';"
+ lineSep
@@ -205,13 +205,13 @@ public class JSONInjection extends LessonAdapter
+ lineSep
+ " if ( document.getElementById('radio0').checked )"
+ lineSep
- + " { document.getElementById('price2Submit').value = document.getElementById('priceID0').innerText; }"
+ + " { document.getElementById('price2Submit').value = document.getElementById('priceID0').innerHTML; return true;}"
+ lineSep
+ " else if ( document.getElementById('radio1').checked )"
+ lineSep
- + " { document.getElementById('price2Submit').value = document.getElementById('priceID1').innerText; }"
+ + " { document.getElementById('price2Submit').value = document.getElementById('priceID1').innerHTML; return true;}"
+ lineSep + " else " + lineSep
- + " { alert('Please choose one flight'); }" + lineSep + "}"
+ + " { alert('Please choose one flight'); return false;}" + lineSep + "}"
+ lineSep + "" + lineSep;
ec.addElement(new StringElement(script));
Table t1 = new Table().setCellSpacing(0).setCellPadding(0).setBorder(0)
@@ -222,6 +222,7 @@ public class JSONInjection extends LessonAdapter
tr.addElement(new TD("From: "));
Input in = new Input(Input.TEXT, TRAVEL_FROM, "");
in.addAttribute("onkeyup", "getFlights();");
+ in.addAttribute("id", TRAVEL_FROM);
tr.addElement(new TD(in));
t1.addElement(tr);
@@ -230,6 +231,7 @@ public class JSONInjection extends LessonAdapter
tr.addElement(new TD("To: "));
in = new Input(Input.TEXT, TRAVEL_TO, "");
in.addAttribute("onkeyup", "getFlights();");
+ in.addAttribute("id", TRAVEL_TO);
tr.addElement(new TD(in));
t1.addElement(tr);
@@ -251,12 +253,13 @@ public class JSONInjection extends LessonAdapter
Input price2Submit = new Input();
price2Submit.setType(Input.HIDDEN);
price2Submit.setName("price2Submit");
+ price2Submit.setValue("");
+ price2Submit.addAttribute("id", "price2Submit");
ec.addElement(price2Submit);
if (s.getParser().getRawParameter("radio0", "").equals("on"))
{
String price = s.getParser().getRawParameter("price2Submit", "");
price = price.replace("$", "");
-
if (Integer.parseInt(price) < 600)
{
makeSuccess(s);
@@ -272,7 +275,7 @@ public class JSONInjection extends LessonAdapter
public Element getCredits()
{
- return super.getCustomCredits("Created by Sherif Koussa ", MAC_LOGO);
+ return super.getCustomCredits("Created by Sherif Koussa", MAC_LOGO);
}
protected Category getDefaultCategory()
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/JavaScriptValidation.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/JavaScriptValidation.java
index 0640e3f51..84fad2cbd 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/JavaScriptValidation.java
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/JavaScriptValidation.java
@@ -270,7 +270,7 @@ public class JavaScriptValidation extends LessonAdapter
*/
protected Category getDefaultCategory()
{
- return Category.A1;
+ return Category.UNVALIDATED_PARAMETERS;
}
@@ -323,7 +323,7 @@ public class JavaScriptValidation extends LessonAdapter
*/
public String getTitle()
{
- return ("How to Bypass Client Side JavaScript Validation");
+ return ("Bypass Client Side JavaScript Validation");
}
public Element getCredits()
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/LogSpoofing.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/LogSpoofing.java
index b299d9c02..13081b3af 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/LogSpoofing.java
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/LogSpoofing.java
@@ -156,14 +156,14 @@ public class LogSpoofing extends LessonAdapter
@Override
public String getTitle()
{
- return "How to Perform Log Spoofing";
+ return "Log Spoofing";
}
@Override
protected Category getDefaultCategory()
{
- return Category.A6;
+ return Category.INJECTION;
}
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/NewLesson.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/NewLesson.java
index a8d002f5b..978148880 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/NewLesson.java
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/NewLesson.java
@@ -79,7 +79,7 @@ public class NewLesson extends LessonAdapter
*/
public String getTitle()
{
- return ("How to add a new WebGoat lesson");
+ return ("Create a WebGoat Lesson");
}
public Element getCredits()
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/PathBasedAccessControl.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/PathBasedAccessControl.java
index 6677f0b38..2ee358c52 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/PathBasedAccessControl.java
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/PathBasedAccessControl.java
@@ -46,258 +46,236 @@ import org.owasp.webgoat.session.WebSession;
* for free software projects.
*
* For details, please see http://code.google.com/p/webgoat/
- *
- * @author Bruce Mayhew WebGoat
- * @created October 28, 2003
+ *
+ * @author Bruce Mayhew WebGoat
+ * @created October 28, 2003
*/
public class PathBasedAccessControl extends LessonAdapter
{
- private final static String FILE = "File";
+ private final static String FILE = "File";
-
- /**
- * Description of the Method
- *
- * @param s Description of the Parameter
- * @return Description of the Return Value
- */
- protected Element createContent(WebSession s)
- {
- ElementContainer ec = new ElementContainer();
-
- try
+ /**
+ * Description of the Method
+ *
+ * @param s
+ * Description of the Parameter
+ * @return Description of the Return Value
+ */
+ protected Element createContent(WebSession s)
{
- String dir = s.getContext().getRealPath("/lesson_plans");
- File d = new File(dir);
-
- Table t = new Table().setCellSpacing(0).setCellPadding(2).setWidth(
- "90%").setAlign("center");
-
- if (s.isColor())
- {
- t.setBorder(1);
- }
-
- String[] list = d.list();
- String listing = "
Current Directory is: "
- + Encoding.urlDecode(dir)
- + "
Choose the file to view:
";
-
- TR tr = new TR();
- tr.addElement(new TD().setColSpan(2).addElement(
- new StringElement(listing)));
- t.addElement(tr);
-
- tr = new TR();
- tr.addElement(new TD().setWidth("35%").addElement(
- ECSFactory.makePulldown(FILE, list, "", 15)));
- tr.addElement(new TD().addElement(ECSFactory
- .makeButton("View File")));
- t.addElement(tr);
-
- ec.addElement(t);
-
- // FIXME: would be cool to allow encodings here -- hex, percent, url, etc...
