From c1f55215a8ddaa2269723a2e5eb7097cd9e9b262 Mon Sep 17 00:00:00 2001 From: mayhew64 Date: Wed, 2 Jan 2008 13:48:19 +0000 Subject: [PATCH] Menu cleanup for Lab stages. Shortened menu names for most lessons. Changed category naming to be more meaningful. git-svn-id: http://webgoat.googlecode.com/svn/trunk@214 4033779f-a91e-0410-96ef-6bf7bf53c507 --- .../owasp/webgoat/lessons/AbstractLesson.java | 5 +- .../webgoat/lessons/AccessControlMatrix.java | 2 +- .../org/owasp/webgoat/lessons/BackDoors.java | 4 +- .../webgoat/lessons/BasicAuthentication.java | 9 +- .../webgoat/lessons/BlindSqlInjection.java | 4 +- .../owasp/webgoat/lessons/BufferOverflow.java | 2 +- .../org/owasp/webgoat/lessons/CSRF.java | 4 +- .../org/owasp/webgoat/lessons/Category.java | 187 +++--- .../webgoat/lessons/CommandInjection.java | 4 +- .../CrossSiteScripting.java | 2 +- .../DBCrossSiteScripting.java | 2 +- .../DBSQLInjection/DBSQLInjection.java | 2 +- .../org/owasp/webgoat/lessons/DOS_Login.java | 2 +- .../org/owasp/webgoat/lessons/Encoding.java | 2 +- .../lessons/FailOpenAuthentication.java | 4 +- .../owasp/webgoat/lessons/ForcedBrowsing.java | 2 +- .../owasp/webgoat/lessons/ForgotPassword.java | 2 +- .../webgoat/lessons/HiddenFieldTampering.java | 4 +- .../org/owasp/webgoat/lessons/HtmlClues.java | 2 +- .../org/owasp/webgoat/lessons/HttpBasics.java | 1 + .../org/owasp/webgoat/lessons/HttpOnly.java | 2 +- .../owasp/webgoat/lessons/JSONInjection.java | 21 +- .../webgoat/lessons/JavaScriptValidation.java | 4 +- .../owasp/webgoat/lessons/LogSpoofing.java | 4 +- .../org/owasp/webgoat/lessons/NewLesson.java | 2 +- .../lessons/PathBasedAccessControl.java | 434 ++++++------- .../org/owasp/webgoat/lessons/Phishing.java | 2 +- .../owasp/webgoat/lessons/ReflectedXSS.java | 4 +- .../webgoat/lessons/RemoteAdminFlaw.java | 2 +- .../RoleBasedAccessControl.java | 2 +- .../lessons/SQLInjection/SQLInjection.java | 2 +- .../webgoat/lessons/SilentTransactions.java | 7 +- .../owasp/webgoat/lessons/SoapRequest.java | 2 +- .../webgoat/lessons/SqlNumericInjection.java | 4 +- .../webgoat/lessons/SqlStringInjection.java | 4 +- .../org/owasp/webgoat/lessons/StoredXss.java | 4 +- .../webgoat/lessons/ThreadSafetyProblem.java | 2 +- .../org/owasp/webgoat/lessons/TraceXSS.java | 4 +- .../owasp/webgoat/lessons/UncheckedEmail.java | 4 +- .../lessons/WeakAuthenticationCookie.java | 585 +++++++++--------- .../owasp/webgoat/lessons/WeakSessionID.java | 18 +- .../owasp/webgoat/lessons/XMLInjection.java | 18 +- .../owasp/webgoat/lessons/XPATHInjection.java | 6 +- webgoat/main/project/WebContent/css/menu.css | 6 +- .../WebContent/images/header/header.jpg | Bin 27421 -> 21538 bytes webgoat/main/project/WebContent/main.jsp | 2 +- webgoat/main/project/WebContent/webgoat.jsp | 199 +++--- .../project/WebContent/webgoat_challenge.jsp | 4 +- 48 files changed, 788 insertions(+), 806 deletions(-) diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/AbstractLesson.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/AbstractLesson.java index 24160a4f1..f29f60903 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/AbstractLesson.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/AbstractLesson.java @@ -499,7 +499,7 @@ public abstract class AbstractLesson extends Screen implements Comparable } - public String getHtml(WebSession s) + public String getHtml_DELETE_ME(WebSession s) { String html = null; @@ -561,7 +561,6 @@ public abstract class AbstractLesson extends Screen implements Comparable public String getSolution(WebSession s) { - String source = null; String src = null; try @@ -587,8 +586,6 @@ public abstract class AbstractLesson extends Screen implements Comparable html.addElement(head); html.addElement(body); - source = html.toString(); - return src; } diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/AccessControlMatrix.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/AccessControlMatrix.java index b221b8adc..a4d1e366d 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/AccessControlMatrix.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/AccessControlMatrix.java @@ -126,7 +126,7 @@ public class AccessControlMatrix extends LessonAdapter protected Category getDefaultCategory() { - return Category.A2; + return Category.ACCESS_CONTROL; } diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BackDoors.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BackDoors.java index 9d06acce3..4b2238001 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BackDoors.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BackDoors.java @@ -268,7 +268,7 @@ public class BackDoors extends SequentialLessonAdapter protected Category getDefaultCategory() { - return Category.A6; + return Category.INJECTION; } protected Integer getDefaultRanking() @@ -278,6 +278,6 @@ public class BackDoors extends SequentialLessonAdapter public String getTitle() { - return ("How to Use Database Backdoors "); + return ("Database Backdoors "); } } diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BasicAuthentication.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BasicAuthentication.java index b3cb4bf68..a7c17a555 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BasicAuthentication.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BasicAuthentication.java @@ -205,12 +205,11 @@ public class BasicAuthentication extends SequentialLessonAdapter getLessonTracker(s, BASIC).store(s, this, BASIC); } - s - .setMessage("Congratulations, you have figured out the mechanics of basic authentication."); - s - .setMessage("  - Now you must try to make WebGoat reauthenticate you as: "); + s.setMessage("Congratulations, you have figured out the mechanics of basic authentication."); + s.setMessage("  - Now you must try to make WebGoat reauthenticate you as: "); s.setMessage("    - username: basic"); s.setMessage("    - password: basic"); + s.setMessage("Use the Basic Authentication Menu to start at login page."); // If the auth header is different but still the original user - tell the user // that the original cookie was posted bak and basic auth uses the cookie before the @@ -261,7 +260,7 @@ public class BasicAuthentication extends SequentialLessonAdapter protected Category getDefaultCategory() { - return Category.A3; + return Category.AUTHENTICATION; } diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BlindSqlInjection.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BlindSqlInjection.java index 569605c98..1ef676b4b 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BlindSqlInjection.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BlindSqlInjection.java @@ -145,7 +145,7 @@ public class BlindSqlInjection extends LessonAdapter */ protected Category getDefaultCategory() { - return Category.A6; + return Category.INJECTION; } /** @@ -298,7 +298,7 @@ public class BlindSqlInjection extends LessonAdapter */ public String getTitle() { - return ("How to Perform Blind SQL Injection"); + return ("Blind SQL Injection"); } /** diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BufferOverflow.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BufferOverflow.java index 1a32440f9..e99c9b428 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BufferOverflow.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BufferOverflow.java @@ -64,7 +64,7 @@ public class BufferOverflow extends LessonAdapter protected Category getDefaultCategory() { - return Category.A5; + return Category.BUFFER_OVERFLOW; } diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CSRF.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CSRF.java index 125a74ef7..a05ff72bd 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CSRF.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CSRF.java @@ -278,7 +278,7 @@ public class CSRF extends LessonAdapter { @Override protected Category getDefaultCategory() { - return Category.A2; + return Category.ACCESS_CONTROL; } private final static Integer DEFAULT_RANKING = new Integer(120); @@ -308,7 +308,7 @@ public class CSRF extends LessonAdapter { */ public String getTitle() { - return ( "How to Perform Cross Site Request Forgery (CSRF)" ); + return ( "Cross Site Request Forgery (CSRF)" ); } private static String getNameroot( String name ) diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Category.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Category.java index 1a0d6d525..6a0a8a527 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Category.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Category.java @@ -32,145 +32,130 @@ import java.util.List; * for free software projects. * * For details, please see http://code.google.com/p/webgoat/ - * - * @author Bruce Mayhew WebGoat - * @created October 28, 2003 + * + * @author Bruce Mayhew WebGoat + * @created October 28, 2003 */ public class Category implements Comparable { - public final static Category A1 = new Category("Unvalidated Parameters", - new Integer(110)); + public final static Category UNVALIDATED_PARAMETERS = new Category("Unvalidated Parameters", new Integer(110)); - public final static Category A2 = new Category("Broken Access Control", - new Integer(210)); + public final static Category ACCESS_CONTROL = new Category("Access Control Flaws", new Integer(210)); - public final static Category A3 = new Category( - "Broken Authentication and Session Management", new Integer(310)); + public final static Category AUTHENTICATION = new Category("Authentication Flaws", new Integer(310)); - public final static Category A4 = new Category( - "Cross-Site Scripting (XSS)", new Integer(410)); + public final static Category SESSION_MANAGEMENT = new Category("Session Management Flaws", new Integer(320)); - public final static Category A5 = new Category("Buffer Overflows", - new Integer(510)); + public final static Category XSS = new Category("Cross-Site Scripting (XSS)", new Integer(410)); - public final static Category A6 = new Category("Injection Flaws", - new Integer(610)); + public final static Category BUFFER_OVERFLOW = new Category("Buffer Overflows", new Integer(510)); - public final static Category A7 = new Category("Improper Error Handling", - new Integer(710)); + public final static Category INJECTION = new Category("Injection Flaws", new Integer(610)); - public final static Category A8 = new Category("Insecure Storage", - new Integer(810)); + public final static Category ERROR_HANDLING = new Category("Improper Error Handling", new Integer(710)); - public final static Category A9 = new Category("Denial of Service", - new Integer(910)); + public final static Category INSECURE_STORAGE = new Category("Insecure Storage", new Integer(810)); - public final static Category A10 = new Category( - "Insecure Configuration Management", new Integer(1010)); + public final static Category DOS = new Category("Denial of Service", new Integer(910)); - public final static Category WEB_SERVICES = new Category("Web Services", - new Integer(1110)); + public final static Category INSECURE_CONFIGURATION = new Category("Insecure Configuration", new Integer(1010)); - public final static Category AJAX_SECURITY = new Category("AJAX Security", - new Integer(1150)); + public final static Category WEB_SERVICES = new Category("Web Services", new Integer(1110)); - public final static Category ADMIN_FUNCTIONS = new Category( - "Admin Functions", new Integer(10)); + public final static Category AJAX_SECURITY = new Category("AJAX Security", new Integer(1150)); - public final static Category GENERAL = new Category("General", new Integer( - 50)); + public final static Category ADMIN_FUNCTIONS = new Category("Admin Functions", new Integer(10)); - public final static Category CODE_QUALITY = new Category("Code Quality", - new Integer(70)); + public final static Category GENERAL = new Category("General", new Integer(50)); - public final static Category CHALLENGE = new Category("Challenge", - new Integer(2000)); + public final static Category CODE_QUALITY = new Category("Code Quality", new Integer(70)); - private static final List categories = new ArrayList(); - - private String category; + public final static Category CHALLENGE = new Category("Challenge", new Integer(2000)); - private Integer ranking; + private static final List categories = new ArrayList(); - static { - categories.add(A1); - categories.add(A2); - categories.add(A3); - categories.add(A4); - categories.add(A5); - categories.add(A6); - categories.add(A7); - categories.add(A8); - categories.add(A9); - categories.add(A10); + private String category; + + private Integer ranking; + + static + { + categories.add(UNVALIDATED_PARAMETERS); + categories.add(ACCESS_CONTROL); + categories.add(AUTHENTICATION); + categories.add(SESSION_MANAGEMENT); + categories.add(XSS); + categories.add(BUFFER_OVERFLOW); + categories.add(INJECTION); + categories.add(ERROR_HANDLING); + categories.add(INSECURE_STORAGE); + categories.add(DOS); + categories.add(INSECURE_CONFIGURATION); categories.add(WEB_SERVICES); categories.add(AJAX_SECURITY); categories.add(ADMIN_FUNCTIONS); categories.add(GENERAL); categories.add(CODE_QUALITY); categories.add(CHALLENGE); - } - - public static synchronized void addCategory(Category c) { - categories.add(c); - } - - public static synchronized Category getCategory(String name) { - Iterator it = categories.iterator(); - while (it.hasNext()) { - Category c = it.next(); - if (c.getName().equals(name)) - return c; - } - return null; - } - - public Category(String category, Integer ranking) - { - this.category = category; - this.ranking = ranking; - } - - public int compareTo(Object obj) - { - int value = 1; - - if (obj instanceof Category) - { - value = this.getRanking().compareTo(((Category) obj).getRanking()); } - return value; - } + public static synchronized void addCategory(Category c) + { + categories.add(c); + } + public static synchronized Category getCategory(String name) + { + Iterator it = categories.iterator(); + while (it.hasNext()) + { + Category c = it.next(); + if (c.getName().equals(name)) return c; + } + return null; + } - public Integer getRanking() - { - return ranking; - } + public Category(String category, Integer ranking) + { + this.category = category; + this.ranking = ranking; + } + public int compareTo(Object obj) + { + int value = 1; - public Integer setRanking(Integer ranking) - { - return this.ranking = ranking; - } + if (obj instanceof Category) + { + value = this.getRanking().compareTo(((Category) obj).getRanking()); + } + return value; + } - public String getName() - { - return category; - } + public Integer getRanking() + { + return ranking; + } + public Integer setRanking(Integer ranking) + { + return this.ranking = ranking; + } - public boolean equals(Object obj) - { - return (obj instanceof Category) && getName().equals(((Category) obj).getName()); - } + public String getName() + { + return category; + } + public boolean equals(Object obj) + { + return (obj instanceof Category) && getName().equals(((Category) obj).getName()); + } - public String toString() - { - return getName(); - } + public String toString() + { + return getName(); + } } \ No newline at end of file diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CommandInjection.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CommandInjection.java index d2a2c8328..0fd458fd7 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CommandInjection.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CommandInjection.java @@ -294,7 +294,7 @@ public class CommandInjection extends LessonAdapter */ protected Category getDefaultCategory() { - return Category.A6; + return Category.INJECTION; } @@ -348,6 +348,6 @@ public class CommandInjection extends LessonAdapter */ public String getTitle() { - return "How to Perform Command Injection"; + return "Command Injection"; } } diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/CrossSiteScripting.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/CrossSiteScripting.java index cc394ba60..dae791243 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/CrossSiteScripting.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/CrossSiteScripting.java @@ -94,7 +94,7 @@ public class CrossSiteScripting extends GoatHillsFinancial */ public Category getDefaultCategory() { - return Category.A4; + return Category.XSS; } /** diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DBCrossSiteScripting/DBCrossSiteScripting.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DBCrossSiteScripting/DBCrossSiteScripting.java index 5c149c70c..7c7494025 100755 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DBCrossSiteScripting/DBCrossSiteScripting.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DBCrossSiteScripting/DBCrossSiteScripting.java @@ -88,7 +88,7 @@ public class DBCrossSiteScripting extends GoatHillsFinancial */ public Category getDefaultCategory() { - return Category.A4; + return Category.XSS; } /** diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DBSQLInjection/DBSQLInjection.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DBSQLInjection/DBSQLInjection.java index e8ccedb4f..fdb94a858 100755 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DBSQLInjection/DBSQLInjection.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DBSQLInjection/DBSQLInjection.java @@ -89,7 +89,7 @@ public class DBSQLInjection extends GoatHillsFinancial */ public Category getDefaultCategory() { - return Category.A6; + return Category.INJECTION; } /** diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DOS_Login.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DOS_Login.java index 3d6c80344..3e465fc79 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DOS_Login.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DOS_Login.java @@ -190,7 +190,7 @@ public class DOS_Login extends LessonAdapter */ protected Category getDefaultCategory() { - return Category.A9; + return Category.DOS; } diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Encoding.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Encoding.java index 6fe5333c6..8b9d98411 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Encoding.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Encoding.java @@ -405,7 +405,7 @@ public class Encoding extends LessonAdapter protected Category getDefaultCategory() { - return Category.A8; + return Category.INSECURE_STORAGE; } diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/FailOpenAuthentication.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/FailOpenAuthentication.java index e8ab424a8..d3d703804 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/FailOpenAuthentication.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/FailOpenAuthentication.java @@ -133,7 +133,7 @@ public class FailOpenAuthentication extends WeakAuthenticationCookie */ public Category getDefaultCategory() { - return Category.A7; + return Category.ERROR_HANDLING; } @@ -183,7 +183,7 @@ public class FailOpenAuthentication extends WeakAuthenticationCookie */ public String getTitle() { - return ("How to Bypass a Fail Open Authentication Scheme"); + return ("Fail Open Authentication Scheme"); } public Element getCredits() diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ForcedBrowsing.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ForcedBrowsing.java index fa6993d2c..c457b097b 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ForcedBrowsing.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ForcedBrowsing.java @@ -107,7 +107,7 @@ public class ForcedBrowsing extends LessonAdapter */ protected Category getDefaultCategory() { - return Category.A10; + return Category.INSECURE_CONFIGURATION; } diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ForgotPassword.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ForgotPassword.java index 7b1216f87..6d2bee5ca 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ForgotPassword.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ForgotPassword.java @@ -290,7 +290,7 @@ public class ForgotPassword extends LessonAdapter protected Category getDefaultCategory() { - return Category.A3; + return Category.AUTHENTICATION; } diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HiddenFieldTampering.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HiddenFieldTampering.java index 97c4c20f7..55f0c15ef 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HiddenFieldTampering.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HiddenFieldTampering.java @@ -176,7 +176,7 @@ public class HiddenFieldTampering extends LessonAdapter */ protected Category getDefaultCategory() { - return Category.A1; + return Category.UNVALIDATED_PARAMETERS; } @@ -228,7 +228,7 @@ public class HiddenFieldTampering extends LessonAdapter */ public String getTitle() { - return ("How to Exploit Hidden Fields"); + return ("Exploit Hidden Fields"); } public Element getCredits() diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HtmlClues.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HtmlClues.java index 814203747..a18af7a8f 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HtmlClues.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HtmlClues.java @@ -250,7 +250,7 @@ public class HtmlClues extends LessonAdapter */ public String getTitle() { - return ("How to Discover Clues in the HTML"); + return ("Discover Clues in the HTML"); } public Element getCredits() diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HttpBasics.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HttpBasics.java index e31ba0406..9a96b453b 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HttpBasics.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HttpBasics.java @@ -99,6 +99,7 @@ public class HttpBasics extends LessonAdapter hints.add("Type in your name and press 'go'"); hints.add("Turn on Show Parameters or other features"); hints.add("Press the Show Lesson Plan button to view a lesson summary"); + hints.add("Press the Show Solution button to view a lesson solution"); return hints; } diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HttpOnly.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HttpOnly.java index b98a15d4d..a28ea80db 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HttpOnly.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HttpOnly.java @@ -149,7 +149,7 @@ public class HttpOnly extends LessonAdapter { */ protected Category getDefaultCategory() { - return Category.A4; + return Category.XSS; } diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/JSONInjection.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/JSONInjection.java index 5920131e0..90fd63c6d 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/JSONInjection.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/JSONInjection.java @@ -100,7 +100,7 @@ public class JSONInjection extends LessonAdapter Form form = new Form(getFormAction(), Form.POST).setName("form") .setEncType(""); - form.setOnSubmit("check();"); + form.setOnSubmit("return check();"); form.addElement(createContent(s)); @@ -127,13 +127,13 @@ public class JSONInjection extends LessonAdapter + TRAVEL_FROM + "');" + lineSep - + "if (fromField.value.length < 3 ) { return; }" + + "if (fromField.value.length < 3 || fromField.value!='BOS') { return; }" + lineSep + "var toField = document.getElementById('" + TRAVEL_TO + "');" + lineSep - + "if (toField.value.length < 3 ) { return; }" + + "if (toField.value.length < 3 || toField.value!='SEA') { return; }" + lineSep + "var url = '" + getLink() + "&from=ajax&" @@ -183,7 +183,7 @@ public class JSONInjection extends LessonAdapter + lineSep + " var node = card.flights[i];" + lineSep - + " strHTML = strHTML + '';" + + " strHTML = strHTML + '';" + lineSep + " strHTML = strHTML + card.flights[i].stops + '';" + lineSep @@ -205,13 +205,13 @@ public class JSONInjection extends LessonAdapter + lineSep + " if ( document.getElementById('radio0').checked )" + lineSep - + " { document.getElementById('price2Submit').value = document.getElementById('priceID0').innerText; }" + + " { document.getElementById('price2Submit').value = document.getElementById('priceID0').innerHTML; return true;}" + lineSep + " else if ( document.getElementById('radio1').checked )" + lineSep - + " { document.getElementById('price2Submit').value = document.getElementById('priceID1').innerText; }" + + " { document.getElementById('price2Submit').value = document.getElementById('priceID1').innerHTML; return true;}" + lineSep + " else " + lineSep - + " { alert('Please choose one flight'); }" + lineSep + "}" + + " { alert('Please choose one flight'); return false;}" + lineSep + "}" + lineSep + "" + lineSep; ec.addElement(new StringElement(script)); Table t1 = new Table().setCellSpacing(0).setCellPadding(0).setBorder(0) @@ -222,6 +222,7 @@ public class JSONInjection extends LessonAdapter tr.addElement(new TD("From: ")); Input in = new Input(Input.TEXT, TRAVEL_FROM, ""); in.addAttribute("onkeyup", "getFlights();"); + in.addAttribute("id", TRAVEL_FROM); tr.addElement(new TD(in)); t1.addElement(tr); @@ -230,6 +231,7 @@ public class JSONInjection extends LessonAdapter tr.addElement(new TD("To: ")); in = new Input(Input.TEXT, TRAVEL_TO, ""); in.addAttribute("onkeyup", "getFlights();"); + in.addAttribute("id", TRAVEL_TO); tr.addElement(new TD(in)); t1.addElement(tr); @@ -251,12 +253,13 @@ public class JSONInjection extends LessonAdapter Input price2Submit = new Input(); price2Submit.setType(Input.HIDDEN); price2Submit.setName("price2Submit"); + price2Submit.setValue(""); + price2Submit.addAttribute("id", "price2Submit"); ec.addElement(price2Submit); if (s.getParser().getRawParameter("radio0", "").equals("on")) { String price = s.getParser().getRawParameter("price2Submit", ""); price = price.replace("$", ""); - if (Integer.parseInt(price) < 600) { makeSuccess(s); @@ -272,7 +275,7 @@ public class JSONInjection extends LessonAdapter public Element getCredits() { - return super.getCustomCredits("Created by Sherif Koussa ", MAC_LOGO); + return super.getCustomCredits("Created by Sherif Koussa", MAC_LOGO); } protected Category getDefaultCategory() diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/JavaScriptValidation.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/JavaScriptValidation.java index 0640e3f51..84fad2cbd 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/JavaScriptValidation.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/JavaScriptValidation.java @@ -270,7 +270,7 @@ public class JavaScriptValidation extends LessonAdapter */ protected Category getDefaultCategory() { - return Category.A1; + return Category.UNVALIDATED_PARAMETERS; } @@ -323,7 +323,7 @@ public class JavaScriptValidation extends LessonAdapter */ public String getTitle() { - return ("How to Bypass Client Side JavaScript Validation"); + return ("Bypass Client Side JavaScript Validation"); } public Element getCredits() diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/LogSpoofing.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/LogSpoofing.java index b299d9c02..13081b3af 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/LogSpoofing.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/LogSpoofing.java @@ -156,14 +156,14 @@ public class LogSpoofing extends LessonAdapter @Override public String getTitle() { - return "How to Perform Log Spoofing"; + return "Log Spoofing"; } @Override protected Category getDefaultCategory() { - return Category.A6; + return Category.INJECTION; } diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/NewLesson.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/NewLesson.java index a8d002f5b..978148880 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/NewLesson.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/NewLesson.java @@ -79,7 +79,7 @@ public class NewLesson extends LessonAdapter */ public String getTitle() { - return ("How to add a new WebGoat lesson"); + return ("Create a WebGoat Lesson"); } public Element getCredits() diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/PathBasedAccessControl.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/PathBasedAccessControl.java index 6677f0b38..2ee358c52 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/PathBasedAccessControl.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/PathBasedAccessControl.java @@ -46,258 +46,236 @@ import org.owasp.webgoat.session.WebSession; * for free software projects. * * For details, please see http://code.google.com/p/webgoat/ - * - * @author Bruce Mayhew WebGoat - * @created October 28, 2003 + * + * @author Bruce Mayhew WebGoat + * @created October 28, 2003 */ public class PathBasedAccessControl extends LessonAdapter { - private final static String FILE = "File"; + private final static String FILE = "File"; - - /** - * Description of the Method - * - * @param s Description of the Parameter - * @return Description of the Return Value - */ - protected Element createContent(WebSession s) - { - ElementContainer ec = new ElementContainer(); - - try + /** + * Description of the Method + * + * @param s + * Description of the Parameter + * @return Description of the Return Value + */ + protected Element createContent(WebSession s) { - String dir = s.getContext().getRealPath("/lesson_plans"); - File d = new File(dir); - - Table t = new Table().setCellSpacing(0).setCellPadding(2).setWidth( - "90%").setAlign("center"); - - if (s.isColor()) - { - t.setBorder(1); - } - - String[] list = d.list(); - String listing = "

