dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: upgrade to Spring Boot version 3 (#1477)

Browse Source
This commit is contained in:
Nanne Baars
2023-06-04 11:19:47 +02:00
committed by GitHub
parent ff3a2983e2
commit ca886b4818
126 changed files with 520 additions and 479 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/main/resources/lessons/authbypass/html/AuthBypass.html
View File

@ -4,14 +4,14 @@
<!-- reuse this lesson-page-wrapper block for each 'page' of content in your lesson -->
<!-- include content here, or can be placed in another location. Content will be presented via asciidocs files,
which go in src/main/resources/plugin/lessonplans/{lang}/{fileName}.adoc -->
<div class="adoc-content" th:replace="doc:lessons/authbypass/documentation/bypass-intro.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/authbypass/documentation/bypass-intro.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<!-- reuse this lesson-page-wrapper block for each 'page' of content in your lesson -->
<!-- include content here, or can be placed in another location. Content will be presented via asciidocs files,
which go in src/main/resources/plugin/lessonplans/{lang}/{fileName}.adoc -->
<div class="adoc-content" th:replace="doc:lessons/authbypass/documentation/2fa-bypass.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/authbypass/documentation/2fa-bypass.adoc}"></div>
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<!-- using attack-form class on your form, will allow your request to be ajaxified and stay within the display framework for webgoat -->
@ -72,9 +72,9 @@
<!-- reuse the above lesson-page-wrapper block for each 'page' of content in your lesson -->
<!-- include content here, or can be placed in another location. Content will be presented via asciidocs files,
which you put in src/main/resources/plugin/lessonplans/{lang}/{fileName}.adoc -->
<!--<div class="adoc-content" th:replace="doc:lessons/authbypass/documentation/lesson-template-video.adoc"></div>-->
<!--<div class="adoc-content" th:replace="~{doc:lessons/authbypass/documentation/lesson-template-video.adoc}"></div>-->
<!-- can use multiple adoc's in a page-wrapper if you want ... or not-->
<!--<div class="adoc-content" th:replace="doc:lessons/authbypass/documentation/lesson-template-attack.adoc"></div>-->
<!--<div class="adoc-content" th:replace="~{doc:lessons/authbypass/documentation/lesson-template-attack.adoc}"></div>-->
<!-- WebGoat will automatically style and scaffold some functionality by using the div.attack-container as below -->

6
src/main/resources/lessons/bypassrestrictions/html/BypassRestrictions.html
View File

@ -6,12 +6,12 @@
<!-- reuse this lesson-page-wrapper block for each 'page' of content in your lesson -->
<!-- include content here. Content will be presented via asciidocs files,
which you put in src/main/resources/plugin/lessonplans/{lang}/{fileName}.adoc -->
<div class="adoc-content" th:replace="doc:lessons/bypassrestrictions/documentation/BypassRestrictions_Intro.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/bypassrestrictions/documentation/BypassRestrictions_Intro.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<!-- stripped down without extra comments -->
<div class="adoc-content" th:replace="doc:lessons/bypassrestrictions/documentation/BypassRestrictions_FieldRestrictions.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/bypassrestrictions/documentation/BypassRestrictions_FieldRestrictions.adoc}"></div>
<link rel="stylesheet" type="text/css" th:href="@{/lesson_css/bypass-restrictions.css}"/>
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
@ -59,7 +59,7 @@
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/bypassrestrictions/documentation/BypassRestrictions_FrontendValidation.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/bypassrestrictions/documentation/BypassRestrictions_FrontendValidation.adoc}"></div>
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>

2
src/main/resources/lessons/challenges/html/Challenge.html
View File

@ -3,7 +3,7 @@
<html xmlns:th="http://www.thymeleaf.org">
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/challenges/documentation/Challenge_introduction.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/challenges/documentation/Challenge_introduction.adoc}"></div>
</div>
</html>

2
src/main/resources/lessons/challenges/html/Challenge1.html
View File

@ -3,7 +3,7 @@
<html xmlns:th="http://www.thymeleaf.org">
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/challenges/documentation/Challenge_introduction.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/challenges/documentation/Challenge_introduction.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<div class="attack-container">

2
src/main/resources/lessons/challenges/html/Challenge5.html
View File

@ -4,7 +4,7 @@
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/challenges/documentation/Challenge_5.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/challenges/documentation/Challenge_5.adoc}"></div>
<link rel="stylesheet" type="text/css" th:href="@{/lesson_css/challenge6.css}"/>
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>

2
src/main/resources/lessons/challenges/html/Challenge6.html
View File

@ -4,7 +4,7 @@
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/challenges/documentation/Challenge_6.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/challenges/documentation/Challenge_6.adoc}"></div>
<link rel="stylesheet" type="text/css" th:href="@{/lesson_css/challenge6.css}"/>
<script th:src="@{/lesson_js/challenge6.js}" language="JavaScript"></script>
<div class="attack-container">

2
src/main/resources/lessons/challenges/html/Challenge7.html
View File

@ -12,7 +12,7 @@ f94008f801fceb8833a30fe56a8b26976347edcf First version of WebGoat Cloud website
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/challenges/documentation/Challenge_7.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/challenges/documentation/Challenge_7.adoc}"></div>
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<div class="container-fluid">

2
src/main/resources/lessons/challenges/html/Challenge8.html
View File

@ -3,7 +3,7 @@
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/challenges/documentation/Challenge_8.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/challenges/documentation/Challenge_8.adoc}"></div>
<link rel="stylesheet" type="text/css" th:href="@{/lesson_css/challenge8.css}"/>
<script th:src="@{/lesson_js/challenge8.js}" language="JavaScript"></script>

12
src/main/resources/lessons/chromedevtools/html/ChromeDevTools.html
View File

@ -4,22 +4,22 @@
<!-- 1 -->
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/chromedevtools/documentation/ChromeDevTools_intro.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/chromedevtools/documentation/ChromeDevTools_intro.adoc}"></div>
</div>
<!-- 2 -->
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/chromedevtools/documentation/ChromeDevTools_elements.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/chromedevtools/documentation/ChromeDevTools_elements.adoc}"></div>
</div>
<!-- 3 -->
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/chromedevtools/documentation/ChromeDevTools_console.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/chromedevtools/documentation/ChromeDevTools_console.adoc}"></div>
</div>
<!-- 4 -->
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/chromedevtools/documentation/ChromeDevTools_Assignment.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/chromedevtools/documentation/ChromeDevTools_Assignment.adoc}"></div>
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<form class="attack-form" accept-charset="UNKNOWN"
@ -35,12 +35,12 @@
<!-- 5 -->
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/chromedevtools/documentation/ChromeDevTools_sources.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/chromedevtools/documentation/ChromeDevTools_sources.adoc}"></div>
</div>
<!-- 6 -->
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/chromedevtools/documentation/ChromeDevTools_Assignment_Network.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/chromedevtools/documentation/ChromeDevTools_Assignment_Network.adoc}"></div>
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<form class="attack-form" accept-charset="UNKNOWN"