- String file = s.getParser().getRawParameter(FILE, "");
-
- // defuse file searching
- boolean illegalCommand = getWebgoatContext().isDefuseOSCommands();
- if (getWebgoatContext().isDefuseOSCommands())
- {
- // allow them to look at any file in the webgoat hierachy. Don't allow them
- // to look about the webgoat root, except to see the LICENSE file
- if (upDirCount(file) == 3 && !file.endsWith("LICENSE"))
- {
- s.setMessage("Access denied");
- s
- .setMessage("It appears that you are on the right track. "
- + "Commands that may compromise the operating system have been disabled. "
- + "You are only allowed to see one file in this directory. ");;
- }
- else if (upDirCount(file) > 3)
- {
- s.setMessage("Access denied");
- s
- .setMessage("It appears that you are on the right track. "
- + "Commands that may compromise the operating system have been disabled. "
- + "You are only allowed to see files in the webgoat directory. ");
- }
- else
- {
- illegalCommand = false;
- }
- }
-
- // Using the URI supports encoding of the data.
- // We could force the user to use encoded '/'s == %2f to make the lesson more difficult.
- // We url Encode our dir name to avoid problems with special characters in our own path.
- //File f = new File( new URI("file:///" + Encoding.urlEncode(dir).replaceAll("\\\\","/") + "/" + file.replaceAll("\\\\","/")) );
- File f = new File((dir + "\\" + file).replaceAll("\\\\", "/"));
-
- if (s.isDebug())
- {
-
- s.setMessage("File: " + file);
- s.setMessage("Dir: " + dir);
- //s.setMessage("File URI: " + "file:///" + (Encoding.urlEncode(dir) + "\\" + Encoding.urlEncode(file)).replaceAll("\\\\","/"));
- s.setMessage(" - isFile(): " + f.isFile());
- s.setMessage(" - exists(): " + f.exists());
- }
- if (!illegalCommand)
- {
- if (f.isFile() && f.exists())
- {
- // Don't set completion if they are listing files in the
- // directory listing we gave them.
- if (upDirCount(file) >= 1)
- {
- s.setMessage("Congratulations! Access to file allowed");
- s.setMessage(" ==> "
- + Encoding.urlDecode(f.getCanonicalPath()));
- makeSuccess(s);
- }
- else
- {
- s
- .setMessage("File is already in allowed directory - try again!");
- s.setMessage(" ==> "
- + Encoding.urlDecode(f.getCanonicalPath()));
- }
- }
- else if (file != null && file.length() != 0)
- {
- s.setMessage("Access to file/directory \""
- + Encoding.urlDecode(f.getCanonicalPath())
- + "\" denied");
- }
- else
- {
- // do nothing, probably entry screen
- }
+ ElementContainer ec = new ElementContainer();
try
{
- // Show them the file
- // Strip out some of the extra html from the "help" file
- ec.addElement(new BR());
- ec.addElement(new BR());
- ec.addElement(new HR().setWidth("100%"));
- ec.addElement("Viewing file: " + f.getCanonicalPath());
- ec.addElement(new HR().setWidth("100%"));
- if (f.length() > 80000)
- {
- throw new Exception("File is too large");
- }
- String fileData = getFileText(new BufferedReader(
- new FileReader(f)), false);
- if (fileData.indexOf(0x00) != -1)
- {
- throw new Exception("File is binary");
- }
- ec.addElement(new StringElement(fileData.replaceAll(
- System.getProperty("line.separator"), " ")
- .replaceAll("(?s)", "")
- .replaceAll("
", " ").replaceAll(
- " \\s ", " ").replaceAll("<\\?",
- "<").replaceAll("<(r|u|t)", "<$1")));
+ String dir = s.getContext().getRealPath("/lesson_plans");
+ File d = new File(dir);
+
+ Table t = new Table().setCellSpacing(0).setCellPadding(2).setWidth("90%").setAlign("center");
+
+ if (s.isColor())
+ {
+ t.setBorder(1);
+ }
+
+ String[] list = d.list();
+ String listing = "
Current Directory is: " + Encoding.urlDecode(dir)
+ + "
Choose the file to view:
";
+
+ TR tr = new TR();
+ tr.addElement(new TD().setColSpan(2).addElement(new StringElement(listing)));
+ t.addElement(tr);
+
+ tr = new TR();
+ tr.addElement(new TD().setWidth("35%").addElement(ECSFactory.makePulldown(FILE, list, "", 15)));
+ tr.addElement(new TD().addElement(ECSFactory.makeButton("View File")));
+ t.addElement(tr);
+
+ ec.addElement(t);
+
+ // FIXME: would be cool to allow encodings here -- hex, percent,
+ // url, etc...
+ String file = s.getParser().getRawParameter(FILE, "");
+
+ // defuse file searching
+ boolean illegalCommand = getWebgoatContext().isDefuseOSCommands();
+ if (getWebgoatContext().isDefuseOSCommands())
+ {
+ // allow them to look at any file in the webgoat hierachy. Don't
+ // allow them
+ // to look about the webgoat root, except to see the LICENSE
+ // file
+ if (upDirCount(file) == 3 && !file.endsWith("LICENSE"))
+ {
+ s.setMessage("Access denied");
+ s.setMessage("It appears that you are on the right track. "
+ + "Commands that may compromise the operating system have been disabled. "
+ + "You are only allowed to see one file in this directory. ");
+ } else if (upDirCount(file) > 3)
+ {
+ s.setMessage("Access denied");
+ s.setMessage("It appears that you are on the right track. "
+ + "Commands that may compromise the operating system have been disabled. "
+ + "You are only allowed to see files in the webgoat directory. ");
+ } else
+ {
+ illegalCommand = false;
+ }
+ }
+
+ // Using the URI supports encoding of the data.
+ // We could force the user to use encoded '/'s == %2f to make the lesson more difficult.
+ // We url Encode our dir name to avoid problems with special characters in our own path.
+ // File f = new File( new URI("file:///" +
+ // Encoding.urlEncode(dir).replaceAll("\\\\","/") + "/" +
+ // file.replaceAll("\\\\","/")) );
+ File f = new File((dir + "\\" + file).replaceAll("\\\\", "/"));
+
+ if (s.isDebug())
+ {
+
+ s.setMessage("File: " + file);
+ s.setMessage("Dir: " + dir);
+ // s.setMessage("File URI: " + "file:///" +
+ // (Encoding.urlEncode(dir) + "\\" +
+ // Encoding.urlEncode(file)).replaceAll("\\\\","/"));
+ s.setMessage(" - isFile(): " + f.isFile());
+ s.setMessage(" - exists(): " + f.exists());
+ }
+ if (!illegalCommand)
+ {
+ if (f.isFile() && f.exists())
+ {
+ // Don't set completion if they are listing files in the
+ // directory listing we gave them.