Current Directory is: " - + Encoding.urlDecode(dir) - + "

Choose the file to view:

"; - - TR tr = new TR(); - tr.addElement(new TD().setColSpan(2).addElement( - new StringElement(listing))); - t.addElement(tr); - - tr = new TR(); - tr.addElement(new TD().setWidth("35%").addElement( - ECSFactory.makePulldown(FILE, list, "", 15))); - tr.addElement(new TD().addElement(ECSFactory - .makeButton("View File"))); - t.addElement(tr); - - ec.addElement(t); - - // FIXME: would be cool to allow encodings here -- hex, percent, url, etc... - String file = s.getParser().getRawParameter(FILE, ""); - - // defuse file searching - boolean illegalCommand = getWebgoatContext().isDefuseOSCommands(); - if (getWebgoatContext().isDefuseOSCommands()) - { - // allow them to look at any file in the webgoat hierachy. Don't allow them - // to look about the webgoat root, except to see the LICENSE file - if (upDirCount(file) == 3 && !file.endsWith("LICENSE")) - { - s.setMessage("Access denied"); - s - .setMessage("It appears that you are on the right track. " - + "Commands that may compromise the operating system have been disabled. " - + "You are only allowed to see one file in this directory. ");; - } - else if (upDirCount(file) > 3) - { - s.setMessage("Access denied"); - s - .setMessage("It appears that you are on the right track. " - + "Commands that may compromise the operating system have been disabled. " - + "You are only allowed to see files in the webgoat directory. "); - } - else - { - illegalCommand = false; - } - } - - // Using the URI supports encoding of the data. - // We could force the user to use encoded '/'s == %2f to make the lesson more difficult. - // We url Encode our dir name to avoid problems with special characters in our own path. - //File f = new File( new URI("file:///" + Encoding.urlEncode(dir).replaceAll("\\\\","/") + "/" + file.replaceAll("\\\\","/")) ); - File f = new File((dir + "\\" + file).replaceAll("\\\\", "/")); - - if (s.isDebug()) - { - - s.setMessage("File: " + file); - s.setMessage("Dir: " + dir); - //s.setMessage("File URI: " + "file:///" + (Encoding.urlEncode(dir) + "\\" + Encoding.urlEncode(file)).replaceAll("\\\\","/")); - s.setMessage(" - isFile(): " + f.isFile()); - s.setMessage(" - exists(): " + f.exists()); - } - if (!illegalCommand) - { - if (f.isFile() && f.exists()) - { - // Don't set completion if they are listing files in the - // directory listing we gave them. - if (upDirCount(file) >= 1) - { - s.setMessage("Congratulations! Access to file allowed"); - s.setMessage(" ==> " - + Encoding.urlDecode(f.getCanonicalPath())); - makeSuccess(s); - } - else - { - s - .setMessage("File is already in allowed directory - try again!"); - s.setMessage(" ==> " - + Encoding.urlDecode(f.getCanonicalPath())); - } - } - else if (file != null && file.length() != 0) - { - s.setMessage("Access to file/directory \"" - + Encoding.urlDecode(f.getCanonicalPath()) - + "\" denied"); - } - else - { - // do nothing, probably entry screen - } + ElementContainer ec = new ElementContainer(); try { - // Show them the file - // Strip out some of the extra html from the "help" file - ec.addElement(new BR()); - ec.addElement(new BR()); - ec.addElement(new HR().setWidth("100%")); - ec.addElement("Viewing file: " + f.getCanonicalPath()); - ec.addElement(new HR().setWidth("100%")); - if (f.length() > 80000) - { - throw new Exception("File is too large"); - } - String fileData = getFileText(new BufferedReader( - new FileReader(f)), false); - if (fileData.indexOf(0x00) != -1) - { - throw new Exception("File is binary"); - } - ec.addElement(new StringElement(fileData.replaceAll( - System.getProperty("line.separator"), "
") - .replaceAll("(?s)", "") - .replaceAll("

", "
").replaceAll( - "
\\s
", "
").replaceAll("<\\?", - "<").replaceAll("<(r|u|t)", "<$1"))); + String dir = s.getContext().getRealPath("/lesson_plans"); + File d = new File(dir); + + Table t = new Table().setCellSpacing(0).setCellPadding(2).setWidth("90%").setAlign("center"); + + if (s.isColor()) + { + t.setBorder(1); + } + + String[] list = d.list(); + String listing = "

Current Directory is: " + Encoding.urlDecode(dir) + + "

Choose the file to view:

"; + + TR tr = new TR(); + tr.addElement(new TD().setColSpan(2).addElement(new StringElement(listing))); + t.addElement(tr); + + tr = new TR(); + tr.addElement(new TD().setWidth("35%").addElement(ECSFactory.makePulldown(FILE, list, "", 15))); + tr.addElement(new TD().addElement(ECSFactory.makeButton("View File"))); + t.addElement(tr); + + ec.addElement(t); + + // FIXME: would be cool to allow encodings here -- hex, percent, + // url, etc... + String file = s.getParser().getRawParameter(FILE, ""); + + // defuse file searching + boolean illegalCommand = getWebgoatContext().isDefuseOSCommands(); + if (getWebgoatContext().isDefuseOSCommands()) + { + // allow them to look at any file in the webgoat hierachy. Don't + // allow them + // to look about the webgoat root, except to see the LICENSE + // file + if (upDirCount(file) == 3 && !file.endsWith("LICENSE")) + { + s.setMessage("Access denied"); + s.setMessage("It appears that you are on the right track. " + + "Commands that may compromise the operating system have been disabled. " + + "You are only allowed to see one file in this directory. "); + } else if (upDirCount(file) > 3) + { + s.setMessage("Access denied"); + s.setMessage("It appears that you are on the right track. " + + "Commands that may compromise the operating system have been disabled. " + + "You are only allowed to see files in the webgoat directory. "); + } else + { + illegalCommand = false; + } + } + + // Using the URI supports encoding of the data. + // We could force the user to use encoded '/'s == %2f to make the lesson more difficult. + // We url Encode our dir name to avoid problems with special characters in our own path. + // File f = new File( new URI("file:///" + + // Encoding.urlEncode(dir).replaceAll("\\\\","/") + "/" + + // file.replaceAll("\\\\","/")) ); + File f = new File((dir + "\\" + file).replaceAll("\\\\", "/")); + + if (s.isDebug()) + { + + s.setMessage("File: " + file); + s.setMessage("Dir: " + dir); + // s.setMessage("File URI: " + "file:///" + + // (Encoding.urlEncode(dir) + "\\" + + // Encoding.urlEncode(file)).replaceAll("\\\\","/")); + s.setMessage(" - isFile(): " + f.isFile()); + s.setMessage(" - exists(): " + f.exists()); + } + if (!illegalCommand) + { + if (f.isFile() && f.exists()) + { + // Don't set completion if they are listing files in the + // directory listing we gave them. + if (upDirCount(file) >= 1) + { + s.setMessage("Congratulations! Access to file allowed"); + s.setMessage(" ==> " + Encoding.urlDecode(f.getCanonicalPath())); + makeSuccess(s); + } else + { + s.setMessage("File is already in allowed directory - try again!"); + s.setMessage(" ==> " + Encoding.urlDecode(f.getCanonicalPath())); + } + } else if (file != null && file.length() != 0) + { + s.setMessage("Access to file/directory \"" + Encoding.urlDecode(f.getCanonicalPath()) + + "\" denied"); + } else + { + // do nothing, probably entry screen + } + + try + { + // Show them the file + // Strip out some of the extra html from the "help" file + ec.addElement(new BR()); + ec.addElement(new BR()); + ec.addElement(new HR().setWidth("100%")); + ec.addElement("Viewing file: " + f.getCanonicalPath()); + ec.addElement(new HR().setWidth("100%")); + if (f.length() > 80000) + { + throw new Exception("File is too large"); + } + String fileData = getFileText(new BufferedReader(new FileReader(f)), false); + if (fileData.indexOf(0x00) != -1) + { + throw new Exception("File is binary"); + } + ec + .addElement(new StringElement(fileData.replaceAll(System.getProperty("line.separator"), + "
").replaceAll("(?s)", "").replaceAll("