10
src/main/resources/lessons/cia/html/CIA.html
View File

@ -3,19 +3,19 @@
<html xmlns:th="http://www.thymeleaf.org">
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/cia/documentation/CIA_intro.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/cia/documentation/CIA_intro.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/cia/documentation/CIA_confidentiality.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/cia/documentation/CIA_confidentiality.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/cia/documentation/CIA_integrity.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/cia/documentation/CIA_integrity.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/cia/documentation/CIA_availability.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/cia/documentation/CIA_availability.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
@ -23,7 +23,7 @@
<link rel="stylesheet" type="text/css" th:href="@{/css/quiz.css}"/>
<script th:src="@{/js/quiz.js}" language="JavaScript"></script>
<link rel="import" type="application/json" th:href="@{/lesson_js/questions.json}"/>
<div class="adoc-content" th:replace="doc:lessons/cia/documentation/CIA_quiz.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/cia/documentation/CIA_quiz.adoc}"></div>
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<div class="container-fluid">

6
src/main/resources/lessons/clientsidefiltering/html/ClientSideFiltering.html
View File

@ -2,10 +2,10 @@
<html xmlns:th="http://www.thymeleaf.org">
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/clientsidefiltering/documentation/ClientSideFiltering_plan.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/clientsidefiltering/documentation/ClientSideFiltering_plan.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/clientsidefiltering/documentation/ClientSideFiltering_assignment.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/clientsidefiltering/documentation/ClientSideFiltering_assignment.adoc}"></div>
<br/>
@ -74,7 +74,7 @@
</div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/clientsidefiltering/documentation/ClientSideFiltering_final.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/clientsidefiltering/documentation/ClientSideFiltering_final.adoc}"></div>
<link rel="stylesheet" type="text/css" th:href="@{/lesson_css/clientSideFilteringFree.css}"/>
<script th:src="@{/lesson_js/clientSideFilteringFree.js}" language="JavaScript"></script>
<div class="attack-container">

18
src/main/resources/lessons/cryptography/html/Cryptography.html
View File

@ -18,11 +18,11 @@ $(document).ready(initialise);
<body>
<!-- 1. overview -->
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/cryptography/documentation/Crypto_plan.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/cryptography/documentation/Crypto_plan.adoc}"></div>
</div>
<!-- 2. encoding -->
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/cryptography/documentation/encoding_plan.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/cryptography/documentation/encoding_plan.adoc}"></div>
<!-- 2. assignment -->
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
@ -41,7 +41,7 @@ $(document).ready(initialise);
</div>
<!-- 3. encoding xor -->
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/cryptography/documentation/encoding_plan2.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/cryptography/documentation/encoding_plan2.adoc}"></div>
<!-- 3. assignment xor -->
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
@ -58,7 +58,7 @@ $(document).ready(initialise);
<!-- 4. hashing -->
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/cryptography/documentation/hashing_plan.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/cryptography/documentation/hashing_plan.adoc}"></div>
<!-- 4. weak hashing exercise -->
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
@ -76,12 +76,12 @@ $(document).ready(initialise);
<!-- 5. encryption -->
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/cryptography/documentation/encryption.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/cryptography/documentation/encryption.adoc}"></div>
</div>
<!-- 6. signing -->
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/cryptography/documentation/signing.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/cryptography/documentation/signing.adoc}"></div>
<!-- 6. assignment -->
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
@ -101,12 +101,12 @@ $(document).ready(initialise);
<!-- 7. keystores -->
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/cryptography/documentation/keystores.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/cryptography/documentation/keystores.adoc}"></div>
</div>
<!-- 8. security defaults -->
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/cryptography/documentation/defaults.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/cryptography/documentation/defaults.adoc}"></div>
<!-- 8. assignment -->
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
@ -123,7 +123,7 @@ $(document).ready(initialise);
</div>
<!-- 9. postquantum -->
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/cryptography/documentation/postquantum.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/cryptography/documentation/postquantum.adoc}"></div>
</div>
</body>
</html>

20
src/main/resources/lessons/csrf/html/CSRF.html
View File

@ -3,15 +3,15 @@
<html xmlns:th="http://www.thymeleaf.org">
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/csrf/documentation/CSRF_intro.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/csrf/documentation/CSRF_intro.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/csrf/documentation/CSRF_GET.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/csrf/documentation/CSRF_GET.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/csrf/documentation/CSRF_Get_Flag.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/csrf/documentation/CSRF_Get_Flag.adoc}"></div>
<form accept-charset="UNKNOWN" id="basic-csrf-get"
method="POST" name="form1"
@ -23,7 +23,7 @@
</form>
<div class="adoc-content" th:replace="doc:lessons/csrf/documentation/CSRF_Basic_Get-1.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/csrf/documentation/CSRF_Basic_Get-1.adoc}"></div>
<div class="attack-container">
<img th:src="@{/images/wolf-enabled.png}" class="webwolf-enabled"/>
@ -54,7 +54,7 @@
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/csrf/documentation/CSRF_Reviews.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/csrf/documentation/CSRF_Reviews.adoc}"></div>
<!-- comment area -->
<link rel="stylesheet" type="text/css" th:href="@{/lesson_css/reviews.css}"/>
@ -121,15 +121,15 @@
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/csrf/documentation/CSRF_Frameworks.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/csrf/documentation/CSRF_Frameworks.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/csrf/documentation/CSRF_JSON.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/csrf/documentation/CSRF_JSON.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/csrf/documentation/CSRF_ContentType.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/csrf/documentation/CSRF_ContentType.adoc}"></div>
<script th:src="@{/lesson_js/feedback.js}" language="JavaScript"></script>
<div style="container-fluid; background-color: #f1f1f1; border: 2px solid #a66;
@ -227,7 +227,7 @@
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/csrf/documentation/CSRF_Login.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/csrf/documentation/CSRF_Login.adoc}"></div>
<div class="attack-container">
<div class="assignment-success">
@ -251,7 +251,7 @@
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/csrf/documentation/CSRF_Impact_Defense.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/csrf/documentation/CSRF_Impact_Defense.adoc}"></div>
</div>

10
src/main/resources/lessons/deserialization/html/InsecureDeserialization.html
View File

@ -3,24 +3,24 @@
<html xmlns:th="http://www.thymeleaf.org">
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/deserialization/documentation/InsecureDeserialization_Intro.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/deserialization/documentation/InsecureDeserialization_Intro.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/deserialization/documentation/InsecureDeserialization_WhatIs.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/deserialization/documentation/InsecureDeserialization_WhatIs.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/deserialization/documentation/InsecureDeserialization_SimpleExploit.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/deserialization/documentation/InsecureDeserialization_SimpleExploit.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/deserialization/documentation/InsecureDeserialization_GadgetChain.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/deserialization/documentation/InsecureDeserialization_GadgetChain.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<!-- stripped down without extra comments -->
<div class="adoc-content" th:replace="doc:lessons/deserialization/documentation/InsecureDeserialization_Task.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/deserialization/documentation/InsecureDeserialization_Task.adoc}"></div>
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<form class="attack-form" accept-charset="UNKNOWN" name="task"