+ if (upDirCount(file) >= 1)
+ {
+ s.setMessage("Congratulations! Access to file allowed");
+ s.setMessage(" ==> " + Encoding.urlDecode(f.getCanonicalPath()));
+ makeSuccess(s);
+ } else
+ {
+ s.setMessage("File is already in allowed directory - try again!");
+ s.setMessage(" ==> " + Encoding.urlDecode(f.getCanonicalPath()));
+ }
+ } else if (file != null && file.length() != 0)
+ {
+ s.setMessage("Access to file/directory \"" + Encoding.urlDecode(f.getCanonicalPath())
+ + "\" denied");
+ } else
+ {
+ // do nothing, probably entry screen
+ }
+
+ try
+ {
+ // Show them the file
+ // Strip out some of the extra html from the "help" file
+ ec.addElement(new BR());
+ ec.addElement(new BR());
+ ec.addElement(new HR().setWidth("100%"));
+ ec.addElement("Viewing file: " + f.getCanonicalPath());
+ ec.addElement(new HR().setWidth("100%"));
+ if (f.length() > 80000)
+ {
+ throw new Exception("File is too large");
+ }
+ String fileData = getFileText(new BufferedReader(new FileReader(f)), false);
+ if (fileData.indexOf(0x00) != -1)
+ {
+ throw new Exception("File is binary");
+ }
+ ec
+ .addElement(new StringElement(fileData.replaceAll(System.getProperty("line.separator"),
+ " ").replaceAll("(?s)", "").replaceAll("
", " ")
+ .replaceAll(" \\s ", " ").replaceAll("<\\?", "<").replaceAll(
+ "<(r|u|t)", "<$1")));
+ }
+ catch (Exception e)
+ {
+ ec.addElement(new BR());
+ ec.addElement("The following error occurred while accessing the file: <");
+ ec.addElement(e.getMessage());
+ }
+ }
}
catch (Exception e)
{
- ec.addElement(new BR());
- ec
- .addElement("The following error occurred while accessing the file: <");
- ec.addElement(e.getMessage());
+ s.setMessage("Error generating " + this.getClass().getName());
+ e.printStackTrace();
}
- }
+
+ return (ec);
}
- catch (Exception e)
+
+ private int upDirCount(String fileName)
{
- s.setMessage("Error generating " + this.getClass().getName());
- e.printStackTrace();
+ int count = 0;
+ int startIndex = fileName.indexOf("..");
+ while (startIndex != -1)
+ {
+ count++;
+ startIndex = fileName.indexOf("..", startIndex + 1);
+ }
+ return count;
}
- return (ec);
- }
-
-
- private int upDirCount(String fileName)
- {
- int count = 0;
- int startIndex = fileName.indexOf("..");
- while (startIndex != -1)
+ /**
+ * DOCUMENT ME!
+ *
+ * @return DOCUMENT ME!
+ */
+ protected Category getDefaultCategory()
{
- count++;
- startIndex = fileName.indexOf("..", startIndex + 1);
+ return Category.ACCESS_CONTROL;
}
- return count;
- }
+ /**
+ * Gets the hints attribute of the AccessControlScreen object
+ *
+ * @return The hints value
+ */
+ protected List getHints(WebSession s)
+ {
+ List hints = new ArrayList();
+ hints.add("Most operating systems allow special characters in the path.");
+ hints.add("Use a file explorer to find the tomcat\\webapps\\WebGoat\\lesson_plans directory");
+ hints.add("Try .. in the path");
+ hints.add("Try ..\\..\\..\\LICENSE");
- /**
- * DOCUMENT ME!
- *
- * @return DOCUMENT ME!
- */
- protected Category getDefaultCategory()
- {
- return Category.A2;
- }
+ return hints;
+ }
+ /**
+ * Gets the instructions attribute of the WeakAccessControl object
+ *
+ * @return The instructions value
+ */
+ public String getInstructions(WebSession s)
+ {
+ String instructions = "The '" + s.getUserName() + "' user has access to all the files in the "
+ + "lesson_plans directory. Try to break the access control mechanism and access a "
+ + "resource that is not in the listed directory. After selecting a file to view, WebGoat "
+ + "will report if access to the file was granted. An interesting file to try and obtain might "
+ + "be a file like tomcat/conf/tomcat-users.xml";
- /**
- * Gets the hints attribute of the AccessControlScreen object
- *
- * @return The hints value
- */
- protected List getHints(WebSession s)
- {
- List hints = new ArrayList();
- hints
- .add("Most operating systems allow special characters in the path.");
- hints
- .add("Use a file explorer to find the tomcat\\webapps\\WebGoat\\lesson_plans directory");
- hints.add("Try .. in the path");
- hints.add("Try ..\\..\\..\\LICENSE");
+ return (instructions);
+ }
- return hints;
- }
+ private final static Integer DEFAULT_RANKING = new Integer(115);
+ protected Integer getDefaultRanking()
+ {
+ return DEFAULT_RANKING;
+ }
- /**
- * Gets the instructions attribute of the WeakAccessControl object
- *
- * @return The instructions value
- */
- public String getInstructions(WebSession s)
- {
- String instructions = "The '"
- + s.getUserName()
- + "' user has access to all the files in the "
- + "lesson_plans directory. Try to break the access control mechanism and access a "
- + "resource that is not in the listed directory. After selecting a file to view, WebGoat "
- + "will report if access to the file was granted. An interesting file to try and obtain might "
- + "be a file like tomcat/conf/tomcat-users.xml";
-
- return (instructions);
- }
-
- private final static Integer DEFAULT_RANKING = new Integer(115);
-
-
- protected Integer getDefaultRanking()
- {
- return DEFAULT_RANKING;
- }
-
-
- /**
- * Gets the title attribute of the AccessControlScreen object
- *
- * @return The title value
- */
- public String getTitle()
- {
- return ("How to Bypass a Path Based Access Control Scheme");
- }
+ /**
+ * Gets the title attribute of the AccessControlScreen object
+ *
+ * @return The title value
+ */
+ public String getTitle()
+ {
+ return ("Bypass a Path Based Access Control Scheme");
+ }
}
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Phishing.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Phishing.java
index d4ecb1e06..a9d1d2eae 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Phishing.java
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Phishing.java
@@ -265,7 +265,7 @@ public class Phishing extends LessonAdapter
*/
protected Category getDefaultCategory()
{
- return Category.A4;
+ return Category.XSS;
}
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ReflectedXSS.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ReflectedXSS.java
index a7bec094b..3e3bb3ee8 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ReflectedXSS.java
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ReflectedXSS.java
@@ -231,7 +231,7 @@ public class ReflectedXSS extends LessonAdapter
*/
protected Category getDefaultCategory()
{
- return Category.A4;
+ return Category.XSS;
}
@@ -288,7 +288,7 @@ public class ReflectedXSS extends LessonAdapter
*/
public String getTitle()
{
- return "How to Perform Reflected Cross Site Scripting (XSS) Attacks";
+ return "Reflected XSS Attacks";
}
}
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RemoteAdminFlaw.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RemoteAdminFlaw.java
index 7bae6d0fd..2d673d925 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RemoteAdminFlaw.java
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RemoteAdminFlaw.java
@@ -73,7 +73,7 @@ public class RemoteAdminFlaw extends LessonAdapter
*/
protected Category getDefaultCategory()
{
- return Category.A2;
+ return Category.ACCESS_CONTROL;
}
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/RoleBasedAccessControl.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/RoleBasedAccessControl.java
index 3c7098848..089fb3359 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/RoleBasedAccessControl.java
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/RoleBasedAccessControl.java