", "
") + .replaceAll("
\\s
", "
").replaceAll("<\\?", "<").replaceAll( + "<(r|u|t)", "<$1"))); + } + catch (Exception e) + { + ec.addElement(new BR()); + ec.addElement("The following error occurred while accessing the file: <"); + ec.addElement(e.getMessage()); + } + } } catch (Exception e) { - ec.addElement(new BR()); - ec - .addElement("The following error occurred while accessing the file: <"); - ec.addElement(e.getMessage()); + s.setMessage("Error generating " + this.getClass().getName()); + e.printStackTrace(); } - } + + return (ec); } - catch (Exception e) + + private int upDirCount(String fileName) { - s.setMessage("Error generating " + this.getClass().getName()); - e.printStackTrace(); + int count = 0; + int startIndex = fileName.indexOf(".."); + while (startIndex != -1) + { + count++; + startIndex = fileName.indexOf("..", startIndex + 1); + } + return count; } - return (ec); - } - - - private int upDirCount(String fileName) - { - int count = 0; - int startIndex = fileName.indexOf(".."); - while (startIndex != -1) + /** + * DOCUMENT ME! + * + * @return DOCUMENT ME! + */ + protected Category getDefaultCategory() { - count++; - startIndex = fileName.indexOf("..", startIndex + 1); + return Category.ACCESS_CONTROL; } - return count; - } + /** + * Gets the hints attribute of the AccessControlScreen object + * + * @return The hints value + */ + protected List getHints(WebSession s) + { + List hints = new ArrayList(); + hints.add("Most operating systems allow special characters in the path."); + hints.add("Use a file explorer to find the tomcat\\webapps\\WebGoat\\lesson_plans directory"); + hints.add("Try .. in the path"); + hints.add("Try ..\\..\\..\\LICENSE"); - /** - * DOCUMENT ME! - * - * @return DOCUMENT ME! - */ - protected Category getDefaultCategory() - { - return Category.A2; - } + return hints; + } + /** + * Gets the instructions attribute of the WeakAccessControl object + * + * @return The instructions value + */ + public String getInstructions(WebSession s) + { + String instructions = "The '" + s.getUserName() + "' user has access to all the files in the " + + "lesson_plans directory. Try to break the access control mechanism and access a " + + "resource that is not in the listed directory. After selecting a file to view, WebGoat " + + "will report if access to the file was granted. An interesting file to try and obtain might " + + "be a file like tomcat/conf/tomcat-users.xml"; - /** - * Gets the hints attribute of the AccessControlScreen object - * - * @return The hints value - */ - protected List getHints(WebSession s) - { - List hints = new ArrayList(); - hints - .add("Most operating systems allow special characters in the path."); - hints - .add("Use a file explorer to find the tomcat\\webapps\\WebGoat\\lesson_plans directory"); - hints.add("Try .. in the path"); - hints.add("Try ..\\..\\..\\LICENSE"); + return (instructions); + } - return hints; - } + private final static Integer DEFAULT_RANKING = new Integer(115); + protected Integer getDefaultRanking() + { + return DEFAULT_RANKING; + } - /** - * Gets the instructions attribute of the WeakAccessControl object - * - * @return The instructions value - */ - public String getInstructions(WebSession s) - { - String instructions = "The '" - + s.getUserName() - + "' user has access to all the files in the " - + "lesson_plans directory. Try to break the access control mechanism and access a " - + "resource that is not in the listed directory. After selecting a file to view, WebGoat " - + "will report if access to the file was granted. An interesting file to try and obtain might " - + "be a file like tomcat/conf/tomcat-users.xml"; - - return (instructions); - } - - private final static Integer DEFAULT_RANKING = new Integer(115); - - - protected Integer getDefaultRanking() - { - return DEFAULT_RANKING; - } - - - /** - * Gets the title attribute of the AccessControlScreen object - * - * @return The title value - */ - public String getTitle() - { - return ("How to Bypass a Path Based Access Control Scheme"); - } + /** + * Gets the title attribute of the AccessControlScreen object + * + * @return The title value + */ + public String getTitle() + { + return ("Bypass a Path Based Access Control Scheme"); + } } diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Phishing.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Phishing.java index d4ecb1e06..a9d1d2eae 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Phishing.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Phishing.java @@ -265,7 +265,7 @@ public class Phishing extends LessonAdapter */ protected Category getDefaultCategory() { - return Category.A4; + return Category.XSS; } diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ReflectedXSS.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ReflectedXSS.java index a7bec094b..3e3bb3ee8 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ReflectedXSS.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ReflectedXSS.java @@ -231,7 +231,7 @@ public class ReflectedXSS extends LessonAdapter */ protected Category getDefaultCategory() { - return Category.A4; + return Category.XSS; } @@ -288,7 +288,7 @@ public class ReflectedXSS extends LessonAdapter */ public String getTitle() { - return "How to Perform Reflected Cross Site Scripting (XSS) Attacks"; + return "Reflected XSS Attacks"; } } diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RemoteAdminFlaw.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RemoteAdminFlaw.java index 7bae6d0fd..2d673d925 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RemoteAdminFlaw.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RemoteAdminFlaw.java @@ -73,7 +73,7 @@ public class RemoteAdminFlaw extends LessonAdapter */ protected Category getDefaultCategory() { - return Category.A2; + return Category.ACCESS_CONTROL; } diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/RoleBasedAccessControl.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/RoleBasedAccessControl.java index 3c7098848..089fb3359 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/RoleBasedAccessControl.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/RoleBasedAccessControl.java @@ -87,7 +87,7 @@ public class RoleBasedAccessControl extends GoatHillsFinancial */ public Category getDefaultCategory() { - return Category.A2; + return Category.ACCESS_CONTROL; } /** diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/SQLInjection.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/SQLInjection.java index 4f6210f77..2eefe6f13 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/SQLInjection.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/SQLInjection.java @@ -91,7 +91,7 @@ public class SQLInjection extends GoatHillsFinancial */ public Category getDefaultCategory() { - return Category.A6; + return Category.INJECTION; } /** diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SilentTransactions.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SilentTransactions.java index 1e82528fb..ecb983b4e 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SilentTransactions.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SilentTransactions.java @@ -161,7 +161,7 @@ public class SilentTransactions extends LessonAdapter + lineSep + "}" + lineSep - + " var balanceValue = document.getElementById('balanceID').innerText;" + + " var balanceValue = document.getElementById('balanceID').innerHTML;" + lineSep + " balanceValue = balanceValue.replace( new RegExp('$') , '');" + lineSep @@ -183,7 +183,7 @@ public class SilentTransactions extends LessonAdapter + lineSep + "balanceValue = balanceValue.toFixed(2);" + lineSep - + "document.getElementById('balanceID').innerText = balanceValue + '$';" + + "document.getElementById('balanceID').innerHTML = balanceValue + '$';" + lineSep + "}" + lineSep @@ -225,6 +225,7 @@ public class SilentTransactions extends LessonAdapter tr = new TR(); tr.addElement(new TD(new StringElement("Transfer to Account:"))); Input newAccount = new Input(); + newAccount.addAttribute("id", "newAccount"); newAccount.setType(Input.TEXT); newAccount.setName("newAccount"); newAccount.setValue(""); @@ -234,6 +235,7 @@ public class SilentTransactions extends LessonAdapter tr = new TR(); tr.addElement(new TD(new StringElement("Transfer Amount:"))); Input amount = new Input(); + amount.addAttribute("id", "amount"); amount.setType(Input.TEXT); amount.setName("amount"); amount.setValue(0); @@ -248,6 +250,7 @@ public class SilentTransactions extends LessonAdapter Input b = new Input(); b.setType(Input.BUTTON); b.setName("confirm"); + b.addAttribute("id", "confirm"); b.setValue("Confirm"); b.setOnClick("processData();"); ec.addElement(b); diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SoapRequest.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SoapRequest.java index 906272639..c9b6b0616 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SoapRequest.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SoapRequest.java @@ -173,7 +173,7 @@ public class SoapRequest extends SequentialLessonAdapter public String getTitle() { - return "How to Create a SOAP Request"; + return "Create a SOAP Request"; } diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SqlNumericInjection.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SqlNumericInjection.java index 3c7d000e0..4e3c682c9 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SqlNumericInjection.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SqlNumericInjection.java @@ -333,7 +333,7 @@ public class SqlNumericInjection extends SequentialLessonAdapter */ protected Category getDefaultCategory() { - return Category.A6; + return Category.INJECTION; } @@ -374,7 +374,7 @@ public class SqlNumericInjection extends SequentialLessonAdapter */ public String getTitle() { - return ("How to Perform Numeric SQL Injection"); + return ("Numeric SQL Injection"); } diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SqlStringInjection.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SqlStringInjection.java index 24d45d39b..a48e3a8c3 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SqlStringInjection.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SqlStringInjection.java @@ -249,7 +249,7 @@ public class SqlStringInjection extends SequentialLessonAdapter */ protected Category getDefaultCategory() { - return Category.A6; + return Category.INJECTION; } @@ -290,7 +290,7 @@ public class SqlStringInjection extends SequentialLessonAdapter */ public String getTitle() { - return ("How to Perform String SQL Injection"); + return ("String SQL Injection"); } diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/StoredXss.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/StoredXss.java index d85c1931f..f5d75c112 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/StoredXss.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/StoredXss.java @@ -151,7 +151,7 @@ public class StoredXss extends LessonAdapter */ protected Category getDefaultCategory() { - return Category.A4; + return Category.XSS; } @@ -190,7 +190,7 @@ public class StoredXss extends LessonAdapter */ public String getTitle() { - return ("How to Perform Stored Cross Site Scripting (XSS)"); + return ("Stored XSS Attacks"); } diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ThreadSafetyProblem.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ThreadSafetyProblem.java index ee6edc9b8..efb70a310 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ThreadSafetyProblem.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ThreadSafetyProblem.java @@ -191,7 +191,7 @@ public class ThreadSafetyProblem extends LessonAdapter */ public String getTitle() { - return ("How to Exploit Thread Safety Problems"); + return ("Thread Safety Problems"); } diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/TraceXSS.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/TraceXSS.java index e11078408..e8e569b78 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/TraceXSS.