From ca2dfa27d1cd84b1a39d44b5ab9892b479ff7e42 Mon Sep 17 00:00:00 2001
From: "sherif.fathy" <sherif.fathy@4033779f-a91e-0410-96ef-6bf7bf53c507>
Date: Wed, 1 Nov 2006 02:26:51 +0000
Subject: [PATCH] * Log spoofing lesson this includes the following file:   -
 LogSpoofing.html   - LogSpoofing.java

git-svn-id: http://webgoat.googlecode.com/svn/trunk@27 4033779f-a91e-0410-96ef-6bf7bf53c507
---
 .../owasp/webgoat/lessons/LogSpoofing.java    | 114 ++++++++++++++++++
 .../WEB-INF/webgoat-class.properties          |   2 +
 .../WebContent/WEB-INF/webgoat-lmc.properties |   2 +
 .../WebContent/lesson_plans/LogSpoofing.html  |  19 +++
 4 files changed, 137 insertions(+)
 create mode 100644  webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/LogSpoofing.java
 create mode 100644  webgoat/main/project/WebContent/lesson_plans/LogSpoofing.html

diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/LogSpoofing.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/LogSpoofing.java
new file mode 100644
index 000000000..ed689d92a
--- /dev/null
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/LogSpoofing.java	
@@ -0,0 +1,114 @@
+package org.owasp.webgoat.lessons;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.io.UnsupportedEncodingException;
+import java.net.URLDecoder;
+
+import org.apache.ecs.Element;
+import org.apache.ecs.StringElement;
+import org.owasp.webgoat.session.ECSFactory;
+import org.owasp.webgoat.session.WebSession;
+
+import org.apache.ecs.ElementContainer;
+import org.apache.ecs.html.Input;
+import org.apache.ecs.html.P;
+import org.apache.ecs.html.TD;
+import org.apache.ecs.html.TR;
+import org.apache.ecs.html.Table;
+import org.apache.ecs.html.PRE;
+import org.apache.ecs.HtmlColor;
+
+public class LogSpoofing extends LessonAdapter {
+
+	private static final String USERNAME = "username";
+	private static final String PASSWORD = "password";
+	
+	protected Element createContent(WebSession s) {
+		
+		ElementContainer ec = null;
+		String inputUsername = null; 
+		try{
+		
+		Table t = new Table( 0 ).setCellSpacing( 0 ).setCellPadding( 0 ).setBorder( 0 );
+		TR row1 = new TR();
+		TR row2 = new TR();
+		TR row3 = new TR();
+		
+		row1.addElement( new TD( new StringElement( "Username: " ) ) );
+		Input username = new Input( Input.TEXT, USERNAME, "" );
+		row1.addElement( new TD( username ) );
+
+		row2.addElement( new TD(new StringElement( "Password: ") ) );
+		Input password = new Input ( Input.PASSWORD, PASSWORD, "");
+		row2.addElement( new TD (password));
+		
+		Element b = ECSFactory.makeButton( "Login" );
+		row3.addElement( new TD (new StringElement( "&nbsp; ")));
+		row3.addElement( new TD(b) ).setAlign("right");
+		
+		t.addElement(row1);
+		t.addElement(row2);
+		t.addElement(row3);
+		
+		ec = new ElementContainer();
+		ec.addElement( t );
+
+		inputUsername = new String( s.getParser().getRawParameter( USERNAME, "" ) );
+		if ( inputUsername.length() != 0)
+		{
+			inputUsername = URLDecoder.decode( inputUsername, "UTF-8"); 
+		}
+		
+		ec.addElement( new PRE(" "));
+		
+		Table t2 = new Table( 0 ).setCellSpacing( 0 ).setCellPadding( 0 ).setBorder( 0 );
+		TR row4 = new TR();
+		row4.addElement( new TD(new PRE ("Login failed for username: " + inputUsername ))).setBgColor( HtmlColor.GRAY);
+
+		t2.addElement(row4);
+		
+		ec.addElement( t2 );
+
+
+		if ( inputUsername.length() != 0 &&
+				inputUsername.toUpperCase().indexOf( System.getProperty("line.separator") + "LOGIN SUCCEEDED FOR USERNAME:") >= 0)
+		{
+			makeSuccess(s);
+		}
+		}
+		catch (UnsupportedEncodingException e)
+		{
+			s.setMessage( "Error generating " + this.getClass().getName() );
+			e.printStackTrace();			
+		}
+		return ec;
+	}
+
+	private final static Integer DEFAULT_RANKING = new Integer(72);
+	
+	protected Integer getDefaultRanking() {
+		return DEFAULT_RANKING;
+	}
+
+	@Override
+	protected List getHints() {
+		List hints = new ArrayList();
+		hints.add( "Try to fool the humane eye by using new lines." );
+		hints.add( "Use CR (%0d) and LF (%0a) for a new line." );
+		hints.add( "Try: fooledYa%0d%0aLogin Succeeded for username: admin" );
+
+		return hints;
+	}
+
+	@Override
+	public String getTitle() {
+		return "Log Spoofing";
+	}
+
+	@Override
+	public Category getCategory() {
+		return super.A6;
+	}
+
+}
diff --git a/ webgoat/main/project/WebContent/WEB-INF/webgoat-class.properties b/ webgoat/main/project/WebContent/WEB-INF/webgoat-class.properties
index 0bcd1bd58..dd4748d5c 100644
--- a/ webgoat/main/project/WebContent/WEB-INF/webgoat-class.properties	
+++ b/ webgoat/main/project/WebContent/WEB-INF/webgoat-class.properties	
@@ -15,6 +15,7 @@ lesson.RoleBasedAccessControl.hidden=true
 category.Cross-Site\ Scripting\ (XSS).ranking=41
 lesson.StoredXss.ranking=10
 lesson.ReflectedXSS.ranking=20
+lesson.CSRF.ranking=30
 lesson.CrossSiteScripting.hidden=true
 