4
src/main/resources/lessons/hijacksession/html/HijackSession.html
View File

@ -7,12 +7,12 @@
<!-- 1 -->
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/hijacksession/documentation/HijackSession_plan.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/hijacksession/documentation/HijackSession_plan.adoc}"></div>
</div>
<!-- 2 -->
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/hijacksession/documentation/HijackSession_content0.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/hijacksession/documentation/HijackSession_content0.adoc}"></div>
<div class="attack-container">
<div class="assignment-success">
<i class="fa fa-2 fa-check hidden" aria-hidden="true"></i>

2
src/main/resources/lessons/hijacksession/lessonSolutions/html/HijackSession.html
View File

@ -7,7 +7,7 @@
<div class="lesson-page-wrapper">
<!-- reuse this block for each 'page' of content -->
<!-- include content here ... will be first page/tab multiple -->
<div class="adoc-content" th:replace="doc:HijackSession_solution.adoc"></div>
<div class="adoc-content" th:replace="~{doc:HijackSession_solution.adoc}"></div>
</div>

6
src/main/resources/lessons/htmltampering/html/HtmlTampering.html
View File

@ -3,12 +3,12 @@
<html xmlns:th="http://www.thymeleaf.org">
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/htmltampering/documentation/HtmlTampering_Intro.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/htmltampering/documentation/HtmlTampering_Intro.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<!-- stripped down without extra comments -->
<div class="adoc-content" th:replace="doc:lessons/htmltampering/documentation/HtmlTampering_Task.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/htmltampering/documentation/HtmlTampering_Task.adoc}"></div>
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<form class="attack-form" accept-charset="UNKNOWN" id="task" name="task"
@ -143,6 +143,6 @@
</div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/htmltampering/documentation/HtmlTampering_Mitigation.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/htmltampering/documentation/HtmlTampering_Mitigation.adoc}"></div>
</div>
</html>

6
src/main/resources/lessons/httpbasics/html/HttpBasics.html
View File

@ -6,13 +6,13 @@
<!-- reuse this lesson-page-wrapper block for each 'page' of content in your lesson -->
<!-- include content here, or can be placed in another location. Content will be presented via asciidocs files,
which you put in src/main/resources/lessonplans/{lang}/{fileName}.adoc -->
<div class="adoc-content" th:replace="doc:lessons/httpbasics/documentation/HttpBasics_plan.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/httpbasics/documentation/HttpBasics_plan.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<!-- reuse this block for each 'page' of content -->
<!-- sample ascii doc content for second page -->
<div class="adoc-content" th:replace="doc:lessons/httpbasics/documentation/HttpBasics_content1.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/httpbasics/documentation/HttpBasics_content1.adoc}"></div>
<!-- if including attack, reuse this section, leave classes in place -->
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
@ -42,7 +42,7 @@
<!-- reuse this lesson-page-wrapper block for each 'page' of content in your lesson -->
<!-- include content here. Content will be presented via asciidocs files,
which you put in src/main/resources/plugin/lessonplans/{lang}/{fileName}.adoc -->
<div class="adoc-content" th:replace="doc:lessons/httpbasics/documentation/HttpBasics_content2.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/httpbasics/documentation/HttpBasics_content2.adoc}"></div>
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<!-- using attack-form class on your form, will allow your request to be ajaxified and stay within the display framework for webgoat -->

18
src/main/resources/lessons/httpproxies/html/HttpProxies.html
View File

@ -3,23 +3,23 @@
<html xmlns:th="http://www.thymeleaf.org">
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/httpproxies/documentation/0overview.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/httpproxies/documentation/0overview.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/httpproxies/documentation/1proxysetupsteps.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/httpproxies/documentation/1proxysetupsteps.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/httpproxies/documentation/3browsersetup.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/httpproxies/documentation/3browsersetup.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/httpproxies/documentation/5configurefilterandbreakpoints.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/httpproxies/documentation/5configurefilterandbreakpoints.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/httpproxies/documentation/6assignment.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/httpproxies/documentation/6assignment.adoc}"></div>
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<form class="attack-form" accept-charset="UNKNOWN" name="intercept-request"
@ -36,15 +36,15 @@
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/httpproxies/documentation/7resend.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/httpproxies/documentation/7resend.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/httpproxies/documentation/8httpsproxy.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/httpproxies/documentation/8httpsproxy.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/httpproxies/documentation/9manual.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/httpproxies/documentation/9manual.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/httpproxies/documentation/10burp.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/httpproxies/documentation/10burp.adoc}"></div>
</div>
</html>