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/TraceXSS.java @@ -233,7 +233,7 @@ public class TraceXSS extends LessonAdapter */ protected Category getDefaultCategory() { - return Category.A4; + return Category.XSS; } @@ -281,6 +281,6 @@ public class TraceXSS extends LessonAdapter */ public String getTitle() { - return ("How to Perform Cross Site Tracing (XST) Attacks"); + return ("Cross Site Tracing (XST) Attacks"); } } diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/UncheckedEmail.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/UncheckedEmail.java index 91bbe9218..191be15ea 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/UncheckedEmail.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/UncheckedEmail.java @@ -204,7 +204,7 @@ public class UncheckedEmail extends LessonAdapter */ protected Category getDefaultCategory() { - return Category.A1; + return Category.UNVALIDATED_PARAMETERS; } @@ -257,7 +257,7 @@ public class UncheckedEmail extends LessonAdapter */ public String getTitle() { - return ("How to Exploit Unchecked Email"); + return ("Exploit Unchecked Email"); } } diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WeakAuthenticationCookie.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WeakAuthenticationCookie.java index 3a9e02ccd..02c673db6 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WeakAuthenticationCookie.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WeakAuthenticationCookie.java @@ -46,347 +46,338 @@ import org.owasp.webgoat.session.*; * for free software projects. * * For details, please see http://code.google.com/p/webgoat/ - * - * @author Jeff Williams Aspect Security - * @created October 28, 2003 + * + * @author Jeff Williams Aspect Security + * @created October 28, 2003 */ public class WeakAuthenticationCookie extends LessonAdapter { - public final static A ASPECT_LOGO = new A().setHref("http://www.aspectsecurity.com").addElement(new IMG("images/logos/aspect.jpg").setAlt("Aspect Security").setBorder(0).setHspace(0).setVspace(0)); - - /** - * Description of the Field - */ - protected final static String AUTHCOOKIE = "AuthCookie"; + public final static A ASPECT_LOGO = new A().setHref("http://www.aspectsecurity.com").addElement( + new IMG("images/logos/aspect.jpg").setAlt("Aspect Security").setBorder(0).setHspace(0).setVspace(0)); - /** - * Description of the Field - */ - protected final static String LOGOUT = "WACLogout"; + /** + * Description of the Field + */ + protected final static String AUTHCOOKIE = "AuthCookie"; - /** - * Description of the Field - */ - protected final static String PASSWORD = "Password"; + /** + * Description of the Field + */ + protected final static String LOGOUT = "WACLogout"; - /** - * Description of the Field - */ - protected final static String USERNAME = "Username"; + /** + * Description of the Field + */ + protected final static String PASSWORD = "Password"; + /** + * Description of the Field + */ + protected final static String USERNAME = "Username"; - /** - * Description of the Method - * - * @param s Description of the Parameter - * @return Description of the Return Value - * @exception Exception Description of the Exception - */ - protected String checkCookie(WebSession s) throws Exception - { - String cookie = getCookie(s); - - if (cookie != null) + /** + * Description of the Method + * + * @param s + * Description of the Parameter + * @return Description of the Return Value + * @exception Exception + * Description of the Exception + */ + protected String checkCookie(WebSession s) throws Exception { - if (cookie.equals(encode("webgoat12345"))) - { - return ("webgoat"); - } + String cookie = getCookie(s); - if (cookie.equals(encode("aspect12345"))) - { - return ("aspect"); - } + if (cookie != null) + { + if (cookie.equals(encode("webgoat12345"))) + { + return ("webgoat"); + } - if (cookie.equals(encode("alice12345"))) - { - makeSuccess(s); - return ("alice"); - } - else - { - s.setMessage("Invalid cookie"); - s.eatCookies(); - } + if (cookie.equals(encode("aspect12345"))) + { + return ("aspect"); + } + + if (cookie.equals(encode("alice12345"))) + { + makeSuccess(s); + return ("alice"); + } else + { + s.setMessage("Invalid cookie"); + s.eatCookies(); + } + } + + return (null); } - return (null); - } - - - /** - * Description of the Method - * - * @param s Description of the Parameter - * @return Description of the Return Value - * @exception Exception Description of the Exception - */ - protected String checkParams(WebSession s) throws Exception - { - String username = s.getParser().getStringParameter(USERNAME, ""); - String password = s.getParser().getStringParameter(PASSWORD, ""); - - if ((username.length() > 0) && (password.length() > 0)) + /** + * Description of the Method + * + * @param s + * Description of the Parameter + * @return Description of the Return Value + * @exception Exception + * Description of the Exception + */ + protected String checkParams(WebSession s) throws Exception { - String loginID = ""; + String username = s.getParser().getStringParameter(USERNAME, ""); + String password = s.getParser().getStringParameter(PASSWORD, ""); - if (username.equals("webgoat") && password.equals("webgoat")) - { - loginID = encode("webgoat12345"); - } - else if (username.equals("aspect") && password.equals("aspect")) - { - loginID = encode("aspect12345"); - } + if ((username.length() > 0) && (password.length() > 0)) + { + String loginID = ""; - if (loginID != "") - { - Cookie newCookie = new Cookie(AUTHCOOKIE, loginID); - s.setMessage("Your identity has been remembered"); - s.getResponse().addCookie(newCookie); + if (username.equals("webgoat") && password.equals("webgoat")) + { + loginID = encode("webgoat12345"); + } else if (username.equals("aspect") && password.equals("aspect")) + { + loginID = encode("aspect12345"); + } - return (username); - } - else - { - s.setMessage("Invalid username and password entered."); - } + if (loginID != "") + { + Cookie newCookie = new Cookie(AUTHCOOKIE, loginID); + s.setMessage("Your identity has been remembered"); + s.getResponse().addCookie(newCookie); + + return (username); + } else + { + s.setMessage("Invalid username and password entered."); + } + } + + return (null); } - return (null); - } - - - /** - * Description of the Method - * - * @param s Description of the Parameter - * @return Description of the Return Value - */ - protected Element createContent(WebSession s) - { - boolean logout = s.getParser().getBooleanParameter(LOGOUT, false); - - if (logout) + /** + * Description of the Method + * + * @param s + * Description of the Parameter + * @return Description of the Return Value + */ + protected Element createContent(WebSession s) { - s.setMessage("Goodbye! Your password has been forgotten"); - s.eatCookies(); + boolean logout = s.getParser().getBooleanParameter(LOGOUT, false); - return (makeLogin(s)); + if (logout) + { + s.setMessage("Goodbye! Your password has been forgotten"); + s.eatCookies(); + + return (makeLogin(s)); + } + + try + { + String user = checkCookie(s); + + if ((user != null) && (user.length() > 0)) + { + return (makeUser(s, user, "COOKIE")); + } + + user = checkParams(s); + + if ((user != null) && (user.length() > 0)) + { + return (makeUser(s, user, "PARAMETERS")); + } + } + catch (Exception e) + { + s.setMessage("Error generating " + this.getClass().getName()); + e.printStackTrace(); + } + + return (makeLogin(s)); } - try + /** + * Description of the Method + * + * @param value + * Description of the Parameter + * @return Description of the Return Value + */ + private String encode(String value) { - String user = checkCookie(s); + // + StringBuffer encoded = new StringBuffer(); - if ((user != null) && (user.length() > 0)) - { - return (makeUser(s, user, "COOKIE")); - } + for (int i = 0; i < value.length(); i++) + { + encoded.append(String.valueOf((char) (value.charAt(i) + 1))); + } - user = checkParams(s); - - if ((user != null) && (user.length() > 0)) - { - return (makeUser(s, user, "PARAMETERS")); - } - } - catch (Exception e) - { - s.setMessage("Error generating " + this.getClass().getName()); - e.printStackTrace(); + return encoded.reverse().toString(); + // } - return (makeLogin(s)); - } - - - /** - * Description of the Method - * - * @param value Description of the Parameter - * @return Description of the Return Value - */ - private String encode(String value) - { - // - StringBuffer encoded = new StringBuffer(); - - for (int i = 0; i < value.length(); i++) + /** + * Gets the category attribute of the WeakAuthenticationCookie object + * + * @return The category value + */ + protected Category getDefaultCategory() { - encoded.append(String.valueOf((char) (value.charAt(i) + 1))); + return Category.AUTHENTICATION; } - return encoded.reverse().toString(); - // - } - - - /** - * Gets the category attribute of the WeakAuthenticationCookie object - * - * @return The category value - */ - protected Category getDefaultCategory() - { - return Category.A3; - } - - - /** - * Gets the cookie attribute of the CookieScreen object - * - * @param s Description of the Parameter - * @return The cookie value - */ - protected String getCookie(WebSession s) - { - Cookie[] cookies = s.getRequest().getCookies(); - - for (int i = 0; i < cookies.length; i++) + /** + * Gets the cookie attribute of the CookieScreen object + * + * @param s + * Description of the Parameter + * @return The cookie value + */ + protected String getCookie(WebSession s) { - if (cookies[i].getName().equalsIgnoreCase(AUTHCOOKIE)) - { - return (cookies[i].getValue()); - } + Cookie[] cookies = s.getRequest().getCookies(); + + for (int i = 0; i < cookies.length; i++) + { + if (cookies[i].getName().equalsIgnoreCase(AUTHCOOKIE)) + { + return (cookies[i].getValue()); + } + } + + return (null); } - return (null); - } - - - /** - * Gets the hints attribute of the CookieScreen object - * - * @return The hints value - */ - protected List getHints(WebSession s) - { - List hints = new ArrayList(); - hints - .add("The server skips authentication if you send the right cookie."); - hints - .add("Is the AuthCookie value guessable knowing the username and password?"); - hints - .add("Add 'AuthCookie=********;' to the Cookie: header using WebScarab."); - - return hints; - } - - - /** - * Gets the instructions attribute of the WeakAuthenticationCookie object - * - * @return The instructions value - */ - public String getInstructions(WebSession s) - { - String instructions = "Login using the webgoat/webgoat account to see what happens. You may also try aspect/aspect. When you understand the authentication cookie, try changing your identity to alice."; - - return (instructions); - } - - private final static Integer DEFAULT_RANKING = new Integer(90); - - - protected Integer getDefaultRanking() - { - return DEFAULT_RANKING; - } - - - /** - * Gets the title attribute of the CookieScreen object - * - * @return The title value - */ - public String getTitle() - { - return ("How to Spoof an Authentication Cookie"); - } - - - /** - * Description of the Method - * - * @param s Description of the Parameter - * @return Description of the Return Value - */ - protected Element makeLogin(WebSession s) - { - ElementContainer ec = new ElementContainer(); - - ec.addElement(new H1().addElement("Sign In ")); - Table t = new Table().setCellSpacing(0).setCellPadding(2).setBorder(0) - .setWidth("90%").setAlign("center"); - - if (s.isColor()) + /** + * Gets the hints attribute of the CookieScreen object + * + * @return The hints value + */ + protected List getHints(WebSession s) { - t.setBorder(1); + List hints = new ArrayList(); + hints.add("The server authenticates the user using a cookie, if you send the right cookie."); + hints.add("Is the AuthCookie value guessable knowing the username and password?"); + hints.add("Add 'AuthCookie=********;' to the Cookie: header using " + + "WebScarab."); + hints.add("After logging in as webgoat a cookie is added. 65432ubphcfx
" + + "After logging in as aspect a cookie is added. 65432udfqtb