@@ -87,7 +87,7 @@ public class RoleBasedAccessControl extends GoatHillsFinancial
*/
public Category getDefaultCategory()
{
- return Category.A2;
+ return Category.ACCESS_CONTROL;
}
/**
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/SQLInjection.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/SQLInjection.java
index 4f6210f77..2eefe6f13 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/SQLInjection.java
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/SQLInjection.java
@@ -91,7 +91,7 @@ public class SQLInjection extends GoatHillsFinancial
*/
public Category getDefaultCategory()
{
- return Category.A6;
+ return Category.INJECTION;
}
/**
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SilentTransactions.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SilentTransactions.java
index 1e82528fb..ecb983b4e 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SilentTransactions.java
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SilentTransactions.java
@@ -161,7 +161,7 @@ public class SilentTransactions extends LessonAdapter
+ lineSep
+ "}"
+ lineSep
- + " var balanceValue = document.getElementById('balanceID').innerText;"
+ + " var balanceValue = document.getElementById('balanceID').innerHTML;"
+ lineSep
+ " balanceValue = balanceValue.replace( new RegExp('$') , '');"
+ lineSep
@@ -183,7 +183,7 @@ public class SilentTransactions extends LessonAdapter
+ lineSep
+ "balanceValue = balanceValue.toFixed(2);"
+ lineSep
- + "document.getElementById('balanceID').innerText = balanceValue + '$';"
+ + "document.getElementById('balanceID').innerHTML = balanceValue + '$';"
+ lineSep
+ "}"
+ lineSep
@@ -225,6 +225,7 @@ public class SilentTransactions extends LessonAdapter
tr = new TR();
tr.addElement(new TD(new StringElement("Transfer to Account:")));
Input newAccount = new Input();
+ newAccount.addAttribute("id", "newAccount");
newAccount.setType(Input.TEXT);
newAccount.setName("newAccount");
newAccount.setValue("");
@@ -234,6 +235,7 @@ public class SilentTransactions extends LessonAdapter
tr = new TR();
tr.addElement(new TD(new StringElement("Transfer Amount:")));
Input amount = new Input();
+ amount.addAttribute("id", "amount");
amount.setType(Input.TEXT);
amount.setName("amount");
amount.setValue(0);
@@ -248,6 +250,7 @@ public class SilentTransactions extends LessonAdapter
Input b = new Input();
b.setType(Input.BUTTON);
b.setName("confirm");
+ b.addAttribute("id", "confirm");
b.setValue("Confirm");
b.setOnClick("processData();");
ec.addElement(b);
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SoapRequest.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SoapRequest.java
index 906272639..c9b6b0616 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SoapRequest.java
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SoapRequest.java
@@ -173,7 +173,7 @@ public class SoapRequest extends SequentialLessonAdapter
public String getTitle()
{
- return "How to Create a SOAP Request";
+ return "Create a SOAP Request";
}
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SqlNumericInjection.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SqlNumericInjection.java
index 3c7d000e0..4e3c682c9 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SqlNumericInjection.java
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SqlNumericInjection.java
@@ -333,7 +333,7 @@ public class SqlNumericInjection extends SequentialLessonAdapter
*/
protected Category getDefaultCategory()
{
- return Category.A6;
+ return Category.INJECTION;
}
@@ -374,7 +374,7 @@ public class SqlNumericInjection extends SequentialLessonAdapter
*/
public String getTitle()
{
- return ("How to Perform Numeric SQL Injection");
+ return ("Numeric SQL Injection");
}
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SqlStringInjection.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SqlStringInjection.java
index 24d45d39b..a48e3a8c3 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SqlStringInjection.java
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SqlStringInjection.java
@@ -249,7 +249,7 @@ public class SqlStringInjection extends SequentialLessonAdapter
*/
protected Category getDefaultCategory()
{
- return Category.A6;
+ return Category.INJECTION;
}
@@ -290,7 +290,7 @@ public class SqlStringInjection extends SequentialLessonAdapter
*/
public String getTitle()
{
- return ("How to Perform String SQL Injection");
+ return ("String SQL Injection");
}
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/StoredXss.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/StoredXss.java
index d85c1931f..f5d75c112 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/StoredXss.java
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/StoredXss.java
@@ -151,7 +151,7 @@ public class StoredXss extends LessonAdapter
*/
protected Category getDefaultCategory()
{
- return Category.A4;
+ return Category.XSS;
}
@@ -190,7 +190,7 @@ public class StoredXss extends LessonAdapter
*/
public String getTitle()
{
- return ("How to Perform Stored Cross Site Scripting (XSS)");
+ return ("Stored XSS Attacks");
}
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ThreadSafetyProblem.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ThreadSafetyProblem.java
index ee6edc9b8..efb70a310 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ThreadSafetyProblem.java
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ThreadSafetyProblem.java
@@ -191,7 +191,7 @@ public class ThreadSafetyProblem extends LessonAdapter
*/
public String getTitle()
{
- return ("How to Exploit Thread Safety Problems");
+ return ("Thread Safety Problems");
}
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/TraceXSS.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/TraceXSS.java
index e11078408..e8e569b78 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/TraceXSS.java
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/TraceXSS.java
@@ -233,7 +233,7 @@ public class TraceXSS extends LessonAdapter
*/
protected Category getDefaultCategory()
{
- return Category.A4;
+ return Category.XSS;
}
@@ -281,6 +281,6 @@ public class TraceXSS extends LessonAdapter
*/
public String getTitle()
{
- return ("How to Perform Cross Site Tracing (XST) Attacks");
+ return ("Cross Site Tracing (XST) Attacks");
}
}
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/UncheckedEmail.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/UncheckedEmail.java
index 91bbe9218..191be15ea 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/UncheckedEmail.java
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/UncheckedEmail.java
@@ -204,7 +204,7 @@ public class UncheckedEmail extends LessonAdapter
*/
protected Category getDefaultCategory()
{
- return Category.A1;
+ return Category.UNVALIDATED_PARAMETERS;
}
@@ -257,7 +257,7 @@ public class UncheckedEmail extends LessonAdapter
*/
public String getTitle()
{
- return ("How to Exploit Unchecked Email");
+ return ("Exploit Unchecked Email");
}
}
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WeakAuthenticationCookie.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WeakAuthenticationCookie.java
index 3a9e02ccd..02c673db6 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WeakAuthenticationCookie.java
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WeakAuthenticationCookie.java
@@ -46,347 +46,338 @@ import org.owasp.webgoat.session.*;
* for free software projects.