18
src/main/resources/lessons/idor/html/IDOR.html
View File

@ -4,14 +4,14 @@
<!-- reuse this lesson-page-wrapper block for each 'page' of content in your lesson -->
<!-- include content here, or can be placed in another location. Content will be presented via asciidocs files,
which you put in src/main/resources/plugin/lessonplans/{lang}/{fileName}.adoc -->
<div class="adoc-content" th:replace="doc:lessons/idor/documentation/IDOR_intro.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/idor/documentation/IDOR_intro.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<!-- reuse this lesson-page-wrapper block for each 'page' of content in your lesson -->
<!-- include content here, or can be placed in another location. Content will be presented via asciidocs files,
which you put in src/main/resources/plugin/lessonplans/{lang}/{fileName}.adoc -->
<div class="adoc-content" th:replace="doc:lessons/idor/documentation/IDOR_login.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/idor/documentation/IDOR_login.adoc}"></div>
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<!-- using attack-form class on your form, will allow your request to be ajaxified and stay within the display framework for webgoat -->
@ -46,7 +46,7 @@
<!-- reuse this lesson-page-wrapper block for each 'page' of content in your lesson -->
<!-- include content here, or can be placed in another location. Content will be presented via asciidocs files,
which you put in src/main/resources/plugin/lessonplans/{lang}/{fileName}.adoc -->
<div class="adoc-content" th:replace="doc:lessons/idor/documentation/IDOR_viewDiffs.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/idor/documentation/IDOR_viewDiffs.adoc}"></div>
<div class="nonattack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<!-- using attack-form class on your form, will allow your request to be ajaxified and stay within the display framework for webgoat -->
@ -76,7 +76,7 @@
<!-- using attack-form class on your form will allow your request to be ajaxified and stay within the display framework for webgoat -->
<!-- you can write your own custom forms, but standard form submission will take you to your endpoint and outside of the WebGoat framework -->
<!-- of course, you can write your own ajax submission /handling in your own javascript if you like -->
<div class="adoc-content" th:replace="doc:lessons/idor/documentation/IDOR_whatDiffs.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/idor/documentation/IDOR_whatDiffs.adoc}"></div>
<!-- modify the action to point to the intended endpoint -->
<form class="attack-form"
method="POST" name="diff-form"
@ -96,7 +96,7 @@
<!-- reuse this lesson-page-wrapper block for each 'page' of content in your lesson -->
<!-- include content here, or can be placed in another location. Content will be presented via asciidocs files,
which you put in src/main/resources/plugin/lessonplans/{lang}/{fileName}.adoc -->
<div class="adoc-content" th:replace="doc:lessons/idor/documentation/IDOR_viewOwnAltPath.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/idor/documentation/IDOR_viewOwnAltPath.adoc}"></div>
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<!-- using attack-form class on your form, will allow your request to be ajaxified and stay within the display framework for webgoat -->
@ -108,7 +108,7 @@
<form class="attack-form" accept-charset="UNKNOWN"
method="POST" name="form"
action="/WebGoat/IDOR/profile/alt-path">
<div class="adoc-content" th:replace="doc:lessons/idor/documentation/IDOR_inputAltPath.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/idor/documentation/IDOR_inputAltPath.adoc}"></div>
<input name="url" value="WebGoat/" type="text"/>
<input name="submit" value="Submit" type="SUBMIT"/>
</form>
@ -123,7 +123,7 @@
<!-- reuse this lesson-page-wrapper block for each 'page' of content in your lesson -->
<!-- include content here, or can be placed in another location. Content will be presented via asciidocs files,
which you put in src/main/resources/plugin/lessonplans/{lang}/{fileName}.adoc -->
<div class="adoc-content" th:replace="doc:lessons/idor/documentation/IDOR_viewOtherProfile.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/idor/documentation/IDOR_viewOtherProfile.adoc}"></div>
<div class="nonattack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<!-- using attack-form class on your form, will allow your request to be ajaxified and stay within the display framework for webgoat -->
@ -147,7 +147,7 @@
<!-- ... of course, you can move them if you want to, but that will not look consistent to other lessons -->
</div>
<div class="adoc-content" th:replace="doc:lessons/idor/documentation/IDOR_editOtherProfile.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/idor/documentation/IDOR_editOtherProfile.adoc}"></div>
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<!-- using attack-form class on your form, will allow your request to be ajaxified and stay within the display framework for webgoat -->
@ -176,7 +176,7 @@
<!-- reuse this lesson-page-wrapper block for each 'page' of content in your lesson -->
<!-- include content here, or can be placed in another location. Content will be presented via asciidocs files,
which you put in src/main/resources/plugin/lessonplans/{lang}/{fileName}.adoc -->
<div class="adoc-content" th:replace="doc:lessons/idor/documentation/IDOR_mitigation.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/idor/documentation/IDOR_mitigation.adoc}"></div>
</div>
</html>

4
src/main/resources/lessons/insecurelogin/html/InsecureLogin.html
View File

@ -6,12 +6,12 @@
<!-- reuse this lesson-page-wrapper block for each 'page' of content in your lesson -->
<!-- include content here. Content will be presented via asciidocs files,
which you put in src/main/resources/plugin/lessonplans/{lang}/{fileName}.adoc -->
<div class="adoc-content" th:replace="doc:lessons/insecurelogin/documentation/InsecureLogin_Intro.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/insecurelogin/documentation/InsecureLogin_Intro.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<!-- stripped down without extra comments -->
<div class="adoc-content" th:replace="doc:lessons/insecurelogin/documentation/InsecureLogin_Task.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/insecurelogin/documentation/InsecureLogin_Task.adoc}"></div>
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<script th:src="@{/lesson_js/credentials.js}"></script>

28
src/main/resources/lessons/jwt/html/JWT.html
View File

@ -3,14 +3,14 @@
<html xmlns:th="http://www.thymeleaf.org">
<body>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/jwt/documentation/JWT_plan.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/jwt/documentation/JWT_plan.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/jwt/documentation/JWT_structure.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/jwt/documentation/JWT_structure.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/jwt/documentation/JWT_decode.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/jwt/documentation/JWT_decode.adoc}"></div>
<div class="attack-container">
<img th:src="@{/images/wolf-enabled.png}" class="webwolf-enabled"/>
<form id="decode" class="attack-form" method="POST" name="form" action="/WebGoat/JWT/decode">
@ -35,10 +35,10 @@
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/jwt/documentation/JWT_login_to_token.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/jwt/documentation/JWT_login_to_token.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/jwt/documentation/JWT_signing.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/jwt/documentation/JWT_signing.adoc}"></div>
<link rel="stylesheet" type="text/css" th:href="@{/lesson_css/jwt.css}"/>
<script th:src="@{/lesson_js/jwt-voting.js}" language="JavaScript"></script>
@ -102,7 +102,7 @@
<div class="lesson-page-wrapper">
<div class="lesson-page-solution">
<div class="adoc-content" th:replace="doc:lessons/jwt/documentation/JWT_signing_solution.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/jwt/documentation/JWT_signing_solution.adoc}"></div>
</div>
</div>
@ -112,7 +112,7 @@
<link rel="stylesheet" type="text/css" th:href="@{/css/quiz.css}"/>
<script th:src="@{/js/quiz.js}" language="JavaScript"></script>
<link rel="import" type="application/json" th:href="@{/lesson_js/questions_jwt.json}"/>
<div class="adoc-content" th:replace="doc:lessons/jwt/documentation/JWT_libraries_assignment.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/jwt/documentation/JWT_libraries_assignment.adoc}"></div>
<div class="attack-container">
<div class="attack-feedback"></div>
<div class="attack-output"></div>
@ -134,18 +134,18 @@
<div class="lesson-page-wrapper">
<div class="lesson-page-solution">
<div class="adoc-content" th:replace="doc:lessons/jwt/documentation/JWT_libraries_assignment2.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/jwt/documentation/JWT_libraries_assignment2.adoc}"></div>
</div>
</div>
<div class="lesson-page-wrapper">
<div class="lesson-page-solution">
<div class="adoc-content" th:replace="doc:lessons/jwt/documentation/JWT_libraries_solution.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/jwt/documentation/JWT_libraries_solution.adoc}"></div>
</div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/jwt/documentation/JWT_weak_keys"></div>
<div class="adoc-content" th:replace="~{doc:lessons/jwt/documentation/JWT_weak_keys}"></div>
<script th:src="@{/lesson_js/jwt-weak-keys.js}" language="JavaScript"></script>
<pre id="secrettoken"></pre>
@ -173,11 +173,11 @@
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/jwt/documentation/JWT_refresh.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/jwt/documentation/JWT_refresh.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/jwt/documentation/JWT_refresh_assignment.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/jwt/documentation/JWT_refresh_assignment.adoc}"></div>
<link rel="stylesheet" type="text/css" th:href="@{/lesson_css/jwt.css}"/>
<script th:src="@{/lesson_js/bootstrap.min.js}" language="JavaScript"></script>
@ -299,7 +299,7 @@
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/jwt/documentation/JWT_final.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/jwt/documentation/JWT_final.adoc}"></div>
<link rel="stylesheet" type="text/css" th:href="@{/lesson_css/jwt.css}"/>
<script th:src="@{/lesson_js/bootstrap.min.js}" language="JavaScript"></script>
@ -359,7 +359,7 @@
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/jwt/documentation/JWT_mitigation.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/jwt/documentation/JWT_mitigation.adoc}"></div>
</div>
</body>