" + + "Is there anything similar about the cookies and the login names?"); + return hints; } - TR tr = new TR(); - tr - .addElement(new TH() - .addElement( - "Please sign in to your account. See the OWASP admin if you do not have an account.") - .setColSpan(2).setAlign("left")); - t.addElement(tr); + /** + * Gets the instructions attribute of the WeakAuthenticationCookie object + * + * @return The instructions value + */ + public String getInstructions(WebSession s) + { + String instructions = "Login using the webgoat/webgoat account to see what happens. You may also try aspect/aspect. When you understand the authentication cookie, try changing your identity to alice."; - tr = new TR(); - tr.addElement(new TD().addElement("*Required Fields").setWidth("30%")); - t.addElement(tr); + return (instructions); + } - tr = new TR(); - tr.addElement(new TD().addElement(" ").setColSpan(2)); - t.addElement(tr); + private final static Integer DEFAULT_RANKING = new Integer(90); - TR row1 = new TR(); - TR row2 = new TR(); - row1.addElement(new TD(new B(new StringElement("*User Name: ")))); - row2.addElement(new TD(new B(new StringElement("*Password: ")))); + protected Integer getDefaultRanking() + { + return DEFAULT_RANKING; + } - Input input1 = new Input(Input.TEXT, USERNAME, ""); - Input input2 = new Input(Input.PASSWORD, PASSWORD, ""); - row1.addElement(new TD(input1)); - row2.addElement(new TD(input2)); - t.addElement(row1); - t.addElement(row2); + /** + * Gets the title attribute of the CookieScreen object + * + * @return The title value + */ + public String getTitle() + { + return ("Spoof an Authentication Cookie"); + } - Element b = ECSFactory.makeButton("Login"); - t.addElement(new TR(new TD(b))); - ec.addElement(t); + /** + * Description of the Method + * + * @param s + * Description of the Parameter + * @return Description of the Return Value + */ + protected Element makeLogin(WebSession s) + { + ElementContainer ec = new ElementContainer(); - return (ec); - } + ec.addElement(new H1().addElement("Sign In ")); + Table t = new Table().setCellSpacing(0).setCellPadding(2).setBorder(0).setWidth("90%").setAlign("center"); + if (s.isColor()) + { + t.setBorder(1); + } - /** - * Description of the Method - * - * @param s Description of the Parameter - * @param user Description of the Parameter - * @param method Description of the Parameter - * @return Description of the Return Value - * @exception Exception Description of the Exception - */ - protected Element makeUser(WebSession s, String user, String method) - throws Exception - { - ElementContainer ec = new ElementContainer(); - ec.addElement(new P().addElement("Welcome, " + user)); - ec.addElement(new P().addElement("You have been authenticated with " - + method)); - ec.addElement(new P().addElement(ECSFactory.makeLink("Logout", LOGOUT, - true))); - ec.addElement(new P() - .addElement(ECSFactory.makeLink("Refresh", "", ""))); + TR tr = new TR(); + tr.addElement(new TH().addElement( + "Please sign in to your account. See the OWASP admin if you do not have an account.").setColSpan(2) + .setAlign("left")); + t.addElement(tr); - return (ec); - } - - public Element getCredits() - { - return super.getCustomCredits("", ASPECT_LOGO); - } + tr = new TR(); + tr.addElement(new TD().addElement("*Required Fields").setWidth("30%")); + t.addElement(tr); + + tr = new TR(); + tr.addElement(new TD().addElement(" ").setColSpan(2)); + t.addElement(tr); + + TR row1 = new TR(); + TR row2 = new TR(); + row1.addElement(new TD(new B(new StringElement("*User Name: ")))); + row2.addElement(new TD(new B(new StringElement("*Password: ")))); + + Input input1 = new Input(Input.TEXT, USERNAME, ""); + Input input2 = new Input(Input.PASSWORD, PASSWORD, ""); + row1.addElement(new TD(input1)); + row2.addElement(new TD(input2)); + t.addElement(row1); + t.addElement(row2); + + Element b = ECSFactory.makeButton("Login"); + t.addElement(new TR(new TD(b))); + ec.addElement(t); + + return (ec); + } + + /** + * Description of the Method + * + * @param s + * Description of the Parameter + * @param user + * Description of the Parameter + * @param method + * Description of the Parameter + * @return Description of the Return Value + * @exception Exception + * Description of the Exception + */ + protected Element makeUser(WebSession s, String user, String method) throws Exception + { + ElementContainer ec = new ElementContainer(); + ec.addElement(new P().addElement("Welcome, " + user)); + ec.addElement(new P().addElement("You have been authenticated with " + method)); + ec.addElement(new P().addElement(ECSFactory.makeLink("Logout", LOGOUT, true))); + ec.addElement(new P().addElement(ECSFactory.makeLink("Refresh", "", ""))); + + return (ec); + } + + public Element getCredits() + { + return super.getCustomCredits("", ASPECT_LOGO); + } } diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WeakSessionID.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WeakSessionID.java index 4847ecf49..b331e3bed 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WeakSessionID.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WeakSessionID.java @@ -90,7 +90,7 @@ public class WeakSessionID extends LessonAdapter } - protected String newCookie() + protected String newCookie(WebSession s) { long now = System.currentTimeMillis(); seq++; @@ -98,6 +98,7 @@ public class WeakSessionID extends LessonAdapter { String target = encode(seq++, lastTime + (now - lastTime) / 2); sessionList.add(target); + s.setMessage(target); if (sessionList.size() > 100) sessionList.remove(0); } @@ -149,7 +150,7 @@ public class WeakSessionID extends LessonAdapter */ protected Category getDefaultCategory() { - return Category.A3; + return Category.SESSION_MANAGEMENT; } @@ -161,12 +162,11 @@ public class WeakSessionID extends LessonAdapter protected List getHints(WebSession s) { List hints = new ArrayList(); - hints - .add("The server skips authentication if you send the right cookie."); - hints - .add("Is the cookie value predictable? Can you see gaps where someone else has acquired a cookie?"); + hints.add("The server skips authentication if you send the right cookie."); + hints.add("Is the cookie value predictable? Can you see gaps where someone else has acquired a cookie?"); hints.add("Try harder, you brute!"); - + hints.add("The first part of the cookie is a sequential number, the second part is milliseconds."); + hints.add("After the 29th try, the skipped identifier is printed to your screen. Use that to login."); return hints; } @@ -186,7 +186,7 @@ public class WeakSessionID extends LessonAdapter */ public String getTitle() { - return ("How to Hijack a Session"); + return ("Hijack a Session"); } @@ -204,7 +204,7 @@ public class WeakSessionID extends LessonAdapter if (weakid == null) { - weakid = newCookie(); + weakid = newCookie(s); Cookie cookie = new Cookie(SESSIONID, weakid); s.getResponse().addCookie(cookie); } diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/XMLInjection.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/XMLInjection.java index 76229d9d4..726365dc1 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/XMLInjection.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/XMLInjection.java @@ -107,10 +107,10 @@ public class XMLInjection extends LessonAdapter { String lineSep = System.getProperty("line.separator"); String xmlStr = "" + lineSep - + "WebGoat t-shirt 20 Pts" + + "WebGoat Mug 20 Pts" + lineSep - + "WebGoat Secure Kettle 50 Pts" - + lineSep + "WebGoat Mug 30 Pts" + + "WebGoat t-shirt 50 Pts" + + lineSep + "WebGoat Secure Kettle 30 Pts" + lineSep + ""; s.getResponse().setContentType("text/xml"); s.getResponse().setHeader("Cache-Control", "no-cache"); @@ -188,7 +188,7 @@ public class XMLInjection extends LessonAdapter + lineSep + " if (req.status == 200) { " + lineSep - + " var rewards = req.responseXML.getElementsByTagName('root')[0];" + + " var rewards = req.responseXML.getElementsByTagName('reward');" + lineSep + " var rewardsDiv = document.getElementById('rewardsDiv');" + lineSep @@ -198,13 +198,13 @@ public class XMLInjection extends LessonAdapter + lineSep + " strHTML = ' Rewards';" + lineSep - + " for(var i=0; i< rewards.childNodes.length; i++){" - + lineSep - + " var node = rewards.childNodes[i];" + + " for(var i=0; i< rewards.length; i++){" + //+ lineSep + //+ " var node = rewards.childNodes[i+1];" + lineSep + " strHTML = strHTML + '';" + lineSep - + " strHTML = strHTML + node.childNodes[0].nodeValue + '';" + + " strHTML = strHTML + rewards[i].firstChild.nodeValue + '';" + lineSep + " }" + lineSep @@ -254,7 +254,7 @@ public class XMLInjection extends LessonAdapter Input input1 = new Input(Input.TEXT, ACCOUNTID, ""); input1.addAttribute("onkeyup", "getRewards();"); - + input1.addAttribute("id", ACCOUNTID); tr.addElement(new TD(input1)); t1.addElement(tr); diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/XPATHInjection.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/XPATHInjection.java index cdfa1d427..ba98ab3d3 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/XPATHInjection.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/XPATHInjection.java @@ -224,7 +224,7 @@ public class XPATHInjection extends LessonAdapter protected Category getDefaultCategory() { - return Category.A6; + return Category.INJECTION; } @@ -259,7 +259,7 @@ public class XPATHInjection extends LessonAdapter public String getTitle() { - return "How to Perform XPATH Injection"; + return "XPATH Injection"; } -} +} \ No newline at end of file diff --git a/ webgoat/main/project/WebContent/css/menu.css b/ webgoat/main/project/WebContent/css/menu.css index 7fbac6ad4..0436f5aeb 100644 --- a/ webgoat/main/project/WebContent/css/menu.css +++ b/ webgoat/main/project/WebContent/css/menu.css @@ -4,4 +4,8 @@ .pviimenudiv a:link {color: #333333; text-decoration: underline} .pviimenudiv a:visited {color: #0066FF; text-decoration: underline} .pviimenudiv a:hover {color: red; text-decoration: underline} -.pviimenudiv a:active {color: #0066FF; text-decoration: underline} \ No newline at end of file +.pviimenudiv a:active {color: #0066FF; text-decoration: underline} +.pviimenudivstage a:link {color: #333333; font-size: 9px; display: block; margin-left: 2em; } +.pviimenudivstage a:visited {color: #0066FF; font-size: 9px; display: block; margin-left: 2em; } +.pviimenudivstage a:hover {color: red; font-size: 9px; display: block; margin-left: 2em; } +.pviimenudivstage a:active {color: #0066FF; font-size: 9px; display: block; margin-left: 2em; } diff --git a/ webgoat/main/project/WebContent/images/header/header.jpg b/ webgoat/main/project/WebContent/images/header/header.jpg index 9468a467ba6c3a16a163ff079bb2fa75f51f1062..9c230882f0cbf1facdd3994b2ad729d9402b9fa1 100644 GIT binary patch literal 21538 zcmeIa2UwHYx;7jub_7L4g(yW71(YHxkcqov|UHL_k15iAs}Z zhAuTKAR=I-Lnx6h9TG^-n{UOLz0Yi&ea=4n`p^Gg|MeZD8QxW%c0c#?tObH@!Dqx~ z!!rhF5X+V=L+FEl2thC66k^qil`B`SSOq?`n4OxM8(C$M8(9m zY}+NdW$O+JF|qA?w(pRZMk0}0BxU7gW#o6sAZ3J;ECWMDR*P&}vu2abRj*Cw`I#$tOUDUvv%Ej@Idiq#PVe; zRxAhm2LgbnL%`1wE5%lc?>T&8^%j#$BC?)a)qahBwnpw`{u_z&E%Wl~m%VPRUAIkg zyVMSay^8zxD`{vR(K>qU_^H!+XE6E(hNfm0%q=cjTG?N5aCCBZarM6L#D*2ifbmv{A?f!(yGmu?7|9@?-rRDoNcl?a75Qh zKfyFaP1n3(&UCI<;R8DrUeQ_f0`WXz-~XRJmK~rs4pSpMeDE^<@eQ>Dc7)sk`8}g_ z$^Ga!CiEG}S_-`#dn4p_r~}WDmdYXwA8~t7QK|QWM>yhN7XKR&{qs_R>!GZ>OwNHP z9>0>DMeoXpw#l|!C9bNAdq&HfA=+EEY{}?=;$Syl2s@tpT%x78rB%-Rw0jxZyX1BoA7WD|0ihr3Tf!1= zdvGUzyO1t=cS*^i-HqFx$`3^T|+9bF+noD?7&%Sn+t zI&ThB@06E38SG_w5L=ry-H&1vIgGHY3o`;lkVEh?Plp^A#c57lE+dWqdf4@d(%6%O zbDpF8r#Cf{WogW7ebDVA0z}n?rBsRNAk3`cK>0<|;Qdpu7<5-F$)R|$WShE;e5V$g zKFhsTQi_~M#-gVah%FwsQx4*!{8bvQ{evT^N$a^D>_Km--h1g=~ zgTc0EccvQ0uZGixqqrw6j5DT=l*TiT_i0(g@3>u6e&Pkz)l!}vs`pU;SbqVbl;Jrx zdpzLmLY%`%aYK`8u14si<*U`-5RokUf*o=lrOzMwq3VXNcOzX@WrRK0`jZFSO_8sG zrhQZ$;#k~qp(0Vc`Qm+`?!>(X&o5*s8M9jJW`}+1E#jv1liv7*B)ckbz1cGB&r~XwK-rR9MViRa;=y zv%0T>_o`RikXi+?*1$WK-jkd?ZWX?ljjYx3kb^`RnsWk#R8E*Ys--dFzAJrfgd07z zJyl}V4_SnK8w4#?%O{F5p@LZfg4JYfm>54r(VH%I5w^?uzFuzz$y5X0I}8-c3cl;v=h!~ z#(##|itg)LTCwqs# zmhmW%jkp7Nidy3c+p>F6BlDJjNs{fT_b-dIH2LiE((X2gK??emBY2b^Hk$$WeX0u(AZ}Pw zVNDEA!{V(6XS<33F^?6_;>>se|HMgAWFz|mJAvYkhkl~29l2K-y1O!@I!S269ch1G zXyfm@{j=_zlKxxr;QybO=O2~Acrc4J{jXH;S3{uxRB3-T;=j=IKOa)Jowygz2xA!v z5cETKp*s|Wp(50B#8;nCpu%ha!