*
* For details, please see http://code.google.com/p/webgoat/
- *
- * @author Jeff Williams Aspect Security
- * @created October 28, 2003
+ *
+ * @author Jeff Williams Aspect Security
+ * @created October 28, 2003
*/
public class WeakAuthenticationCookie extends LessonAdapter
{
- public final static A ASPECT_LOGO = new A().setHref("http://www.aspectsecurity.com").addElement(new IMG("images/logos/aspect.jpg").setAlt("Aspect Security").setBorder(0).setHspace(0).setVspace(0));
-
- /**
- * Description of the Field
- */
- protected final static String AUTHCOOKIE = "AuthCookie";
+ public final static A ASPECT_LOGO = new A().setHref("http://www.aspectsecurity.com").addElement(
+ new IMG("images/logos/aspect.jpg").setAlt("Aspect Security").setBorder(0).setHspace(0).setVspace(0));
- /**
- * Description of the Field
- */
- protected final static String LOGOUT = "WACLogout";
+ /**
+ * Description of the Field
+ */
+ protected final static String AUTHCOOKIE = "AuthCookie";
- /**
- * Description of the Field
- */
- protected final static String PASSWORD = "Password";
+ /**
+ * Description of the Field
+ */
+ protected final static String LOGOUT = "WACLogout";
- /**
- * Description of the Field
- */
- protected final static String USERNAME = "Username";
+ /**
+ * Description of the Field
+ */
+ protected final static String PASSWORD = "Password";
+ /**
+ * Description of the Field
+ */
+ protected final static String USERNAME = "Username";
- /**
- * Description of the Method
- *
- * @param s Description of the Parameter
- * @return Description of the Return Value
- * @exception Exception Description of the Exception
- */
- protected String checkCookie(WebSession s) throws Exception
- {
- String cookie = getCookie(s);
-
- if (cookie != null)
+ /**
+ * Description of the Method
+ *
+ * @param s
+ * Description of the Parameter
+ * @return Description of the Return Value
+ * @exception Exception
+ * Description of the Exception
+ */
+ protected String checkCookie(WebSession s) throws Exception
{
- if (cookie.equals(encode("webgoat12345")))
- {
- return ("webgoat");
- }
+ String cookie = getCookie(s);
- if (cookie.equals(encode("aspect12345")))
- {
- return ("aspect");
- }
+ if (cookie != null)
+ {
+ if (cookie.equals(encode("webgoat12345")))
+ {
+ return ("webgoat");
+ }
- if (cookie.equals(encode("alice12345")))
- {
- makeSuccess(s);
- return ("alice");
- }
- else
- {
- s.setMessage("Invalid cookie");
- s.eatCookies();
- }
+ if (cookie.equals(encode("aspect12345")))
+ {
+ return ("aspect");
+ }
+
+ if (cookie.equals(encode("alice12345")))
+ {
+ makeSuccess(s);
+ return ("alice");
+ } else
+ {
+ s.setMessage("Invalid cookie");
+ s.eatCookies();
+ }
+ }
+
+ return (null);
}
- return (null);
- }
-
-
- /**
- * Description of the Method
- *
- * @param s Description of the Parameter
- * @return Description of the Return Value
- * @exception Exception Description of the Exception
- */
- protected String checkParams(WebSession s) throws Exception
- {
- String username = s.getParser().getStringParameter(USERNAME, "");
- String password = s.getParser().getStringParameter(PASSWORD, "");
-
- if ((username.length() > 0) && (password.length() > 0))
+ /**
+ * Description of the Method
+ *
+ * @param s
+ * Description of the Parameter
+ * @return Description of the Return Value
+ * @exception Exception
+ * Description of the Exception
+ */
+ protected String checkParams(WebSession s) throws Exception
{
- String loginID = "";
+ String username = s.getParser().getStringParameter(USERNAME, "");
+ String password = s.getParser().getStringParameter(PASSWORD, "");
- if (username.equals("webgoat") && password.equals("webgoat"))
- {
- loginID = encode("webgoat12345");
- }
- else if (username.equals("aspect") && password.equals("aspect"))
- {
- loginID = encode("aspect12345");
- }
+ if ((username.length() > 0) && (password.length() > 0))
+ {
+ String loginID = "";
- if (loginID != "")
- {
- Cookie newCookie = new Cookie(AUTHCOOKIE, loginID);
- s.setMessage("Your identity has been remembered");
- s.getResponse().addCookie(newCookie);
+ if (username.equals("webgoat") && password.equals("webgoat"))
+ {
+ loginID = encode("webgoat12345");
+ } else if (username.equals("aspect") && password.equals("aspect"))
+ {
+ loginID = encode("aspect12345");
+ }
- return (username);
- }
- else
- {
- s.setMessage("Invalid username and password entered.");
- }
+ if (loginID != "")
+ {
+ Cookie newCookie = new Cookie(AUTHCOOKIE, loginID);
+ s.setMessage("Your identity has been remembered");
+ s.getResponse().addCookie(newCookie);
+
+ return (username);
+ } else
+ {
+ s.setMessage("Invalid username and password entered.");
+ }
+ }
+
+ return (null);
}
- return (null);
- }
-
-
- /**
- * Description of the Method
- *
- * @param s Description of the Parameter
- * @return Description of the Return Value
- */
- protected Element createContent(WebSession s)
- {
- boolean logout = s.getParser().getBooleanParameter(LOGOUT, false);
-
- if (logout)
+ /**
+ * Description of the Method
+ *
+ * @param s
+ * Description of the Parameter
+ * @return Description of the Return Value
+ */
+ protected Element createContent(WebSession s)
{
- s.setMessage("Goodbye! Your password has been forgotten");
- s.eatCookies();
+ boolean logout = s.getParser().getBooleanParameter(LOGOUT, false);
- return (makeLogin(s));
+ if (logout)
+ {