2
src/main/resources/lessons/lessontemplate/documentation/lesson-template-attack.adoc
View File

@ -82,7 +82,7 @@ green when the user solves the assignment. To make this work we need to add to t
[source]
----
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lesson-template-attack.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lesson-template-attack.adoc}"></div>
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<form class="attack-form" accept-charset="UNKNOWN"

12
src/main/resources/lessons/lessontemplate/documentation/lesson-template-glue.adoc
View File

@ -9,16 +9,16 @@ green when the user solves the assignment. To make this work we need to add:
<html xmlns:th="http://www.thymeleaf.org">
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/lessontemplate/documentation/
lesson-template-intro.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/lessontemplate/documentation/
lesson-template-intro.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/lessontemplate/documentation/
lesson-template-content.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/lessontemplate/documentation/
lesson-template-content.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/lessontemplate/documentation/
lesson-template-lesson-class.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/lessontemplate/documentation/
lesson-template-lesson-class.adoc}"></div>
</div>
</html>
----

6
src/main/resources/lessons/lessontemplate/documentation/lesson-template-video-more.adoc
View File

@ -5,7 +5,7 @@ You can include multiple adoc files in one page, by including them in the same `
[source]
----
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lesson-template-video.adoc"></div>
<div class="adoc-content" th:replace="doc:lesson-template-video-more.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lesson-template-video.adoc}"></div>
<div class="adoc-content" th:replace="~{doc:lesson-template-video-more.adoc}"></div>
</div>
----
----

16
src/main/resources/lessons/lessontemplate/html/LessonTemplate.html
View File

@ -4,38 +4,38 @@
<!-- reuse this lesson-page-wrapper block for each 'page' of content in your lesson -->
<!-- include content here, or can be placed in another location. Content will be presented via asciidocs files,
which go in src/main/resources/plugin/lessonplans/{lang}/{fileName}.adoc -->
<div class="adoc-content" th:replace="doc:lessons/lessontemplate/documentation/lesson-template-intro.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/lessontemplate/documentation/lesson-template-intro.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<!-- reuse the above lesson-page-wrapper block for each 'page' of content in your lesson -->
<!-- include content here, or can be placed in another location. Content will be presented via asciidocs files,
which you put in src/main/resources/plugin/lessonplans/{lang}/{fileName}.adoc -->
<div class="adoc-content" th:replace="doc:lessons/lessontemplate/documentation/lesson-template-content.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/lessontemplate/documentation/lesson-template-content.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<!-- reuse the above lesson-page-wrapper block for each 'page' of content in your lesson -->
<!-- include content here, or can be placed in another location. Content will be presented via asciidocs files,
which you put in src/main/resources/plugin/lessonplans/{lang}/{fileName}.adoc -->
<div class="adoc-content" th:replace="doc:lessons/lessontemplate/documentation/lesson-template-video.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/lessontemplate/documentation/lesson-template-video.adoc}"></div>
<!-- can use multiple adoc's in a page-wrapper if you want ... or not-->
<div class="adoc-content" th:replace="doc:lessons/lessontemplate/documentation/lesson-template-video-more.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/lessontemplate/documentation/lesson-template-video-more.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/lessontemplate/documentation/lesson-template-lesson-class.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/lessontemplate/documentation/lesson-template-lesson-class.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/lessontemplate/documentation/lesson-template-glue.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/lessontemplate/documentation/lesson-template-glue.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<!-- reuse the above lesson-page-wrapper block for each 'page' of content in your lesson -->
<!-- include content here, or can be placed in another location. Content will be presented via asciidocs files,
which you put in src/main/resources/plugin/lessonplans/{lang}/{fileName}.adoc -->
<div class="adoc-content" th:replace="doc:lessons/lessontemplate/documentation/lesson-template-attack.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/lessontemplate/documentation/lesson-template-attack.adoc}"></div>
<!-- WebGoat will automatically style and scaffold some functionality by using the div.attack-container as below -->
<div class="attack-container">
@ -71,7 +71,7 @@
see other lessons for other more complex examples -->
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/lessontemplate/documentation/lesson-template-database.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/lessontemplate/documentation/lesson-template-database.adoc}"></div>
</div>
</html>

10
src/main/resources/lessons/logging/html/LogSpoofing.html
View File

@ -6,12 +6,12 @@
<!-- reuse this lesson-page-wrapper block for each 'page' of content in your lesson -->
<!-- include content here. Content will be presented via asciidocs files,
which you put in src/main/resources/plugin/lessonplans/{lang}/{fileName}.adoc -->
<div class="adoc-content" th:replace="doc:lessons/logging/documentation/logging_intro.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/logging/documentation/logging_intro.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<!-- stripped down without extra comments -->
<div class="adoc-content" th:replace="doc:lessons/logging/documentation/logSpoofing_Task.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/logging/documentation/logSpoofing_Task.adoc}"></div>
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<form class="attack-form" accept-charset="UNKNOWN" name="task"
@ -30,10 +30,10 @@
</div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/logging/documentation/sensitive_logging_intro.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/logging/documentation/sensitive_logging_intro.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/logging/documentation/logReading_Task.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/logging/documentation/logReading_Task.adoc}"></div>
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<form class="attack-form" accept-charset="UNKNOWN" name="task"
@ -50,6 +50,6 @@
</div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/logging/documentation/more_logging.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/logging/documentation/more_logging.adoc}"></div>
</div>
</html>

8
src/main/resources/lessons/missingac/html/MissingFunctionAC.html
View File

@ -1,12 +1,12 @@
<html xmlns:th="http://www.thymeleaf.org">
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/missingac/documentation/missing-function-ac-01-intro.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/missingac/documentation/missing-function-ac-01-intro.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<link rel="stylesheet" type="text/css" th:href="@{/lesson_css/ac.css}"/>
<div class="adoc-content" th:replace="doc:lessons/missingac/documentation/missing-function-ac-02-client-controls.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/missingac/documentation/missing-function-ac-02-client-controls.adoc}"></div>
<div class="attack-container">
<nav class="navbar navbar-default">
@ -70,7 +70,7 @@
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/missingac/documentation/missing-function-ac-03-users.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/missingac/documentation/missing-function-ac-03-users.adoc}"></div>
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
@ -92,7 +92,7 @@
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/missingac/documentation/missing-function-ac-04-users-fixed.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/missingac/documentation/missing-function-ac-04-users-fixed.adoc}"></div>
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>