$b4Fy3N+hl?m_;tw9m~h6ISUSLjxnI#7}5+W>Tj ze~gm=@yeDebiJ=$(?N>k*Jq90>x%0O{e)aMGaO}fKa{2cz54M!aO{&A2HaD@d(V0- ztoqzPmHIU}bkop}P?kn7+_`}s)puuO=;tK+V#H#UT0pgq+6;{U-h0#UY zr@kuT;+W9aNWj;`1&B{Ie{(hi5Vc$8BjGy-$UJdjSZDvf&RrM-!kS#Qi`x|=K-8S( z$qEq9BIp9d%2E=~70+@e+`=s$wu3&$GX;qICNq2bP?_Oh$0VuSog)=#y^S{>u9Zwi zS5tJqAUS)Z(O^Ujl(Qh+%h&kpz5PWT{B!&Kb?BT7ZNaT2z>YhG7)9Wx{;q%p^m}-? zv+#`Dhdh!q`u3L61j)NZX#t{KxDic#0Ro`iLoNqSWqt7@@f`6kqGO`j7D8e2n*U|_ zd2g0zmZv@D6Bj_9RSOJIIhXiU1 z!w0%CZ-+qnL;!$Vf54R1A26ly6{db93D-$+9v=`o+&|(N^qr}M(qs*x0T$+Y&;5^r z;j6y^D8T9zECo3zZ_iATuQVPg|B6vr=)tG(RvuyDoL#U0;Rnli0XQDn@zvk5zWQ|r z@M{2}9&bfCQbP1I7NVca75?+;&Gq+KN%j@oB->tSMoBkKJFFuII>5zSHcJr|@r-bm zk=)(3+60H*S^Tuy07Tnpgq~S3Uw~Xn8c0KxOMej{D8K9O{8!zf{wHVW?T@`8+R%CsIrIv}*21f9nSb(2el}(ZRbk9bF71bIU_3YANY<}+W z66H8E+F6qLqF(o5;E%<7V%lKam&Y3&p&k(R{0MT)`RIV^bJr*69Y50!Mm--M6(H)3 zJu~GdvQ1Oha_@GAUF@tp9H`Mdv8TEKdSaiS^d$>)JbhB#1$VU|9 z#Ts(Ap~bC=$)mE@kaf* zHu-|%7pCp5<7gjG)JAXNQ@+4EzjRXEI~u7!bj??GwqZx>DjP1}FL%%3S=;DUpTJ!&89pZtl1Jh3dC0PT_HRj4|VVMkP(Z6F(jPjoAFWt%Mp*h8)>m0z^hY zFPem0%rJ1<6~p$0uM_(CUCn&AvWcTY_tq^>TFN$q?iHluGBXI1fa!!X6VuM>(RFT1J+PBoe?5H%$fX5 zG%%fdmh7I<-BSlA!X%bXnd|xq-uu)j^pcCk%V09wCEZwnfFSOUo8tn+(}PqdNbdRR zbGO&EyCfEwm(KC1>{ZZ+6}nY`_#z<+-^T1|;XlLX$LhHS_~8~s!(g~&v|oTAA3*a0 zqfTLos-tSodCt}S^3^u+@j!8OO(&7u zrSmpq7f)_uLvTG%tEW<1+4x(pTm0_Cf{8A$a-$M{x)AJ4skNl&#xP%od@hL^Vv>)) z@T!akcWH59ca>AAQw3ZTIqpF~`99zaz$SIF`>Ibv74WCZSU%}U;@AlR0&PKHGNMjF zxgGF%^l!pvUT`-oDRNZfxDAf41c;Y0?a&uc6?R6Q;JT7NoKOnzkv2HMj+1usPJQCL zZr}6BB=6nNBlhV ze{#>4iL&uxhhy`p^2N{$jw0F8Qx88!^4D`0WkU3Rd^~h6za{Mze}qthooleR=p8QM zo{m1{C&CCFOB0Y+%1&G&^ zx2;^Ft?C!ar^a;5m%0c4S$d^}Xy!<-CJ zd*?qJ+#t&qe@dM)V;_5IR*j#L?Bv)$Z-CPcXzJ46cu027z(Wvn!BhjkWU(W?o(h%0 zOJ;GrhTsonqyn!?ve{V5`>2S0xn$GCRk(0DU|{{qghnuCOS^BYLRC>hjNaH)cpd(1 zJ{Obt!WHQa$~o7z2lS~ShxrrY0p3%Rtp>Z!y^FhM*6uz^mrs~kD?k`4^cAmaX3kcV zJ-9{K&(G^kfPXF(%{nawc!|cZx5h7du|4<=O6g7F){Wc`AQZxV>N({8DuaXGy}co+ zFiJUed=7mhVYg|WA)#J83WTjpmyA;%jT&Onrjc10*#xhIkLP=b*z*(RJ?k{QN%N5C zK-LglZk`EB?eTQ&#P-~5bLHCDo^E~$cJZ##t>3Krj7EDKM@dZi7s|xUQUM~qI8as2 zjNca>0Avb{OtQ)o4OQ5gEHx}ZSW1}nn2*vIxmj|B<#hBEp^21dAiXF+&=%Y_5Li>^ zM>H;uGM=A%o+m&!XHuXMnc*<8W#bC? zM06J^UVvD|A;d1cEkSLAFR%-y3D@}t=vu>jGZlFUq3zvU-nvnu>S!>1XPMjL2W$ln z4A_~WI5c+;WbxHiq2Zt-=+$NH?_JC0WsnN;R8KvQ@)IjROE{2z=;Qz{aqa!MYICcb zP4`WhAYlwHW;E;(7gZhai)(rsL??N4iYAtxssEeUPzz*?aVw z`oIe%-P$h?0Mgp#u-Z9!)WjDJ($80HfXeUUXQQ-2H7M0LZeyJS=%_~G5-20DC*AAv zTRXP#E*jmL)!#4OyN4TT{xbMs+m=QfZCc{s9EQPY)IE64G{T(aXO-Hz)>8elEpbA1fnzcO7df`HP|5&DXfT!Qs zRRJO;j%-84dP-M4CU~Moz0HWnQc6}FOvT1~GfDCWA=y(qGG}L1#$x$+&FoBqkCQ5o zeqA^!eY7FHPP#sM^dsm|T~MIS%Ek;0%>gLvqmdY{!@9Sv);n|4jej&y0hKtuEDf3s zu(klr*gR#mAnPEc3a!(FA%l*8+NOio;>*oKZMqfN#y@IHp@%>22YAtDT>R`d|1sMz z8P(%G+FM71MEd)!Ot2_|`)GqCe3H_U>^^1*(?19h?=Mtr%U@MTOz>2V7jB@!lB;eQ zH)d9nVnkMNq`3x@7bh)T~S3q1Ja}}NLmgA3B7Fv^- zJj(JX0j6{{2d*tL8JQ+j)$&Y&B5&!rG7ZYf@kBjQ*nI6E0!dTtHItWSUx2R93B15+E2p zT|8Pgt(%PG6{Pkg^DnQA#!5fQjR_!4VBw6si4=$GXoXq=t#{VU?~qOsW)3}iFHQ&a z^|}G67=9RX^Cl(8@SWz?t1%I}iC;o~0%5NE2z<%$JtR-4jAj0;NDYjk1k5SKHb(L# z_A#7v79M2IZrzs!*s8Tj%k)Ql?y9XOm_pINec3h?JI!&Zt6w0!C)~$oU>Lfx2Iwf) zo2J0(ZU-RN&U9=JV0mm`s4oxoW}J(4x!C+X;sDw)5P4BCAI~hlW}T(E*1oVbvhi2+ z0uV6!9(J^G%nVotI?x!UstT8V^6nbXI+|oXbDdQQvV4H98QfhFW7Yf|@8~kSqwC0T zuHyBIoGOr4Qmcz9N=ss=18=pS;6YWcsbdDF-2ne8VrO+lc755>-Jcfd)IBRp-@;ua zFG`_Di9Nu48F6l0!}b28mLWD^tY_ht8wSCRk=VmuL|v>1uTQ8vLGudvqh|4I<%G$~ zE<#&MflqyMZ3&t_p3p;T8ND-v=D1)AH8{Kpo^wN)0Pz6Hr72if147cOJPe2;`GP7j zW@z8^%#03cz{8IYMHCeWS<2IfOB0%Uq-B~urpPh-#v~+kO4RG&0;L#A%LrXQc2+)! zI-lB;64rV0ooK&-=V*nwIc5)~qu59!0r^1gtSF&PFn{aAbX=tgdNQ)@bUZrf;7>oEL; z3MYk7KSq90nO=N9Qku|6-P|mf>KmWm$M$R-GX-=ap|P}$R}b?DzG*a7B6?(x-v($J;%Wq`qdhi3KUcY@ zU#yo*M9!fXm2@J(+?~*fVV3f}g}O28{s53G&W`3tezL+yCQ1_%1qj=H$M~5&qBA>< zpe0bbyq1e}cbp8&O}dp2Pc@$AJ`^B|DFLK~iH$CL3c2xW7>~>vxvJF>X%k$UT3)Wx zs|W)*Za8zYi{Rp6uTU9JK+hYWcZP%gP`KpLIqs6eqHjV>1CmqvwACN)vLM>FJO5Qa zU7ia&@z&v~6Et=-ynuw+fgj?JEwWvgO7f9$qXSk@^};6!rQnvpvCfSrRg0|oOn6<+ z)d|2H=Va+(=()7)1a-Ebnn7lNFkzAGJJ}k+X*(BjbXI{jfOot!L)~qZO0m-$vu+$y zxP)^t?d@zTH)GJ)@iYNqx_EVFF58!CPa}nbqNpjgCjl#oHYG$h0WZTdJuFDY(D+cR z6d+iQdd2scVgb>0N64H}lYT281{st=U51+)TcHiP24gOzNLtr4AWOzd*x%TMg*m?s zgr$#GO|(hkmxE1&TPJD1(q*(JubRMVg%8q56nGg}LU< zAFM3vr0X94_MT9`A%@qHS*XtGo1lFNIjeNQYOHP~N;}fO8j~&l6$f+qi9J}UIJavw;T@ecEP3xPm(bfKKyXZzLo-O6LR>s;D&=KiR4OnlcWd+(`>CwK9&hE@KT24yZzDRcSn?hsuR$_&n<9};5D zLb)&LgLfV$;9aEH8@%|LfqG>mKW;OLHRB!lGE>|CSW#xm(3r+6gBSw?ey{tb+hY~v zTYDR>iH|fF=wHuDkpOs_`~VFfUlP6Ic7Ai_j7(Pq&o)t`JXaDFFE6Z`_p(ub^iYq9 zb1va70U?TsFdjK?=G!3iEJU90hS@)o!ywzslboX3U=f?lz^v)PSzmRZ_i|C(=>;K7 zq;Ry6`SmbhbS!My8TauygE?RWRTys6%`DrVXky^wBsn{pgw_@y zkU5>L3e|~>NC+6K{ya`6>6RTXc@ufo%(tb%3C4Rek*txYx+F@OxuZ4KzFOPPSo+txQuJ|(il8ewwwS(a>@M=EgjAYv?>*l4M#m;zE* zqt%KB9o00@(8z58NtZf!!6B*>Jz(G`Joo!m6SFPV56LUe;&F}eELP+=%)1_RXgmk| z!iowt>Z10)L~;R(%2Id&3i|-KU}~;!_6Q2G486n2T=aOWv)u?O(}0Koet#Jd~d0`!0)Up=+wiOj(LlZ&ODYI=Y} zC0q!;uY_gKNL&2gLAak{L#lkL`<7?5OA-kp9$*N{3RR=y8Q{zGi@^%vl|Mj<+CL1I zO7PYv^x;P{Y$maav%`GKId57JKdjL{yH8KLs;&zZCew8Dyt>t?9_|c(AO+Bnxt5R# zW%A3x|3~vgFop1fM^lGA$fzzG0CpS8zEG%6K`$kR5MW(Q?@Q8no?U*sQ_RKT7*%z+ z{G1a|-C+#ZP?YVG3A*rBsE%}~QJ)CFsM^hHa^rE(k{M>=L3_g7I`m>JU`?-}4S z2E9K2OQs#veEB{jRiPGV4_L-cP~Jj$*Vw*?C!*^;{6Gr|YT|b6GEedWCE?d*%=HGG z@hd)cF7>HyCS^BQ9=W&~RO+N048t!Get8j)#+P1gpwTpQO*Y0Th*V}t>S<$FB3SB`dMOBn6Kq%`x0yH$;E~4!sJ(MinmB0QU-YJkqc) z&y6r+eYCPM^5PY28SHrh=zokzp>x=@y;}>mQfOmAlicRzBDOoyYN>J&=-a19j!2xI<^1Uw$ zl>|f&7%}1D229~`RJGZ2Vjty=lVqZ&Y9eViz-Lzpshkc#*&ol80Ss&DmBc>bB)Tys zU>|!xi3q+d6ZS`{Z87Kd;F9A)0-0hxQV8;Q5%*N)LIcwk``hGs=>18YGI}Dd2(%)T zNc;s7e=@X8j$dxL3GFhYIHzCgE`7f;zaGgs)gD;s<(l+3y0`N}QHo8q1C~Kl>78Z( zD*v<bz#8gHb*&G|97#h|Rzr>OjC zc=@f8SWvzm%r>$_)w?tB2b!SIhNW2)SF2!?KFB#Bnlx`fhmI?I0RMXmJtEX&3fDa% z{Tx*%R~pGZIfPT2U{-%fJxDW9O|-HgyC`zV$Ek471+2rNV=!d<-5*LN zT5YUDQifURD1t;Lf5nn0fg5*b{KxWA5Ly?ci|`(*i6_$flqBK)UC{x4V#Xkkg&w~# z)(I^|!!-0<`vT4i1A1iDPW@BKLkwJWrVo3OHbRfK&qIBs2zQ z9RSCtC%YP{Oqt_O-B)5%i!1?o05~?a`32U;Z47EuRe@$Nh^hqzxVgSNHWJB~V+Nr| zOPQcywAm(ft~rbh80>tNOw*po5$0a(R+^38F2cLG)kGwx0zV8Nzp-z;Fg`OLQyIww z?K~k77Im2(Z~hcR(O(i(Ii|p#Tq>}_xXXK4v7_RW?L~M+g|utq@OW|wAw!`(@Nx8j zp0M5f22-e>bvLYARPIN>@iRQmCK%Gu!vhzuWJ~T>q+H1ezyqTEg+XYPGw#&Fojjk) zm4TL0Ecm><1BqL(Z8{YJp?=(@SjH5QJ!K`u{V^zh`Z|#f+Q3DbjeZ#dL=G(@w>NoW z7Tsxd&Sbh-H|Vfamm^aj(rU}e&{b=0|9H9Iv=7ae!yES%!fLliHB(B zbt#5+LXUcL^u zU>b|TFh;gQehhj5!>t8-_wlf)rXRGA(#DZ^UV6acJ2oCxnE^7<3^XMAX zf$+?k!-ok8lXkJQ7NeQiuip`NgAgXY=%vsnDE~)={uVR*GYLF6ctItaN!pp0kE66=B^|*J5zTT|#}i zIlSxxrsd6KW>$>8)*P%#JFwHuoFOBV8wWF$wq7wY!1_itLXbSD<6NL4C*!pQkzOb4$i{e}`#zK@U zbS0w%0@qG|Bx{M>-w2liuAf*VHlL_HlIOOQRHVlU!n0O%8Ur$%O4-q(-P1VQuvHBz zmB(qG$ayo`2XdJysC1q4@o-QkeDicE^-D`HKcR`h0(kGug^HPp+VanfNka~!p|k_q zSpK>fHlQP85L^%Qg`J3lHzM|>_9TV;6q4uCs7R5G(#G%Az_PZO3s*eW&bU)lYJM1= z)yAsxNkcERx*JqE#6l8tI9r%H`ZUsS7~QRWwS;4dFef3oX~yAtgIvD_pa4-qP^D)LwWr1OPBW2}m{f8bse_*Y13Dq< zahT8p(sUzw;6i}A6KGLgu!j|J^mne%tPXK8+X{u^7D*MH-A%A7j6$E-t4-9p|o_)*8)7%wz@y1izo8GIHuA zIq2C*e6%8u_JRR)Nckbfa{N^+-yK(7p7N2>*qFcsbDBk*E-c|*i4GvV4u?B1X;uL- z4KM6M$o!2j7>+)Nkyl#7RbI-{HP@G=0uFR4BP7f?7Ua(JoJpf_s5|>%kh-DIMgpoH z8_7p9@qA7WKgVxOfXMr5HpJ3=vSavFTt`N+6gr; zK)AlJR!ltSaxxRGVK7saHK#zA%UQr=0pzT$rot?4$2AT%zq{T8&V%_F#+-_!3VMRj zVD8QTDfJ*HuZo-?f3BgBr9+HQ<=UmolPZeB`0t0ZfZeYR1GH0C=bBGq`|E$OQE{q> zQXOzPS1&+>m_crB!9=y8{i)C_#)4Et00PJ{V@Z96H{QKlE6a7LpKW99TVn< zGgms`7LTpHC}Y^E7@L)TzmA+J-34r!LQuvW^wmltaCX^QnK98lCXJ&o$8ZG&QW=%H zJ^}Wf5r^#g>X6Vh5Je?0tOt|@6GWDo7sb`if`fXd`3_W;Zge5B^4`Z54Y;Ta;KqpMbC>DRz_n+*=i6qyE#6n;y!Lh5*dOrj^jN9wN2*_OHT-r!Jq)OAuN}z>puc_JX!zxKos)FF z8VwiArI|4)_ypAiCvH*J?3EivJ0Ue(;q-m+LWdh|@Quy9#h^o(cf)$+BQFqOt57;z zZaPFT7N#6Gz@kgfg~W?;)>sM<)Q;5Y-!O2&ERxG93OdA?SFW?)<;9NYge72UbEE)n zjy4I9yN^ml##Pt?G;}~W4&3>ghAP2f*z-3tdw4Y}PBBL-%QS$tpkW9u#!7VD^Fvp} zgBb3OQ3@%h*@VsxOu@?(3}^ME=4$RyDPb2D@G2G!Xw8X5ej7vJoC76M1B#^ad-CD+cs zBQqff&?lr_s8XLk9#Wd%$tCq?2oP$84(&h1SjxpRA3&>Chqh5!n8xaX`k8G^oFZ=_ z<^|O@z1AG0U#Aq%UL^GQ>MhROg``li5$+QtXqNQ0s4{%GRi{iD@=b;VQ08a(&d4Gq z8~&Z4iz9^*Zho*vlrnW*wd!nsc}2_^TFo-8M+g^Hg>S}S`bY5n*-=UdDpALi8t@R% z!cC)mTSfkeuP;Fx=wZQ3oGoJpT`f)m-5e6O`o3Hl9bL2sVEs6u8N-Ni0gRe{sltyN zzAL+t1)8~#$Cw${?um!J=P0{X``tw0WUu>GAF&;@j&FLvjizkC zYohD9&QpTKeT5zT6miKhmm#_MvC?<@mPLXHG=-fo7gi zFs4$*BjC<4=%t|H9(KosJ;W&)Ci)W{zOwr1g?aaMCgU6;? z9$wnnJAdZv)L0E{X;ty5y1eti#d~-rp1a#8b3g6O*!4qnqSc|OnJ1Dr z4sMgmY)5+c)Tpz6mWruTj7ncf1$S{Egd4EJY6({Ue^?w{Y6ab0`_h+X5IV zl9(S{G|Y5G-H82Qa%1yyU2O|&K{&|V&X>`T*s`iU%vz)i_jHOvVKiu2ZtEw_6raip zB@gVcETfBt9|UOmN*!9@a28K(zwCRn-V*@BvNLsWmM#B$$$xul&uRQibJ%_uV2%?c z4how#;LT}!SC$we4{!R-mO8!s(c4hY&fu)Lm%i>7hKVZo zlo+qRoXCL5d@V>q|`i9F{x3D;RVvaFw88(m##1O!y(yoYe(!ObRVAjU0>*L_xI&HaoNBaI$asZ zH$CjQ`?IANCRh|4U!2BKw&TZ8$G>^n09@0W8^UsSD5K|p1j?(v!xA7g=7V(-rn@ZS zJydei-?mxV=!oBnf!Fk{-F(L;N31SjjwjcNTime#!4gRc0)+f|#?Q#E1#}Zx=#_p8 zioh!gU%e8;Q?LIA^(>-Un1j$4&0$fVlBO!GpAIhI2R6bt?NkMbw}t0HDHEalc*RsV ze$43!xIV1oPk`@4;(qt&9M9lY3&GGN&lbq{)!CN%ptsrpgH8}7!LhSt7SKPAg~=s- z(F9kpcn5?Fr1rdq?DBZ^VgkfExp&A#Eh`9^nJs%4Ug@6$Tlps#$HL{#%|bhue!my= zpfmubr(Kbt^3H7s-XZf*`W{?r&5rs}^_L_ve|4?^F_RKct4#$6` z1$tXA+hDONRnA6#5?H#~2msao@1{dq{PJ}+MR==dIO&T=81OkNzdSXT0XiuB4JF_@ zIEZaq>Nol}5g^tqCGb~Q0@SlUp6Q+F|aB<3(c%f6eU5|HDW8|AbtB=_6NxkNnMsXrQ}qw;FU* zMCfoIMPR9^S})MV!Ae-Nq59DYcVNlMj?!svHjuI@R0=)24OpiF`;A+q0bBdl|H{Ud6(1gaT)Igd$iO!?XSwEpp(F&^w{eka=LdOWGXDyi~N%};#;OaJAJk8 z__x+gQtg?l4K<5y7|KBt;Ag@WrT`83Hc-)n-wC`NuCit)*6M*+VEDFTJcg`w=XhQ& zUyYLR?J|qs8U<|e9|L9|z?IG^=`7YOR;v zXrKR0P#Th^J>dRxP>uE^dhyUH0DUDOt9AhQ{x)2{54m4Lu9ebvohB7_rYiE@<$|pK z(sv^;XEvJUCqrG_;?A&k-7v#1pss{6_)A+$o-V3 z2K54RLIHQtzVnQ4!VjP_N{FIzAT$7&J-dPAf%7T`B^ZYY#vpk?tm^HIui&-h3w;*| zEX+Tk1E%nIDbL~xJ4w3=04%KyMx&{KnOggSg0&;veI9KC&KpV>RuQk%D>AJ z-+3OVQbZUWUVhZ&OI&c%b-4C79${%caEl8=e1gw*0b)#Z1A+1R4{-U%9eo>mlk=)m zOQc7`U}W*dQMz2$;C*lk@dljb8K}O#@1Wc!rUE(W+o`?@R!-&D#C?>+a>~Pe-IE0<6SM0|U)!2f`MA4#fK7fP!M(P)@2C0( znttC^)5lZr)=i+MIKlc|zSL^g`k`a8TwPN5)nP1mRVm=P|6-aAfwu6P=z!Ze5w}2} zI)n^DNKO~g({n?XsPPDQ(KZZ#O}m@l!^l5{;&H1>uLjUaM&xKW`W!H_B6QDTRhEkL#JQL!O zRyT4HBON?EwBF=7Cet;3M^{AUNayt;z5sET=y<TT{Qvw8ke>};o!eSIxUrK(5-vJ7gK!7TS4(Ym)Pk(-x zowk^kL%Hlw6O~0bQ-6L-H;rwK-|*$FwL^Q^C8+X}<531@#GWBTCg(Z=2wUtX&h^zVi#m1&v>4#|p{i4#fv2nZ%vkCu zJUyl1X?N8aXBmY)?0$LunA!#&NoxhT_h{R(C`05b`|q7Ie^ph~>2v?cT6wx`Q7J9> zk?sREWPDZFYj|6Wj^toth{%besMc1bN0J4s=*>IZZ;-ctP!S5Wz$8Zw?a&cvyQ?D8}tzOzZ0Ua*8=KIi8bTx<0%)PsGin&7H@+b?X4?`&|X>O1sS7o3>pTsUotN%u!u92n2=b@6!K%V&e+^;T}>_td9UVkS#1 zBs~kQQR7W@mmRf#oK}kd)YY*g><#`7CF~asP(=5$E+K1@+~1TH6>@Dpr`;-39upbx z9z&b!hTL`@;2oWJ@9(-hd+qw|7_7Jz#v!K=tH?Qh_?^jSMEAW_a(uhCltB6qx&E2& z^8D(`k$6=d>`T4j_23uk?+~tCpD}vNNh_f_kN>2q5xr-v%EkDmX9+uhARoB61AmuT zOx?yiAF029taW#tlt!LOek+=09BSH}jNK$3r~J0}oxF!~Z}SDy1d52}Tmo988fm-R z;JVS>_U@X@rrqtc&m_$kRNfCgmX932eNK{D5iad*T`fHyb|+Z-rE7U-csj-*B&Xh8 zVi+Um9_^k=8`L}5drmg^)wybRhTI2O)ooz^yvLnT3I8^`j+eOuH6}&H3ufoenh)r` zx_N~xyPq;BFJ*J{hSz~N2dnqVkO>{I?V+2Kyo_WEf4gB<4vgyqg4}#k@MG?)q;N7gc;r{i57PlURuwo&AGzJ6W#7HKF_45=`1uA~YUI`qM7l+`r+L+JhgyU@}iSuSXtp zZV9$vMP^c1T|ZQGUMn(ot7ZDV`{WR&d7?k=J&cK50%Fdt*Kg=2sWCTIiMfr~Mq= z6Rtzuw|9mBjrE-w3i@;ad8p4n;oa2dv7&aK>5#4+8+8Pvt3KV^+#a%@t1P9nMIw5o z{>ZM~J{RP7-E%CmUr30&6lU{Vn-5|0#Bo&CaPxth2b9T#8PDu5`TBW`3>VuGCHXzR zM;HikGbZsVY0!eTrQ|k&l?4s%1MPz{(5cxEeya%y2@t!ugz0t)xdy*->Uc(B)}+-2 zKP{`KL%ov4HxOW!kXGrb${4KK%GB%VyyHTEtH}v$K-F(r(@x8I~WBh>~MOX@~Ag)YW_< zCqVpY-ti`+yn;aS;gN2iNAvZHNc^MLUHFjlXp9MC64h@*>V3iWLHHoArOtFT^2_n1 z=S2RCA5eR<(f{nJG%(k7!oNP(f3kWu7A#`$Z|?CwnfJdd?*H6W|FW`Hk#^a#lN_HQ z`DcE&Un`9Kddxt>-Mv=%zUYMjF{zmj4iTGjghy-UG#cgF#<6LB?1G?!11OF`~0KSdQLI##c$~*A1$tp1Bz|$KMaTEka>s*{Itg| z=+jbw0P%~M#fz(0_81{<=N331bMyzis&F>Gs0D$wOaj?G0Ge9QCg}nMLY8>0n?P?y zD;-hf(Xk(X(IIhn)*}~n!Cz-sX$IM|=zq*zg*qB5z2EmQANuDMka2QS;qUK;>3^DBp-VnSa*d%yssIXB$3`fs(WPs|z+$B(5|F7fzZVMVb^5LXi?6G)0Jtiii|JKt!aYh|)V^ zL=;d|dhdudsnQdY{1ZSAoO|B=@A=<*_rLG^+>o6;Gpo&7Yu2pUlf4NYgaL>_Lq%N$ zBH2L#sewO;Fi6#Y+Q-2bg0!?CK?s5lAL7y*z7VXa1=7~ofMQ*)VqK?Y;Poic98yTWPnJ>NJw{(?I5SvNl8vha~w48 zCMDxy6eU;Gwc2yY?Yh`bru#{`r?`3c>Q!DmF7AG#QHg>#LVtE}&KfDPFF7xOPdU=S z=JeYX56S&a=Z4@v@^4l(dw!i);eU{Nt03xK%kV;4;rrHai-xvdx1-aGs@q1Eq*RUU zyaQvN7T2_oF7JkR>;Te|t;c=>7NU>4s3TxZ}6&m9_ZtLBi4H;XHL+w)Od)5 z9=Y?)NgtL9zVEBgj|=SRtqEjGq-EhWM>YAC@BcodXv+&L$h&p9oMq{DYgpuXu=T>r zv@dDcOvh!X-9xV{78At>b)===c~M3B(@48tvvZA9&Q!&C8hY3?ltr$Es2~H zH{Zq1PNjztpbyVN9TrFmIRf2>&C+D2_HbZpT48gQm=pqp48!H3@Zs7DXq>+H!7LcH z2mxx^^-=AZ8LL+SBP6%>z^`VkbEiZ+_sCR`@2V_00UGPmU;cp#;lLSS(0FMM1N5{b zdMcOzE!?nN8Nlfhpwb$A2but>i5!-FtWu*crnXy-0P(L1?kslhu^Uok_L+@AN9LSe zK?t;6rdR<8t%#TO*#yYo!