+ s.setMessage("Goodbye! Your password has been forgotten");
+ s.eatCookies();
+
+ return (makeLogin(s));
+ }
+
+ try
+ {
+ String user = checkCookie(s);
+
+ if ((user != null) && (user.length() > 0))
+ {
+ return (makeUser(s, user, "COOKIE"));
+ }
+
+ user = checkParams(s);
+
+ if ((user != null) && (user.length() > 0))
+ {
+ return (makeUser(s, user, "PARAMETERS"));
+ }
+ }
+ catch (Exception e)
+ {
+ s.setMessage("Error generating " + this.getClass().getName());
+ e.printStackTrace();
+ }
+
+ return (makeLogin(s));
}
- try
+ /**
+ * Description of the Method
+ *
+ * @param value
+ * Description of the Parameter
+ * @return Description of the Return Value
+ */
+ private String encode(String value)
{
- String user = checkCookie(s);
+ //
+ StringBuffer encoded = new StringBuffer();
- if ((user != null) && (user.length() > 0))
- {
- return (makeUser(s, user, "COOKIE"));
- }
+ for (int i = 0; i < value.length(); i++)
+ {
+ encoded.append(String.valueOf((char) (value.charAt(i) + 1)));
+ }
- user = checkParams(s);
-
- if ((user != null) && (user.length() > 0))
- {
- return (makeUser(s, user, "PARAMETERS"));
- }
- }
- catch (Exception e)
- {
- s.setMessage("Error generating " + this.getClass().getName());
- e.printStackTrace();
+ return encoded.reverse().toString();
+ //
}
- return (makeLogin(s));
- }
-
-
- /**
- * Description of the Method
- *
- * @param value Description of the Parameter
- * @return Description of the Return Value
- */
- private String encode(String value)
- {
- //
- StringBuffer encoded = new StringBuffer();
-
- for (int i = 0; i < value.length(); i++)
+ /**
+ * Gets the category attribute of the WeakAuthenticationCookie object
+ *
+ * @return The category value
+ */
+ protected Category getDefaultCategory()
{
- encoded.append(String.valueOf((char) (value.charAt(i) + 1)));
+ return Category.AUTHENTICATION;
}
- return encoded.reverse().toString();
- //
- }
-
-
- /**
- * Gets the category attribute of the WeakAuthenticationCookie object
- *
- * @return The category value
- */
- protected Category getDefaultCategory()
- {
- return Category.A3;
- }
-
-
- /**
- * Gets the cookie attribute of the CookieScreen object
- *
- * @param s Description of the Parameter
- * @return The cookie value
- */
- protected String getCookie(WebSession s)
- {
- Cookie[] cookies = s.getRequest().getCookies();
-
- for (int i = 0; i < cookies.length; i++)
+ /**
+ * Gets the cookie attribute of the CookieScreen object
+ *
+ * @param s
+ * Description of the Parameter
+ * @return The cookie value
+ */
+ protected String getCookie(WebSession s)
{
- if (cookies[i].getName().equalsIgnoreCase(AUTHCOOKIE))
- {
- return (cookies[i].getValue());
- }
+ Cookie[] cookies = s.getRequest().getCookies();
+
+ for (int i = 0; i < cookies.length; i++)
+ {
+ if (cookies[i].getName().equalsIgnoreCase(AUTHCOOKIE))
+ {
+ return (cookies[i].getValue());
+ }
+ }
+
+ return (null);
}
- return (null);
- }
-
-
- /**
- * Gets the hints attribute of the CookieScreen object
- *
- * @return The hints value
- */
- protected List getHints(WebSession s)
- {
- List hints = new ArrayList();
- hints
- .add("The server skips authentication if you send the right cookie.");
- hints
- .add("Is the AuthCookie value guessable knowing the username and password?");
- hints
- .add("Add 'AuthCookie=********;' to the Cookie: header using WebScarab.");
-
- return hints;
- }
-
-
- /**
- * Gets the instructions attribute of the WeakAuthenticationCookie object
- *
- * @return The instructions value
- */
- public String getInstructions(WebSession s)
- {
- String instructions = "Login using the webgoat/webgoat account to see what happens. You may also try aspect/aspect. When you understand the authentication cookie, try changing your identity to alice.";
-
- return (instructions);
- }
-
- private final static Integer DEFAULT_RANKING = new Integer(90);
-
-
- protected Integer getDefaultRanking()
- {
- return DEFAULT_RANKING;
- }
-
-
- /**
- * Gets the title attribute of the CookieScreen object
- *
- * @return The title value
- */
- public String getTitle()
- {
- return ("How to Spoof an Authentication Cookie");
- }
-
-
- /**
- * Description of the Method
- *
- * @param s Description of the Parameter
- * @return Description of the Return Value
- */
- protected Element makeLogin(WebSession s)
- {
- ElementContainer ec = new ElementContainer();
-
- ec.addElement(new H1().addElement("Sign In "));
- Table t = new Table().setCellSpacing(0).setCellPadding(2).setBorder(0)
- .setWidth("90%").setAlign("center");
-
- if (s.isColor())
+ /**
+ * Gets the hints attribute of the CookieScreen object
+ *
+ * @return The hints value
+ */
+ protected List getHints(WebSession s)
{
- t.setBorder(1);
+ List hints = new ArrayList();
+ hints.add("The server authenticates the user using a cookie, if you send the right cookie.");
+ hints.add("Is the AuthCookie value guessable knowing the username and password?");
+ hints.add("Add 'AuthCookie=********;' to the Cookie: header using "
+ + "WebScarab.");
+ hints.add("After logging in as webgoat a cookie is added. 65432ubphcfx " +
+ "After logging in as aspect a cookie is added. 65432udfqtb " +
+ "Is there anything similar about the cookies and the login names?");
+ return hints;
}
- TR tr = new TR();
- tr
- .addElement(new TH()
- .addElement(
- "Please sign in to your account. See the OWASP admin if you do not have an account.")