 category.Unvalidated\ Parameters.ranking=51
@@ -29,6 +30,7 @@ category.Injection\ Flaws.ranking=71
 lesson.SqlNumericInjection.ranking=10
 lesson.SqlStringInjection.ranking=20
 lesson.CommandInjection.ranking=30
+lesson.LogSpoofing.ranking=40
 lesson.SQLInjection.hidden=true
 
 category.Improper\ Error\ Handling.ranking=81
diff --git a/ webgoat/main/project/WebContent/WEB-INF/webgoat-lmc.properties b/ webgoat/main/project/WebContent/WEB-INF/webgoat-lmc.properties
index 273c3a069..8874724db 100644
--- a/ webgoat/main/project/WebContent/WEB-INF/webgoat-lmc.properties	
+++ b/ webgoat/main/project/WebContent/WEB-INF/webgoat-lmc.properties	
@@ -14,6 +14,7 @@ lesson.PathBasedAccessControl.ranking=20
 category.Cross-Site\ Scripting\ (XSS).ranking=41
 lesson.StoredXss.ranking=10
 lesson.ReflectedXSS.ranking=20
+lesson.CSRF.ranking=30
 
 category.Unvalidated\ Parameters.ranking=51
 lesson.HiddenFieldTampering.ranking=10
@@ -27,6 +28,7 @@ category.Injection\ Flaws.ranking=71
 lesson.SqlNumericInjection.ranking=10
 lesson.SqlStringInjection.ranking=20
 lesson.CommandInjection.ranking=30
+lesson.LogSpoofing.ranking=40
 
 category.Improper\ Error\ Handling.ranking=81
 lesson.FailOpenAuthentication.ranking=10
diff --git a/ webgoat/main/project/WebContent/lesson_plans/LogSpoofing.html b/ webgoat/main/project/WebContent/lesson_plans/LogSpoofing.html
new file mode 100644
index 000000000..740d1168c
--- /dev/null
+++ b/ webgoat/main/project/WebContent/lesson_plans/LogSpoofing.html	
@@ -0,0 +1,19 @@
+<div align="Center"> 
+<p><b>Lesson Plan Title:</b> Log Spoofing. </p>
+ </div>
+ 
+<p><b>Concept / Topic To Teach:</b> </p>
+ This lesson teaches attempts to fool the human eye.
+ <br> 
+<div align="Left"> 
+<p>
+<b>How the attacks works:</b>
+The attack is based on fooling the humane eye in log files. An attacker can erase his traces from the logs
+using this attack.
+</p>
+</div>
+<p><b>General Goal(s):</b> </p>
+<!-- Start Instructions -->
+* The grey area below represents what is going to be logged in the web server's log file.<br>
+* Your goal is to make it like a username "admin" has succeeded into logging in.
+<!-- Stop Instructions -->