|joh1QHcR*y^A(h5#*|2|5_sQnPS1R264+nZ2oLR{`sX z=CHeQAvbEygo|^>OFI!D6A={ug_PMZdJ7+5b3pMvm>Qx`*Tag+R1v2L5RNm3SWZ{y z8lPQQ@7#x54JspdSXD2;qrP5tN2uelkY*JbyK$xdMN#@xc ziNqf95+E2p;~Lc`R|;JW4N?1#cahRC;@4`iU8qRxgmNgpX^guZF5>TZ1J?K|duAAB zOn~|nG6_&9ee2RxQUc_P0lhrHVGwvCi-VciAu80@fJIgOC_Z?>GTE-M=V{`hJ%^vQQXO{&axZe?G0Xkf^cyvwiw6e)#1OpjUp@ z1c;U6Ic!;)0Cn#tK;vXrIkFNA^M8D=dRHfDW9HRXb?$Q{%j@_k(S$f`UCn1_PG{HN zs%t}6Q(q#UA4U2XEHt2+o=AL)J|+73I431@c)nECs`1d{6uHN`_tJKAb3777_n-(3 z-_X_Su9(G^0F}}G&5*n8UGbBcj749m%*AU}n4?ZU{->u|I@$szNt(+q*G3h0b`(PV2C51c;ZuH5(uMl>mtjP_$fCnNY~RSY&npc1qEW?_i$0AC>@B zPGT+@`l(2?I(D}mDQ`IHeDA;)vi%*CD%gbZ{uDp2HUhNrG;4A?-p{Ye*1zWXYJb9L?RZIZpa2ffJadLkc}j za^vwn&5PN*r346g&2*~L09LAvT5J^Gij#t=0Ngny)Ut=&#jCGB-Ml<?S}JM^qDWW>|Xjw{<7FJL(G33YB9d z77Ni$9L3}QLlr-}e(p&u0g{3_T*Sa!7Aq9TuQZR(1UmPHFHP$4FTdXN{;IgoYn_;d z1VSfaiZ1<+)atnKF-ZE9x)vGl`pnL-IluqZDKBm@x2Iv(G88{IDi z2zCwHph&x3M@*d9*C7vXFO$x%m#Nmz;6$>4MZI1IsUQ)De?uPX_0*8quwz}G#dR1p zNW|6_v^aq?NaVmlvRRW9`{-AV*m}JwIRAtpCX6JI&>uDHG*>_wf?Pr3`; zn+X4%wsp-ANrS#^YLu8VL+c6WhDIpY%go>mw6f#m#s@${w5_0m{@jKg*g^YNEFwHa zdK#QI`b{iC#1xp66MR!b_7EJhf^5Lq9q3|1Cq#(t2Vn5?SjYRBLjSBJiu4Z$(P*3X zE}l+KphWD_&Wi|77aOF`#Y@(IwCh=Wh=LN)NgxA|={q4@?1EWdp*gKjq^`4G2gJ4CG4Y5Vt*^U!@ z{crc5)YIL`;Iy#;V6{d0+iSFtcJOUAJFT2N46N+7)zMkQotzBdJ|5~wH3O|P7ZC_2 zB0=Eu)6rCLGerk$-qw{J%s{tm34cyks)5!x|QhCAMJ^ljR@MraQ@Ld<} zln_n`_btlZy+Qw!>aPZX0%;>$h`OfoK)C97dLZFj9f#TpIMP4V(p*G%0EhaA`dz@p z_J0OnAEk$hj365DA%V@VUvG@h-RsvRoAHadz};|Y(se8%JVaRmPDCXpf)6XW9DpG4 zYoI;}Isg`czn6@^my9Dzzn6@^myExcjK7zRzn6@^myG{eOU8{nhYRE`5Tp-2AlCs4 z4@eO#9}v(*u!P`*&VmI60`dSKbP*owF%AZ(3r7V)ui6%iFaCIZR9d|a)p9pN6F7vUgNm*<};NAq(!*vRu6 zNoXC@a#e!cJE&c8hwER_Hn6_pXnn$lAErPp=Og3e?CK2nu;TP_c5*?=_{j6G6PE$k z#A*?K&UFwEM|pl@t+SjSApdoA@Zbb1Wg#)?qnx(xR?cv5gu5fBsIVkIAn0ymE2F2Z zvPlk<%9exs5#eJDZ`Q0?hdXV4hR=cB5NzKuJVxQ_w;nIkvVbPN>cQ=^l_mRlG1P? zQBj+VLegRz=uC2TL+h+FYfb8fPPgYBKaW=d@N$(EB-j#!jg&$sn~#^DO$ zVkg8;NJ@#FkdPDka~q((0e{xP2kvC7?BEP{K>}G7q>mljg#L5Ob`+C8P(;PIp=@aZ zx)33Dev2~x7Zl{W#g^NQ0vdpNj*9@R{CfoXxfS-;=5qbnyv1g}>SWX$kRAy4%L;NL z|5*3$5#PhX_P=m6V#^kxiA5Q($cBT_L3D5hQ8|%+s3W?|dZn=*9Eou9TnCgA6Zr|d zwfYyV$zQ{6t^Ni32k1E$2M-0YO&R`F{qIp7h<1N%^Pgdm=z^Sbpd_Q@4hJ_Ql)*=V zxJxP|DhA?}!OvY%p<@y<#1Z%>$e+ks2pb36%l``U7RX=7AZ*%Ld072R=v!fb5?B`< zEb~FARaoB|{maeYEy8cY{(EeI^w5L<7ykRx3P|D|3K61*c)DA|0XX*`VHUt>Y5j8} zIyOe###jK1ScvJ2_l{7rlD=DWo!}d z&Q=}@4$f9~aFI){a637XKWhJ4-i=8QBpV>@5c!qJ5Y_j;fBa_hw{-klUBA`!w>0p# zfPZ_}Z*~1G4g4+O-`@3GU4Kghe+&4xcl}n^-_pR}0{-n?zt#1(H1M~8e|y(&b^R?3 z{4L=Buii!d$5sg31?+!#gN=^Ae9C|kJQTn{x0iuoFZ-U|d)T>|_wHrpKD3{B9Qs!t z5+GsPvuEGIeJuO;v;23SGPp;|`KPB0#C|_z@IU&L!8D_~az~}u0Jjn^ub4WgBBKPw zjR+0B%$Sy(oSrrtliYgp&-RW_yo$$R3rBNJ&CqQVLfzV@ZHi1MhEb_5Jw29KD>NJ*$IW0#Wa@^kxmgBoI_CW&bJU|X`dJv(`lLlb^4^`GeKN=ifONwvy7&Oa}>K!CEsnET87Y67wNCrl69aFOzh5+h|j0}~0@(1d~u za1{9UxatJz4W_O|#>M_~6@1t^->|E`r!XPqbvD-RvX0($Ux>4`u&_uaX9O#WMZuaE zTFZVMSjw9nHF9KTLB?`*`G>?vj$oHD>TYLWj~_TQe1S%JZtiN$ZL#2qy8SN~(}yHF zR%S@~`0D6hRD++)2bSa62+&gG{xy*`)6q=8xmO)$b<;TVPXNw5XO#<|0LiG+?G%MqEoZVAxkuxbUs@+pqi+qj{tGq0wsjHIt#zwvp0 zo7g1Iksn`dxx!nZkiTGbV83)^cT+h5y4=Vl^CE#MWOmi{eTTY@>~|>@gw*|Sc?@$;gJi*2_}sMXsZPk@|y!J`@D>+ECump%jbQK1t9 z3Db3JMsVH`0wi;V9|KrQ0hX5YPm@vU-njftQv6u($i&{C!f#^7Y$t3yokfM8M8Ega zGw$Dt4hYML5D63eVknz=163|EXZ|2s8uanbedIk;DIR zRee`I4IA8IqR?L+LNw8KRd{b`G8|La7`8u>0G$UxNsVZ4c$cMh7SSs#LK}8vxl)8R zt}B+~1&#@cECi8@=&?GJ>&a3mxXpmZ`zNs z5-qjiLFoS}4+?vMI}o%O&(4<_i2t6dP~f5eej2uziC&He?q4a=8`Ck#lZ##-J7;Fr zU0!p$oG-kM$Ow>^cdthlsS=&Fz5N(P*xJZgmw#;69OlRt{eMs0)c36L_D6rPJ=M<6hx!YK4;Xgn6VyyJpL2H&wt7=|8rRUZ^(7u zvdtpQ`9(&ItY0Y21qsszv-$D1-X-1q@lwZt!-+SfSQQY2#%cOpA7t|Fo{unkEKW5i z%tqrcE#|-d@gzgPUiVY(Q+$h=_!LG{zMh!D#Dshr_hdo#o)pXT`)C8g(sHGAIZ z>^p(+vv~2a0>;m5wPb4S6=qnu@PwGZylKaW;rF%3ifO&abY&vv;c3!W!6v<|Gfod7p#?AW;%MCsGMeieZ@_O~&*h#WO1F z_#K+L9p1wjC-8)r#!NmgJ#1l@Xyu!bw-nUh_8V8b4=mldBwtLDSM7o~7jS;25-T1) z@Ib*t**|PCapHBh`Ak{d>5zv!Se+T?qPXyC+Aj(XRI?5SY_0U8=gvRwB@G6%z6o>Y z58>=qe_oYXy!#tL8v=A_rV%yZ@JfL^vX@j_&OLhqPJkYFEqKv4>3K|3oqNozQ@|j{ zcdpk$@Tdq~U%N?R8#DPye2ibLMdZ<3@PzEdqQPk`I+2DV59p)QEivm_USDQheI(xZ zd{e;8!#R%SmiN~lIwjBolc6(D2C|(eeNQq>!FID|&(NcfQuyMv*3UV;X^Hm}`SELy zL~;%+71wnI_L|cBc2|#$zUNglvee*fJx_ri_qvh1tOmL6W|RL8L*Xx`WMjCO!IO0Y zm!5s(VpQuJ$0O!6`|q4VEeWlTG`vQNt<{!_!s;Sz~z`ojJjt`;ykzYjelvPQ8A zC&?aGa*k0dU-FrZvwpSPw7R^jCi)`_`4{2cAVB#ssv*sBMJ`cQWU4}@z zhs4iiT=9$?}cAX_WP_@z^t%R|`%BRF4)V zbteSrU3OHdo|RqJGNLQ&d7>al_ThmJJiKLYFIY$&bXL2z)Axz>8*hO}N~RXdH8!p7 zWls5FA9d4DoSEDoX!heIByivHOk~OBSZd*Xt(OgSAH>?le?&-Y37giqURc>nAzm;M zjNwNnX)8VI?N@*7*eQ56mgS}=Zodu#T%}C&-4a_%JlsDPV))u!EO_cPvrlTkk;r4L z)y@hdNzu90%z(zej*(?$7UzaL-gng(RnLaBmbf!J3gY)j*l`iRW~*LJoB$Hq30GJZd^ zfV5PX^XB94ti7qV%xM~>^xuU|4=IKx-+5bU(XMmnW^%FX*bf1Rp;6AF9?5o7^pW3@-=J-M~z%}#W z>+en;(QW<7^%@DYF`eiI*?q{JL#o!--^5P723sE)=qW(^)&=&OPnOQJVO=@oA<*-yBY>KP3g9YkukS zQQt{q&v@8gleQC;FXZU8pl1e8P$b6D3pHZBVUOIbh zz--j_6*nIL@bf#_D+i1<1DkkOl<6_4rajep?9Ia}cO|A0yxDaHCif;J(yYEc;wAo8 zs*G8D>Roc6Oi?ArO(woNiLgrJ{e_h5m4D7Uasq^WY`I0juk%s6;26q(htTB$&c=J&4lJjIl1_6gO z$l~QmuMWs)Oo@okLVmbDNu}3(Ok5=b`OzlBn-REehM5KcOLIF;;q2m#OkB+{lr+%s zKHRxr+#gGAh_!k`xnNx$0lb>pX2_=UdF>?C)LlbUuGwjaYa=yvV|DfKwt2uYL_;nhcMkEI_JGCZ_iRge)?pxKnh{h*aokt1J z+rsSI-%CAjf`5*P$WpT9d+ODCvLN&n=ibQFg5)b+Q%m84BVZ=scD>dAX-!QZRg@ma zX25a5mB!K9gwHp*>+J>cPh=T8EHWKaQypE0`5mbue0J!35VRT6XG!v~ZxoQIFQ{p} zFx4p@r{<{AMynCm2X*xA5U+V>bM@e9R>wJg$eHW5>ala@_!#N#@PzHN5$*q=a2549 zvTMn3*BSMo8C(>9#Z9Mc=0kCfGMXiWuPK|FxeZEapV4-e&+0Dr{?IRWP?&L8V+e8K zpl8~zTpe3fEvqUut($v~?iyS=-0DT-kdIDL4S2o4fE;@MW(Mo21+^~69V+N3p%<)p z@X87jA&;;_sY^Ljv*TV1*A!IjVD46DLnAA|d;_ zc_g7ZA$h=`oO;h~y7_NZ_Q^J|7o`pefv(OKI{m`AltPddgl5{deR`-7?(Q&@>v^&| zOM(05v~65mrbdt>X;QjsSdgl#HH4((E>~}5Rz1k1V_2s4dJ7+6anw$}er8`h`V{e>P)%`!W)NL# z%c?7kj#ssVMY4ivg~#lx;LQ72BQaESHvvjGdNR8P-I&&`Q^5tTJS%^~^oVNDJ8vyp z3RByr1G{RP247p&DN*1)>L@f&u%;fQ?U~j=FrhDfwP{$jVj(~*BTnu2u-_#q3SXv^ zRaAz=_*+ZieOoM!SSJmCuZpF!2k%Kqw+?10Y|QOf4=l@)qEKR^6-cx+G*MHgX3tpb zufQKVZ#)uyvN<1p*?yrbV2O@%CY%Qg)5^!+$be^Ixl&8(Nh&M9tTofQbhX83EL74x z6v}v?vZ_}N#J}DVXj4m4gONLXJ7G%9RqK9f)@4cYSee*%JSN51y3ejlmd}2l+>@RN zU1mpqd&Fl6zlP?#BacXz0tBjF&~!*EsP80k(jK6VJ3^b0^Qu7W3Se`k}Q6^ zy%eok<{fzg%f;dU-y ztX${NjRZHgrgMD$eN)`v-3YbM7%DS7bUvl;d*!XyQ{%^#eMck8oz0+I)^Jx?*bVoA z&zDg=$;YM`+SO(S_nmB=YFMTcVr(~5$S2%J^bCV`%9<~jFOS8f4{&9ix>IMSMyB(g$FY~= zdEexkUcZj(;4=4#Lh-snSQ%`l_Eho@H3t4+#QFqL zaMw4ePtU~5^Jv!*2gvuXqhirp<{QmB4T`J0ij^Zwu6Rq`Kpj4t-^T4&{dkV*eJCrF zN_SztZQ?AWV&kPH>N|W?GS4vDht5Bnqw07wSn}`^N+ZuNi;LIIu(pm>mfxYHw~;?b zKR3FKw76D26uqb}S>rz(I<9wb!Q`6wl~A#HK8Cs=vAaL2J{1oq?TsYqN;niHC`R(o z2kBK_>@k=y)}MWY<+-mfpM#KCgcj42#6zr<3S6f@d2{Oyr5?So*13{8nCNLs?;6E@ z=QgeHBVDEC*$dD1;P2h#4os&_VwH}6D@x%Jec4OgZd+3H9scFPmUW|QRF3udb_4^_lC4P(UI>gwL%p21xaASY9%x7`?N8 z@T1H2nsDubn)lS|Q8QKnHaDQ1SHT(=E~3~|(|331NEWlFTp}iH?(}}|d`bP@F0yZn zZsb&LCwiioGNgKQ3vZm zx?lFlo;uZqjjvfx*`wa68n}M(=5gfKefC4Y?860;SIgY^B)XiX2?Yl|;QWCA35?LQ zOcS8`Xc2QckwX)6SfgXHc>n&j)l205^7WA?Y4-#je{PLW6Mv%^@m3dGGp{-nojUE- zG7Fo~monrKe;4$G08O;CX*QtleTrZy>>I?RA77&=<2}Kv?EaWsRQswj>Rf&a)E1&D z%#WTfwD*|LKUB2To*>z&kDh4rbDz(TZFKS&F#Z05kGZQ#ect;icrlN&z6{9Iogy)L zD4!};R18kb7pBtG_@O1K*o{oQ>aHOgnRfbV4?|je8gJUIut0aFqw&@HCFQN08Rkh~ z{-koct#O>A#M!$xF*QoK;7#-aP7W~%-NKxiyU|mhI9|aHsnpxMbb4Qm5*qrB7ds%p z?H?^cYxhmbJ2rACibv}%SY7Z3c_l}dKx5F=kJRdVR0Z!BLrCrF%kH)5u;|=TQWrD~ z($u`UOTj|$yjRYSh5_jt*98@)S(!4}Pv7r6W@;MeNKeNh51V*!E4A3MkX)$Mt#~Br z$eowtvPI8%Lud7H^w)K!!W?U7Ba;oX#NHQ{EHxe)EGVkb8I>*I_e6M0>O6QbmDNT` zR&z~;C*_dA$0}x4oO%mcaNpF`MKUvrQUN4pomv zq)Vt+nI!iG-B%#JImMBTLM$g0Xix=})5K{$u{lKIh*IemYMoFxCW6Hpen5?-vFGUaD;eMLz4cJf5TPqejkp>*7JZ-sJB`7%#!mbzk2 z$5hg%ZgyoP&L+dm^sG&_JbpP|P9t(EfTlq}x*#{t>kSEIVZv((jR!n3S;F3a{sL9c zy@kRg*g|kixIv*1))K!#K_dp+BT$_s)zD`TM{rN9{Ze4+*!^d7I>olx$0A;Mn|$F^ zw2>_ZZ&)%2_)gbwf8>-`2V08y4}k@kI{Fw0t;=dN+J3`(x(AZ19UV2VcTG1KSZaF3 zh`)318#`3ICt002BSaF`bAeq$_Lft#QyAk@%ctk9y6pMRhP>nn$n@n2Zijy=jC(W% z^GK=~tjv)teOk;A+0#Dde4#eB8QeMxE`0k;s6qSbDSpfc!4BDGH}Y!*%aG2}>j+!< zZ*SE_hmxB*+pKFV^k2oD|-Rq;4r5>OZwEOy~?0M*CK*l2VziN zib#89aa5|MO@=3eGVG3iT58Mier!As$#4e&dM%&^UC+KQb4oqG49hO9>+0?Ch?Ryk zXPIY8-_bnZ%`3hdy*v!;#i-7%rxD{O2olq%BR`j25$bv+v2P?~wN$B{ca&9Ki($u8 z?~PX*QuZ6W=^rXbt*PF6t+aQM+M+y=nT#nSwZr9WX;y7w=u#^;zSML<1{SyL)7*!H z(gbL(6*c-XCS7-}Lr=*z9rY09NoXZT%q#V4FCW4Nr`7|eg@qE>z5M1>zk)^0Pd(e) z(6cJeD=NUJ?sl}pGwk4+e#uD^8uxn>{RJlMO`eC@s8`IAPqLc9<}chyeZsY$Ii?@! zcp>t`57KcSEix58J?LtaIE%68wNYc0dk&)^UmPo77{}DNW0#8-M(S?yHBVgXoknV2 za(3~r%f!8-3vLRvg?r}a2ZfqW1|}pghc#hfb&IH_ZhS#`+>e~OqTngG{({nD=9}ab zC{27Yzo;mq=ocIjvKAnQPIJ-|MTdIsponM=x-x z)MuK6d0?hE7E_2X)ym82@jcLe#Mh!u-1<5hP%Zb`yY~LD(9g>ig;Lkdl)&v;2SLiO zG2Zt$48;i0v=VBHh^JoPdJnw-^js8%U&yNH^f_bg!lQjj(1PDO@`6 zGWD8;Dn{~|)DhZh7DuW;Hdbl7`TnIQGcJqa@|ZAG>x-I$*iBJ1VDpy8@xxO1E*Q3@ z{8In97yAqcmShb}(-rYer#@=kP8^A2CVl*2d1pfMsDvQ(GJnr2owfE);Jt~PV(=1` z4*S_P&Em^1LqsmqI(iE8K^z~E;m_)-YI$@Wg@lGBDr@j}4fX=9`t+}6#}XiSu+DMj zz)fgwGgS<-z=s$7D_Vda1N%K%O<3kaFM-YHzEt$cYdc)+h7r9PIzuORbkU}Vk6;pA zBx-w$$7VXB$bBQHEsks>7_p5;TGy48{!|<{Oew7_3=pkBrD$oZ2o2wLhNr!nL|SsR zEi@%&yZhBuqds4)$ActMFR<*%(S-3~}0 zTg;Pug*r=&Sr{&;mMHJDBRvW3BdE{!&|3-p(su!V1NhE5@aw8$#nI?GyKnlNwuOQkVu9d&>BrVuQz9UsFDUT^0PTh0*KS`efH zuKZ`zEpELHHEla8aTJvH&)Xd?cBpmozFUu9$S9s@{S5Yp>2Y9FY35YLwjORNETp|9 z4gmY}iwJ>H%`S>H6W}HfV5_-XhJz^zo{bY$#lIUy0l(XF4aSaUIRKR05=u0*F!|9m zxTFm|r=@J+wN1|pY3t)j&d;c}x3rU_27i<&rw*q0;j|bth1EC*ZrqgP4_+Eu_-YvJ zt`VNLTkF`O9Rd2x6K54`UC^_3Ai5fcZFQpUF4Yo6hK-muC7o!~WCjoaKN$fDaK&NN z7L)xP1sg+Vt6zcf6KdX5zfC*Z3NJ=N#Wo{{=@v1!s!D?xX39^ajgU|~7kD3LWdd$o zyFW9Qw#BS-ZUNZq2>Oq{ZbLNV&MW!WQ#v{^?FMVw96s6#S)=sWvmjkC{eSVs$<5P~+~fC4S(|SM;_O60=TtBf&meMgMpW4&01FQ=vWwqnb%^0R$+mE%2Y& zhR9M0?{psj5Y>&s#7kp}A1H*X?Iu7wQOijd+qi5i5Lwy-AK;8!x}Ob8kq7V7<=Trj z`oYXqEcJC9teHF=C&7+Z8VGD1kHbKS-(I>2?AnFER7A{@W;3IJb;fi#3}12#D&i}_ zc(~=e6?%Ld?zrYn{+<~3CJw`_ou}V$OmN_YALGnx56Qc+v(N*(Cj7Ns_15RU0@cR*%f-$(t|xpEjDC&B-mr(;1xQ}#RUZOx})eTavqOvS+-s z*r|6Z5I;2eoW*#@w;8*{BSqzi9^pja?9wSA&z5tJ9OpXs8R8b@JtfMKB&QvCrkx3G z)BD30(W~c=;}wYaB^JL8vjO*v%13>jBIe<#MyKo5d1b2e2cPdsKHB7T)hkA#ZS1WN zhx*6S=iTfk`S1(-L<7tjo?G{l`5a&!E1$`%*!yrr_(Z|6UgW*N!fb_y9c{S;NN2%6 z%>tdC0@cQKmL9!ddEgFxn`WzmNORy~ANfLIWe(k|tEz>L3r`-e1*@=2bDEHH^U%I6 zBKdCI--F}FV4|)Brxj12bo{b>h4RuPg+|sGNh3r0E7n z+M36naW3`G@4k>jvG16#1KbIi$;|W@gKN{3n)N zt~|#FH(R`|IhW-7f?;$=J9@QVvmXOnL60=)2YF7`+UYE~b`90JSm*L4=PljFge)FK zfSH222&2H;@h}ViMzqcNJGqu@oTlZ1TgS}sq5SkgqcQ659il-JkoK*w&Y>ub4rZt* z;_-B0DAx6JAqsYP&`)*s9JZ$)>x?{;yKL!}9BDbFKmPR<-dc(PJwVl)=j{@8>ky>9 zup?+M>X2&sREEH4!u>~+!LF`PFt0!CZ9Y$`L~6={>GRi`!aL%r7<6O3jr>rTm^$3P zdqx{jjC12CGVr^uwAGDEAN0CX+$yQOf5*sv`kvw@q`Y#TjP_2=BhG~mYTYIdLPB;J zp~dpmf(Jvge4o&H`i}?JyllF)+QOW@Wzq{fbi7BLN++88mlQILCJb^+Dhf?3qW6iu zemZ}y*sj8nmGyYYl9Imv7wIfgL3Rr&qx$t##Z?{5S`D(q1l>USXM>?9Zu6xNZ>5asb0CumL=QH{XGZ;ssC6O~& z)h>CG*WSwUaUdhT!cxJMCnKd@Te#G1BAh2x^|-AhtlrZTZM*QGu`+AfvnP(tt?S_V z$Dfng+Y9kgFbqvd8`ZmVj_2Zg#v;w%_CMw>gZj( zc1XU^$kQdOI#9Ih#M3ejchOlVdG>1g&o0^*B#lQ8ATr#RMEf=ILNJy5=GSXS1fG}A zRVlqlJ(;7rV&n(Yz0`l&sAa;%9{fuCGi;P=Xkf^ypqM$=*t=;s5@*+0F)onSzVIet z#R-KgsW$0LZos^=PLCu&yHxS0YU3x#8qS!YD|eqhi+L6i=bvnmoH4;W!IRz(%FnL^ zT?rB>24%q~pkV_r`&nFzx)xejMAu-Eagk9U(W2RMPF@)gngRH~PG>7aen7`@gHDC= zgKj`~uMS|qD~VICIIRyF{(|9u1RxCP%;KNw%vZAhxYV|^$~*Z(U1jDx`uhomz_VcG1Ac}fnsJ3q3IDBpt@)Kx8)cLtR@Zsb!! z!A5!a8sUFrr6~Vy{(EZC`9Gz#7Lc<4Hu(Q3ll}XLs91gGm&F64!=_8QQ~u54l@g`J Y$GxB4tHH^%tDpBOAQxg(*CBNNKUm;}!vFvP diff --git a/ webgoat/main/project/WebContent/main.jsp b/ webgoat/main/project/WebContent/main.jsp index 9909203c5..fdd114c11 100644 --- a/ webgoat/main/project/WebContent/main.jsp +++ b/ webgoat/main/project/WebContent/main.jsp @@ -100,7 +100,7 @@ StringBuffer buildList = new StringBuffer(); String[] stages = rla.getStages(); for (int i=0; i - <%=(rla.isStageComplete(webSession, stages[i]) ? lessonComplete : "")%>Stage <%=i+1%>: <%=stages[i] %> + <%=(rla.isStageComplete(webSession, stages[i]) ? lessonComplete : "")%>Stage <%=i+1%>: <%=stages[i] %> <% } diff --git a/ webgoat/main/project/WebContent/webgoat.jsp b/ webgoat/main/project/WebContent/webgoat.jsp index 007a8ab0b..f279ff713 100644 --- a/ webgoat/main/project/WebContent/webgoat.jsp +++ b/ webgoat/main/project/WebContent/webgoat.jsp @@ -1,103 +1,124 @@ -<%@ page contentType="text/html; charset=ISO-8859-1" language="java" - errorPage="" %> +<%@ page contentType="text/html; charset=ISO-8859-1" language="java" + errorPage=""%> <%@page import="org.owasp.webgoat.session.WebSession"%> -<% WebSession webSession = ((WebSession)session.getAttribute("websession")); %> +<% +WebSession webSession = ((WebSession) session.getAttribute("websession")); +%> -WebGoat V5 +WebGoat V5.1RC2 -
-
-
-