- .setColSpan(2).setAlign("left"));
- t.addElement(tr);
+ /**
+ * Gets the instructions attribute of the WeakAuthenticationCookie object
+ *
+ * @return The instructions value
+ */
+ public String getInstructions(WebSession s)
+ {
+ String instructions = "Login using the webgoat/webgoat account to see what happens. You may also try aspect/aspect. When you understand the authentication cookie, try changing your identity to alice.";
- tr = new TR();
- tr.addElement(new TD().addElement("*Required Fields").setWidth("30%"));
- t.addElement(tr);
+ return (instructions);
+ }
- tr = new TR();
- tr.addElement(new TD().addElement(" ").setColSpan(2));
- t.addElement(tr);
+ private final static Integer DEFAULT_RANKING = new Integer(90);
- TR row1 = new TR();
- TR row2 = new TR();
- row1.addElement(new TD(new B(new StringElement("*User Name: "))));
- row2.addElement(new TD(new B(new StringElement("*Password: "))));
+ protected Integer getDefaultRanking()
+ {
+ return DEFAULT_RANKING;
+ }
- Input input1 = new Input(Input.TEXT, USERNAME, "");
- Input input2 = new Input(Input.PASSWORD, PASSWORD, "");
- row1.addElement(new TD(input1));
- row2.addElement(new TD(input2));
- t.addElement(row1);
- t.addElement(row2);
+ /**
+ * Gets the title attribute of the CookieScreen object
+ *
+ * @return The title value
+ */
+ public String getTitle()
+ {
+ return ("Spoof an Authentication Cookie");
+ }
- Element b = ECSFactory.makeButton("Login");
- t.addElement(new TR(new TD(b)));
- ec.addElement(t);
+ /**
+ * Description of the Method
+ *
+ * @param s
+ * Description of the Parameter
+ * @return Description of the Return Value
+ */
+ protected Element makeLogin(WebSession s)
+ {
+ ElementContainer ec = new ElementContainer();
- return (ec);
- }
+ ec.addElement(new H1().addElement("Sign In "));
+ Table t = new Table().setCellSpacing(0).setCellPadding(2).setBorder(0).setWidth("90%").setAlign("center");
+ if (s.isColor())
+ {
+ t.setBorder(1);
+ }
- /**
- * Description of the Method
- *
- * @param s Description of the Parameter
- * @param user Description of the Parameter
- * @param method Description of the Parameter
- * @return Description of the Return Value
- * @exception Exception Description of the Exception
- */
- protected Element makeUser(WebSession s, String user, String method)
- throws Exception
- {
- ElementContainer ec = new ElementContainer();
- ec.addElement(new P().addElement("Welcome, " + user));
- ec.addElement(new P().addElement("You have been authenticated with "
- + method));
- ec.addElement(new P().addElement(ECSFactory.makeLink("Logout", LOGOUT,
- true)));
- ec.addElement(new P()
- .addElement(ECSFactory.makeLink("Refresh", "", "")));
+ TR tr = new TR();
+ tr.addElement(new TH().addElement(
+ "Please sign in to your account. See the OWASP admin if you do not have an account.").setColSpan(2)
+ .setAlign("left"));
+ t.addElement(tr);
- return (ec);
- }
-
- public Element getCredits()
- {
- return super.getCustomCredits("", ASPECT_LOGO);
- }
+ tr = new TR();
+ tr.addElement(new TD().addElement("*Required Fields").setWidth("30%"));
+ t.addElement(tr);
+
+ tr = new TR();
+ tr.addElement(new TD().addElement(" ").setColSpan(2));
+ t.addElement(tr);
+
+ TR row1 = new TR();
+ TR row2 = new TR();
+ row1.addElement(new TD(new B(new StringElement("*User Name: "))));
+ row2.addElement(new TD(new B(new StringElement("*Password: "))));
+
+ Input input1 = new Input(Input.TEXT, USERNAME, "");
+ Input input2 = new Input(Input.PASSWORD, PASSWORD, "");
+ row1.addElement(new TD(input1));
+ row2.addElement(new TD(input2));
+ t.addElement(row1);
+ t.addElement(row2);
+
+ Element b = ECSFactory.makeButton("Login");
+ t.addElement(new TR(new TD(b)));
+ ec.addElement(t);
+
+ return (ec);
+ }
+
+ /**
+ * Description of the Method
+ *
+ * @param s
+ * Description of the Parameter
+ * @param user
+ * Description of the Parameter
+ * @param method
+ * Description of the Parameter
+ * @return Description of the Return Value
+ * @exception Exception
+ * Description of the Exception
+ */
+ protected Element makeUser(WebSession s, String user, String method) throws Exception
+ {
+ ElementContainer ec = new ElementContainer();
+ ec.addElement(new P().addElement("Welcome, " + user));
+ ec.addElement(new P().addElement("You have been authenticated with " + method));
+ ec.addElement(new P().addElement(ECSFactory.makeLink("Logout", LOGOUT, true)));
+ ec.addElement(new P().addElement(ECSFactory.makeLink("Refresh", "", "")));
+
+ return (ec);
+ }
+
+ public Element getCredits()
+ {
+ return super.getCustomCredits("", ASPECT_LOGO);
+ }
}
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WeakSessionID.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WeakSessionID.java
index 4847ecf49..b331e3bed 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WeakSessionID.java
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WeakSessionID.java
@@ -90,7 +90,7 @@ public class WeakSessionID extends LessonAdapter
}
- protected String newCookie()
+ protected String newCookie(WebSession s)
{
long now = System.currentTimeMillis();
seq++;
@@ -98,6 +98,7 @@ public class WeakSessionID extends LessonAdapter
{
String target = encode(seq++, lastTime + (now - lastTime) / 2);
sessionList.add(target);
+ s.setMessage(target);
if (sessionList.size() > 100)
sessionList.remove(0);
}
@@ -149,7 +150,7 @@ public class WeakSessionID extends LessonAdapter
*/
protected Category getDefaultCategory()
{
- return Category.A3;
+ return Category.SESSION_MANAGEMENT;