14
src/main/resources/lessons/passwordreset/html/PasswordReset.html
View File

@ -3,10 +3,10 @@
<html xmlns:th="http://www.thymeleaf.org">
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/passwordreset/documentation/PasswordReset_plan.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/passwordreset/documentation/PasswordReset_plan.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/passwordreset/documentation/PasswordReset_simple.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/passwordreset/documentation/PasswordReset_simple.adoc}"></div>
<link rel="stylesheet" type="text/css" th:href="@{/lesson_css/password.css}"/>
<script th:src="@{/lesson_js/bootstrap.min.js}" language="JavaScript"></script>
@ -90,11 +90,11 @@
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/passwordreset/documentation/PasswordReset_wrong_message.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/passwordreset/documentation/PasswordReset_wrong_message.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/passwordreset/documentation/PasswordReset_known_questions.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/passwordreset/documentation/PasswordReset_known_questions.adoc}"></div>
<link rel="stylesheet" type="text/css" th:href="@{/lesson_css/password.css}"/>
<script th:src="@{/lesson_js/bootstrap.min.js}" language="JavaScript"></script>
@ -138,7 +138,7 @@
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/passwordreset/documentation/PasswordReset_SecurityQuestions.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/passwordreset/documentation/PasswordReset_SecurityQuestions.adoc}"></div>
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<form class="attack-form" accept-charset="UNKNOWN"
@ -168,7 +168,7 @@
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/passwordreset/documentation/PasswordReset_host_header.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/passwordreset/documentation/PasswordReset_host_header.adoc}"></div>
<div class="attack-container">
<img th:src="@{/images/wolf-enabled.png}" class="webwolf-enabled"/>
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
@ -260,6 +260,6 @@
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/passwordreset/documentation/PasswordReset_mitigation.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/passwordreset/documentation/PasswordReset_mitigation.adoc}"></div>
</div>
</html>

16
src/main/resources/lessons/pathtraversal/html/PathTraversal.html
View File

@ -5,11 +5,11 @@
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/pathtraversal/documentation/PathTraversal_intro.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/pathtraversal/documentation/PathTraversal_intro.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/pathtraversal/documentation/PathTraversal_upload.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/pathtraversal/documentation/PathTraversal_upload.adoc}"></div>
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<div class="upload-container">
@ -63,7 +63,7 @@
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/pathtraversal/documentation/PathTraversal_upload_fix.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/pathtraversal/documentation/PathTraversal_upload_fix.adoc}"></div>
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<div class="upload-container">
@ -118,7 +118,7 @@
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/pathtraversal/documentation/PathTraversal_upload_remove_user_input.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/pathtraversal/documentation/PathTraversal_upload_remove_user_input.adoc}"></div>
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<div class="upload-container">
@ -174,7 +174,7 @@
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/pathtraversal/documentation/PathTraversal_retrieval.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/pathtraversal/documentation/PathTraversal_retrieval.adoc}"></div>
<div class="attack-container">
<div class="container-fluid">
@ -212,11 +212,11 @@
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/pathtraversal/documentation/PathTraversal_zip_slip.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/pathtraversal/documentation/PathTraversal_zip_slip.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/pathtraversal/documentation/PathTraversal_zip_slip_assignment.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/pathtraversal/documentation/PathTraversal_zip_slip_assignment.adoc}"></div>
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<div class="upload-container">
@ -271,7 +271,7 @@
<div class="lesson-page-wrapper">
<div class="lesson-page-solution">
<div class="adoc-content" th:replace="doc:lessons/pathtraversal/documentation/PathTraversal_zip_slip_solution.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/pathtraversal/documentation/PathTraversal_zip_slip_solution.adoc}"></div>
</div>
</div>

12
src/main/resources/lessons/securepasswords/html/SecurePasswords.html
View File

@ -3,19 +3,19 @@
<html xmlns:th="http://www.thymeleaf.org">
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/securepasswords/documentation/SecurePasswords_intro.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/securepasswords/documentation/SecurePasswords_intro.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/securepasswords/documentation/SecurePasswords_1.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/securepasswords/documentation/SecurePasswords_1.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/securepasswords/documentation/SecurePasswords_2.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/securepasswords/documentation/SecurePasswords_2.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/securepasswords/documentation/SecurePasswords_assignment_introduction.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/securepasswords/documentation/SecurePasswords_assignment_introduction.adoc}"></div>
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<form class="attack-form" accept-charset="UNKNOWN"
@ -39,11 +39,11 @@
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/securepasswords/documentation/SecurePasswords_3.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/securepasswords/documentation/SecurePasswords_3.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/securepasswords/documentation/SecurePasswords_4.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/securepasswords/documentation/SecurePasswords_4.adoc}"></div>
</div>
<script>

4
src/main/resources/lessons/spoofcookie/html/SpoofCookie.html
View File

@ -9,12 +9,12 @@
<!-- 1 -->
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/spoofcookie/documentation/SpoofCookie_plan.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/spoofcookie/documentation/SpoofCookie_plan.adoc}"></div>
</div>
<!-- 2 -->
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/spoofcookie/documentation/SpoofCookie_content0.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/spoofcookie/documentation/SpoofCookie_content0.adoc}"></div>
<div class="attack-container">
<div class="assignment-success">
<i class="fa fa-2 fa-check hidden" aria-hidden="true"></i>

4
src/main/resources/lessons/spoofcookie/lessonSolutions/html/SpoofCookie.html
View File

@ -7,8 +7,8 @@
<div class="lesson-page-wrapper">
<!-- reuse this block for each 'page' of content -->
<!-- include content here ... will be first page/tab multiple -->
<div class="adoc-content" th:replace="doc:SpoofCookie_solution.adoc"></div>
<div class="adoc-content" th:replace="~{doc:SpoofCookie_solution.adoc}"></div>
</div>
</html>
</html>

28
src/main/resources/lessons/sqlinjection/html/SqlInjection.html
View File

@ -5,12 +5,12 @@
<!--Page 1-->
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjection_introduction_plan.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_introduction_plan.adoc}"></div>
</div>
<!--Page 2-->
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjection_introduction_content1.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_introduction_content1.adoc}"></div>
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<form class="attack-form" accept-charset="UNKNOWN"
@ -34,7 +34,7 @@
<!--Page 3-->
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjection_introduction_content2.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_introduction_content2.adoc}"></div>
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<form class="attack-form" accept-charset="UNKNOWN"
@ -58,7 +58,7 @@
<!--Page 4-->
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjection_introduction_content3.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_introduction_content3.adoc}"></div>
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<form class="attack-form" accept-charset="UNKNOWN"
@ -82,7 +82,7 @@
<!--Page 5-->
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjection_introduction_content4.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_introduction_content4.adoc}"></div>
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<form class="attack-form" accept-charset="UNKNOWN"
@ -106,7 +106,7 @@
<!--Page 6-->
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjection_introduction_content5_before.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_introduction_content5_before.adoc}"></div>
<div>
<label for="username-preview">Username:</label>
<input id="preview-input" type="text" name="username" val=""/>
@ -123,22 +123,22 @@
});
</script>
</div>
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjection_introduction_content5_after.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_introduction_content5_after.adoc}"></div>
</div>
<!--Page 7-->
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjection_introduction_content6.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_introduction_content6.adoc}"></div>
</div>
<!--Page 8-->
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjection_introduction_content7.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_introduction_content7.adoc}"></div>
</div>
<!--Page 9-->
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjection_introduction_content11.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_introduction_content11.adoc}"></div>
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<form class="attack-form" accept-charset="UNKNOWN"
@ -183,7 +183,7 @@
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjection_introduction_content12.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_introduction_content12.adoc}"></div>
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<form class="attack-form" accept-charset="UNKNOWN"
@ -211,7 +211,7 @@
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjection_introduction_content8.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_introduction_content8.adoc}"></div>
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<form class="attack-form" accept-charset="UNKNOWN"
@ -239,7 +239,7 @@
<!--Page 10-->
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjection_introduction_content9.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_introduction_content9.adoc}"></div>
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<form class="attack-form" accept-charset="UNKNOWN"
@ -267,7 +267,7 @@
<!--Page 11-->
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjection_introduction_content10.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_introduction_content10.adoc}"></div>
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>