Thank you for using WebGoat!

-

This program is a demonstration of common web application flaws. - The exercises are intended to provide hands on experience with application - penetration testing techniques. The WebGoat project is lead by Bruce Mayhew. Please send all - comments to Bruce at <%= webSession.getWebgoatContext().getFeedbackAddress() %>.

-
- - - - - - - - - - - - + + + + + + + + + + + + + + + + + + +
OWASP Foundation
Aspect Security

WebGoat Design Team

Lesson Contributers
-
Bruce Mayhew
-
Laurence Casey
-
David Anderson
-
Eric Sheridan
-
Rogan Dawes
- 		-
Aspect Security
-
Sherif Koussa
-
Alex Smolen
-
Chuck Willis
+
+
+
+

Thank you for using WebGoat!

+

This program is a demonstration of common web application flaws. +The exercises are intended to provide hands on experience with +application penetration testing techniques.

The WebGoat project is lead +by Bruce Mayhew. Please send all comments to Bruce at <%=webSession.getWebgoatContext().getFeedbackAddress()%>.

+
+ + + + + + + + + + + + - - - - - - - - - - - - - - - - - - -
+
OWASP Foundation
+ 		+
Aspect Security
+
+

+ WebGoat Design Team
+ 		+

+ Lesson Contributers
+
+
Bruce Mayhew
+
David Anderson
+
Rogan Dawes
+
Laurence Casey (Graphics)
+ 		+
Aspect Security
+
Sherif Koussa
+
Romain Brechet
+
-
Special Thanks for V5
Documentation Contributers
-
OWASP Autumn of Code
- (http://www.owasp.org/)
-
Sherif Koussa
(http://www.macadamian.com)
-
OWASP Spring of Code
- (http://www.owasp.org/)
-
Erwin Geirnaert
(http://www.zionsecurity.com)
-
Sherif Koussa
- (http://www.macadamian.com)
-
Robert Sullivan
- (http://www.unitedhealthgroup.com/)
-
Erwin Geirnaert
- (http://www.zionsecurity.com/)
-
To all who have sent comments
-
-
- -
-
-
 
-
-
-
 
-
 
-
 
-
WARNING
- While running this program, your machine is extremely vulnerable to attack. - You should disconnect from the network while using this program. -
-
- This program is for educational purposes only. - Use of these techniques without permission could lead to - job termination, financial liability, and/or criminal penalties. -
-
+
+
Special Thanks + for V5.1
+ 		+
Documentation + Contributers
+
+
OWASP Spring of Code
+
Erwin Geirnaert
+ (http://www.zionsecurity.com)
+
+ 		+
Sherif Koussa
+ (http://www.macadamian.com)
+
+
Erwin Geirnaert
+ (http://www.zionsecurity.com/)
+
+
To all who have sent comments
+
+
+
+
+
+
 
+
+
+
+
 
+
 
+
 
+
WARNING
+While running this program, your machine is extremely vulnerable to +attack. You should disconnect from the network while using this program. +
+
+This program is for educational purposes only. Use of these techniques +without permission could lead to job termination, financial liability, +and/or criminal penalties.
+
diff --git a/ webgoat/main/project/WebContent/webgoat_challenge.jsp b/ webgoat/main/project/WebContent/webgoat_challenge.jsp index 9d4b4fe56..b60683360 100644 --- a/ webgoat/main/project/WebContent/webgoat_challenge.jsp +++ b/ webgoat/main/project/WebContent/webgoat_challenge.jsp @@ -7,7 +7,7 @@ -WebGoat V5 +WebGoat V5.1RC2 @@ -19,7 +19,7 @@

Thank you for using WebGoat!

This program is a demonstration of common web application flaws. The exercises are intended to provide hands on experience with application - penetration testing techniques. The WebGoat project is lead by Bruce Mayhew. Please send all + penetration testing techniques.

The WebGoat project is lead by Bruce Mayhew. Please send all comments to Bruce at <%= webSession.getWebgoatContext().getFeedbackAddress() %>.