}
@@ -161,12 +162,11 @@ public class WeakSessionID extends LessonAdapter
protected List getHints(WebSession s)
{
List hints = new ArrayList();
- hints
- .add("The server skips authentication if you send the right cookie.");
- hints
- .add("Is the cookie value predictable? Can you see gaps where someone else has acquired a cookie?");
+ hints.add("The server skips authentication if you send the right cookie.");
+ hints.add("Is the cookie value predictable? Can you see gaps where someone else has acquired a cookie?");
hints.add("Try harder, you brute!");
-
+ hints.add("The first part of the cookie is a sequential number, the second part is milliseconds.");
+ hints.add("After the 29th try, the skipped identifier is printed to your screen. Use that to login.");
return hints;
}
@@ -186,7 +186,7 @@ public class WeakSessionID extends LessonAdapter
*/
public String getTitle()
{
- return ("How to Hijack a Session");
+ return ("Hijack a Session");
}
@@ -204,7 +204,7 @@ public class WeakSessionID extends LessonAdapter
if (weakid == null)
{
- weakid = newCookie();
+ weakid = newCookie(s);
Cookie cookie = new Cookie(SESSIONID, weakid);
s.getResponse().addCookie(cookie);
}
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/XMLInjection.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/XMLInjection.java
index 76229d9d4..726365dc1 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/XMLInjection.java
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/XMLInjection.java
@@ -107,10 +107,10 @@ public class XMLInjection extends LessonAdapter
{
String lineSep = System.getProperty("line.separator");
String xmlStr = "" + lineSep
- + "WebGoat t-shirt 20 Pts"
+ + "WebGoat Mug 20 Pts"
+ lineSep
- + "WebGoat Secure Kettle 50 Pts"
- + lineSep + "WebGoat Mug 30 Pts"
+ + "WebGoat t-shirt 50 Pts"
+ + lineSep + "WebGoat Secure Kettle 30 Pts"
+ lineSep + "";
s.getResponse().setContentType("text/xml");
s.getResponse().setHeader("Cache-Control", "no-cache");
@@ -188,7 +188,7 @@ public class XMLInjection extends LessonAdapter
+ lineSep
+ " if (req.status == 200) { "
+ lineSep
- + " var rewards = req.responseXML.getElementsByTagName('root')[0];"
+ + " var rewards = req.responseXML.getElementsByTagName('reward');"
+ lineSep
+ " var rewardsDiv = document.getElementById('rewardsDiv');"
+ lineSep
@@ -198,13 +198,13 @@ public class XMLInjection extends LessonAdapter
+ lineSep
+ " strHTML = '
This program is a demonstration of common web application flaws.
- The exercises are intended to provide hands on experience with application
- penetration testing techniques. The WebGoat project is lead by Bruce Mayhew. Please send all
- comments to Bruce at <%= webSession.getWebgoatContext().getFeedbackAddress() %>.
-
-
-
-
-
-
-
-
WebGoat Design Team
-
Lesson Contributers
-
-
-
-
Bruce Mayhew
-
Laurence Casey
-
David Anderson
-
Eric Sheridan
-
Rogan Dawes
-
-
-
Aspect Security
-
Sherif Koussa
-
Alex Smolen
-
Chuck Willis
+
+
+
+
Thank you for using WebGoat!
+
This program is a demonstration of common web application flaws.
+The exercises are intended to provide hands on experience with
+application penetration testing techniques.
The WebGoat project is lead
+by Bruce Mayhew. Please send all comments to Bruce at <%=webSession.getWebgoatContext().getFeedbackAddress()%>.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ WebGoat Design Team
+
+
+
+ Lesson Contributers
+
+
+
+
+
Bruce Mayhew
+
David Anderson
+
Rogan Dawes
+
Laurence Casey (Graphics)
+
+
+
Aspect Security
+
Sherif Koussa
+
Romain Brechet
+
-
-
-
-
Special Thanks for V5
-
Documentation Contributers
-
-
-
-
OWASP Autumn of Code
- (http://www.owasp.org/)
-
Sherif Koussa (http://www.macadamian.com)
-
OWASP Spring of Code
- (http://www.owasp.org/)
-
Erwin Geirnaert (http://www.zionsecurity.com)
-
-
Sherif Koussa
- (http://www.macadamian.com)
-
Robert Sullivan
- (http://www.unitedhealthgroup.com/)
-
Erwin Geirnaert
- (http://www.zionsecurity.com/)
-
-
-
-
To all who have sent comments
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
WARNING
- While running this program, your machine is extremely vulnerable to attack.
- You should disconnect from the network while using this program.
-
-
- This program is for educational purposes only.
- Use of these techniques without permission could lead to
- job termination, financial liability, and/or criminal penalties.
-
-
+
+
+
+
+
Special Thanks
+ for V5.1
+
+
+
Documentation
+ Contributers
+
+
+
+
+
OWASP Spring of Code
+
Erwin Geirnaert
+ (http://www.zionsecurity.com)
+
+
+
+
Sherif Koussa
+ (http://www.macadamian.com)
+
+
Erwin Geirnaert
+ (http://www.zionsecurity.com/)
+
+
+
+
+
To all who have sent comments
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
WARNING
+While running this program, your machine is extremely vulnerable to
+attack. You should disconnect from the network while using this program.
+
+
+This program is for educational purposes only. Use of these techniques
+without permission could lead to job termination, financial liability,
+and/or criminal penalties.
This program is a demonstration of common web application flaws.
The exercises are intended to provide hands on experience with application
- penetration testing techniques. The WebGoat project is lead by Bruce Mayhew. Please send all
+ penetration testing techniques.
The WebGoat project is lead by Bruce Mayhew. Please send all
comments to Bruce at <%= webSession.getWebgoatContext().getFeedbackAddress() %>.
