim. Fill in the TAN you have and make sure that WebScarab will intercept the next request. Hit the submit button and change the hidden_tan value to 1.

-
+

Figure 3: Manipulation Of The Hidden Field With WebScarab


Congratulations you are logged in as Jane.

-
+

Figure 4: Manipulation Of The Hidden Field With WebScarab
diff --git a/main/project/WebContent/lesson_solutions/MultiLevelLogin2.html b/main/project/WebContent/lesson_solutions/MultiLevelLogin2.html index a1dc9cb55..5e67b7772 100644 --- a/main/project/WebContent/lesson_solutions/MultiLevelLogin2.html +++ b/main/project/WebContent/lesson_solutions/MultiLevelLogin2.html @@ -34,7 +34,7 @@ Log in as Joe with password banana. Now make sure the next request will be inter by WebScarab. Fill in the TAN you are asked for and hit the submit button. Change now the hidden_user value from Joe to Jane and you are logged in as Jane. -
+

Figure 1: Manipulation Of The Hidden Field With WebScarab
diff --git a/main/project/WebContent/lesson_solutions/SessionFixation.html b/main/project/WebContent/lesson_solutions/SessionFixation.html index ff1f539f6..067499c37 100644 --- a/main/project/WebContent/lesson_solutions/SessionFixation.html +++ b/main/project/WebContent/lesson_solutions/SessionFixation.html @@ -51,7 +51,7 @@ the link. Of course can WHATEVER be replaced by any other string. The link should look similar to following:
<a href=http://localhost/WebGoat/attack?Screen=46&menu=320&SID=WHATEVER>

-
+

Figure 1: Phishing Mail @@ -64,7 +64,7 @@ Point with the mouse on the link and you will notice the SID in the status bar of your browser. This is the easiest stage as you have only to click on the link 'Goat Hills Financial'.

-
+

Figure 2: Received Phishing Mail @@ -78,7 +78,7 @@ the URL is the SID visible. All you have to do is to log in with your user name Jane and your password tarzan.

-
+

Figure 3: Goat Hills Financial Login Screen @@ -98,7 +98,7 @@ Goat Hill Financial. Take a look at the URL and you will see that your SID is NOVALIDSESSION. Change this string to the SID you have chosen at the beginning of this lesson and hit enter.

-
+

Figure 4: Browser Address Bar Before Changes

@@ -109,7 +109,7 @@ at the beginning of this lesson and hit enter.



Congratulation! You are logged in as Jane and the lesson was successful. -
+

Figure 6: Successful Completion Of The Lesson diff --git a/main/project/WebContent/lesson_solutions/SqlNumericInjection.html b/main/project/WebContent/lesson_solutions/SqlNumericInjection.html index bba9c32e5..6a8fe7e2c 100644 --- a/main/project/WebContent/lesson_solutions/SqlNumericInjection.html +++ b/main/project/WebContent/lesson_solutions/SqlNumericInjection.html @@ -637,7 +637,7 @@ query: SELECT * FROM weather_data WHERE station = 101

Intercept the post request with WebScarab and replace 101 with 101 or 1=1!

 

-
+ @@ -647,13 +647,13 @@ field-begin'> style='mso-no-proof:yes'>1 Intercepted Request with WebScarab

-
+

As the SQL Statement is true for every station you get a list of all stations:

-
+ @@ -663,7 +663,7 @@ field-begin'> style='mso-no-proof:yes'>2 All stations are visible

-
+