12
src/main/resources/lessons/sqlinjection/html/SqlInjectionAdvanced.html
View File

@ -5,17 +5,17 @@
<!-- 1 -->
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjectionAdvanced_plan.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjectionAdvanced_plan.adoc}"></div>
</div>
<!-- 2 -->
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjection_content6.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_content6.adoc}"></div>
</div>
<!-- 3 -->
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjection_content6a.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_content6a.adoc}"></div>
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<form class="attack-form" accept-charset="UNKNOWN"
@ -51,10 +51,10 @@
<!-- 4 -->
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjection_content6c.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_content6c.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjection_challenge.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_challenge.adoc}"></div>
<link rel="stylesheet" type="text/css" th:href="@{/lesson_css/challenge.css}"/>
<script th:src="@{/lesson_js/challenge.js}" language="JavaScript"></script>
<div class="attack-container">
@ -162,7 +162,7 @@
<link rel="stylesheet" type="text/css" th:href="@{/css/quiz.css}"/>
<script th:src="@{/js/quiz.js}" language="JavaScript"></script>
<link rel="import" type="application/json" th:href="@{/lesson_js/questions.json}"/>
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjection_quiz.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_quiz.adoc}"></div>
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<div class="container-fluid">

26
src/main/resources/lessons/sqlinjection/html/SqlInjectionMitigations.html
View File

@ -4,23 +4,23 @@
<link rel="stylesheet" type="text/css" th:href="@{/lesson_css/assignments.css}"/>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjection_content7.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_content7.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjection_content8.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_content8.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjection_content9.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_content9.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjection_content10.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_content10.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjection_jdbc_completion.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_jdbc_completion.adoc}"></div>
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<form class="attack-form" accept-charset="UNKNOWN" method="POST" name="form" action="/WebGoat/SqlInjectionMitigations/attack10a">
@ -40,7 +40,7 @@
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjection_jdbc_newcode.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_jdbc_newcode.adoc}"></div>
<div class="attack-container" style="border: none !important; height: 100%; min-height: 300px;">
<form id="codesubmit" style="height: 100%; min-height: 300px;" class="attack-form" accept-charset="UNKNOWN" method="POST" name="form" action="/WebGoat/SqlInjectionMitigations/attack10b">
<div>
@ -60,14 +60,14 @@
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjection_content11.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_content11.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjection_content12.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_content12.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjection_content12a.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_content12a.adoc}"></div>
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<form class="attack-form" accept-charset="UNKNOWN"
@ -90,7 +90,7 @@
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjection_content12b.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_content12b.adoc}"></div>
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<form class="attack-form" accept-charset="UNKNOWN"
@ -114,11 +114,11 @@
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjection_content13.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_content13.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjection_order_by.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_order_by.adoc}"></div>
<script th:src="@{/lesson_js/assignment13.js}" language="JavaScript"></script>
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
@ -191,7 +191,7 @@
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjection_content14.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_content14.adoc}"></div>
</div>
</html>

8
src/main/resources/lessons/ssrf/html/SSRF.html
View File

@ -3,11 +3,11 @@
<html xmlns:th="http://www.thymeleaf.org">
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/ssrf/documentation/SSRF_Intro.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/ssrf/documentation/SSRF_Intro.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/ssrf/documentation/SSRF_Task1.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/ssrf/documentation/SSRF_Task1.adoc}"></div>
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<form class="attack-form" accept-charset="UNKNOWN"
@ -29,7 +29,7 @@
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/ssrf/documentation/SSRF_Task2.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/ssrf/documentation/SSRF_Task2.adoc}"></div>
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<form class="attack-form" accept-charset="UNKNOWN"
@ -51,6 +51,6 @@
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/ssrf/documentation/SSRF_Prevent.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/ssrf/documentation/SSRF_Prevent.adoc}"></div>
</div>
</html>

28
src/main/resources/lessons/vulnerablecomponents/html/VulnerableComponents.html
View File

@ -4,20 +4,20 @@
<link rel="stylesheet" type="text/css" href="http://code.jquery.com/ui/1.9.1/themes/base/jquery-ui.css" />
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/vulnerablecomponents/documentation/VulnerableComponents_plan.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/vulnerablecomponents/documentation/VulnerableComponents_plan.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/vulnerablecomponents/documentation/VulnerableComponents_content0.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/vulnerablecomponents/documentation/VulnerableComponents_content0.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/vulnerablecomponents/documentation/VulnerableComponents_content1.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/vulnerablecomponents/documentation/VulnerableComponents_content1.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/vulnerablecomponents/documentation/VulnerableComponents_content1a.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/vulnerablecomponents/documentation/VulnerableComponents_content1a.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/vulnerablecomponents/documentation/VulnerableComponents_content2.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/vulnerablecomponents/documentation/VulnerableComponents_content2.adoc}"></div>
<div class="attack-container">
<!-- using attack-form class on your form, will allow your request to be ajaxified and stay within the display framework for webgoat -->
<div id="lessonContent">
@ -45,7 +45,7 @@
</div>
</div>
<div class="adoc-content" th:replace="doc:lessons/vulnerablecomponents/documentation/VulnerableComponents_content2a.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/vulnerablecomponents/documentation/VulnerableComponents_content2a.adoc}"></div>
<div class="attack-container">
<!-- using attack-form class on your form, will allow your request to be ajaxified and stay within the display framework for webgoat -->
<div id="lessonContent">
@ -75,26 +75,26 @@
</div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/vulnerablecomponents/documentation/VulnerableComponents_content3.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/vulnerablecomponents/documentation/VulnerableComponents_content3.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/vulnerablecomponents/documentation/VulnerableComponents_content4.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/vulnerablecomponents/documentation/VulnerableComponents_content4.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/vulnerablecomponents/documentation/VulnerableComponents_content4a.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/vulnerablecomponents/documentation/VulnerableComponents_content4a.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/vulnerablecomponents/documentation/VulnerableComponents_content4b.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/vulnerablecomponents/documentation/VulnerableComponents_content4b.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/vulnerablecomponents/documentation/VulnerableComponents_content4c.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/vulnerablecomponents/documentation/VulnerableComponents_content4c.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/vulnerablecomponents/documentation/VulnerableComponents_content5.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/vulnerablecomponents/documentation/VulnerableComponents_content5.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/vulnerablecomponents/documentation/VulnerableComponents_content5a.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/vulnerablecomponents/documentation/VulnerableComponents_content5a.adoc}"></div>
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<form class="attack-form" accept-charset="UNKNOWN"
@ -120,7 +120,7 @@
</div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/vulnerablecomponents/documentation/VulnerableComponents_content6.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/vulnerablecomponents/documentation/VulnerableComponents_content6.adoc}"></div>
</div>
</html>

2
src/main/resources/lessons/webgoatintroduction/html/WebGoatIntroduction.html
View File

@ -2,7 +2,7 @@
<html xmlns:th="http://www.thymeleaf.org">
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/webgoatintroduction/documentation/Introduction.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/webgoatintroduction/documentation/Introduction.adoc}"></div>
</div>
</html>

8
src/main/resources/lessons/webwolfintroduction/html/WebWolfIntroduction.html
View File

@ -2,15 +2,15 @@
<html xmlns:th="http://www.thymeleaf.org">
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/webwolfintroduction/documentation/IntroductionWebWolf.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/webwolfintroduction/documentation/IntroductionWebWolf.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/webwolfintroduction/documentation/Uploading_files.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/webwolfintroduction/documentation/Uploading_files.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/webwolfintroduction/documentation/Receiving_mail.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/webwolfintroduction/documentation/Receiving_mail.adoc}"></div>
<div class="attack-container">
<img th:src="@{/images/wolf-enabled.png}" class="webwolf-enabled"/>
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
@ -66,7 +66,7 @@
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/webwolfintroduction/documentation/Landing_page.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/webwolfintroduction/documentation/Landing_page.adoc}"></div>
<div class="attack-container">
<img th:src="@{/images/wolf-enabled.png}" class="webwolf-enabled"/>
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>

24
src/main/resources/lessons/xss/html/CrossSiteScripting.html
View File

@ -3,11 +3,11 @@
<html xmlns:th="http://www.thymeleaf.org">
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/xss/documentation/CrossSiteScripting_plan.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/xss/documentation/CrossSiteScripting_plan.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/xss/documentation/CrossSiteScripting_content1.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/xss/documentation/CrossSiteScripting_content1.adoc}"></div>
<div class="attack-container">
<div id="lessonContent">
<form class="attack-form" accept-charset="UNKNOWN"
@ -28,20 +28,20 @@
</div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/xss/documentation/CrossSiteScripting_content2.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/xss/documentation/CrossSiteScripting_content2.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/xss/documentation/CrossSiteScripting_content3.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/xss/documentation/CrossSiteScripting_content3.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/xss/documentation/CrossSiteScripting_content4.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/xss/documentation/CrossSiteScripting_content4.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/xss/documentation/CrossSiteScripting_content5.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/xss/documentation/CrossSiteScripting_content5.adoc}"></div>
<img align="middle" th:src="@{/images/Reflected-XSS.png}" />
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/xss/documentation/CrossSiteScripting_content5a.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/xss/documentation/CrossSiteScripting_content5a.adoc}"></div>
<div class="attack-container">
<div id="lessonContent">
<form class="attack-form" accept-charset="UNKNOWN"
@ -119,16 +119,16 @@
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/xss/documentation/CrossSiteScripting_content5b.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/xss/documentation/CrossSiteScripting_content5b.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/xss/documentation/CrossSiteScripting_content6.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/xss/documentation/CrossSiteScripting_content6.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/xss/documentation/CrossSiteScripting_content6a.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/xss/documentation/CrossSiteScripting_content6a.adoc}"></div>
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<form class="attack-form" accept-charset="UNKNOWN"
@ -143,7 +143,7 @@
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/xss/documentation/CrossSiteScripting_content6b.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/xss/documentation/CrossSiteScripting_content6b.adoc}"></div>
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<form class="attack-form" accept-charset="UNKNOWN"
@ -162,7 +162,7 @@
<link rel="stylesheet" type="text/css" th:href="@{/css/quiz.css}"/>
<script th:src="@{/js/quiz.js}" language="JavaScript"></script>
<link rel="import" type="application/json" th:href="@{/lesson_js/questions.json}"/>
<div class="adoc-content" th:replace="doc:lessons/xss/documentation/CrossSiteScripting_quiz.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/xss/documentation/CrossSiteScripting_quiz.adoc}"></div>
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<div class="container-fluid">

12
src/main/resources/lessons/xss/html/CrossSiteScriptingMitigation.html
View File

@ -3,23 +3,23 @@
<html xmlns:th="http://www.thymeleaf.org">
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/xss/documentation/CrossSiteScriptingMitigation_plan.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/xss/documentation/CrossSiteScriptingMitigation_plan.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/xss/documentation/CrossSiteScripting_content8.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/xss/documentation/CrossSiteScripting_content8.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/xss/documentation/CrossSiteScripting_content8a.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/xss/documentation/CrossSiteScripting_content8a.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/xss/documentation/CrossSiteScripting_content9.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/xss/documentation/CrossSiteScripting_content9.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/xss/documentation/CrossSiteScripting_content8b.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/xss/documentation/CrossSiteScripting_content8b.adoc}"></div>
<div class="attack-container" style="height: 100%; border: none !important;min-height: 450px;">
<form id="codesubmit" style="height: 100%; min-height: 350px;" class="attack-form" accept-charset="UNKNOWN" method="POST" name="form" action="/WebGoat/CrossSiteScripting/attack3">
<div>
@ -39,7 +39,7 @@
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/xss/documentation/CrossSiteScripting_content8c.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/xss/documentation/CrossSiteScripting_content8c.adoc}"></div>
<div class="attack-container" style="height: 100%; border: none !important;min-height: 450px;">
<form id="codesubmit2" style="height: 100%; min-height: 350px;" class="attack-form" accept-charset="UNKNOWN" method="POST" name="form" action="/WebGoat/CrossSiteScripting/attack4">
<div>

8
src/main/resources/lessons/xss/html/CrossSiteScriptingStored.html
View File

@ -3,16 +3,16 @@
<html xmlns:th="http://www.thymeleaf.org">
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/xss/documentation/CrossSiteScriptingStored_plan.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/xss/documentation/CrossSiteScriptingStored_plan.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/xss/documentation/CrossSiteScripting_content7.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/xss/documentation/CrossSiteScripting_content7.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/xss/documentation/CrossSiteScripting_content7b.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/xss/documentation/CrossSiteScripting_content7b.adoc}"></div>
<!-- comment area -->
<link rel="stylesheet" type="text/css" th:href="@{/lesson_css/stored-xss.css}"/>
@ -59,7 +59,7 @@
</div>
<!-- end comments -->
<div class="adoc-content" th:replace="doc:lessons/xss/documentation/CrossSiteScripting_content7c.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/xss/documentation/CrossSiteScripting_content7c.adoc}"></div>
<div class="attack-container">
<!-- this will be where they can store the additional comment -->

26
src/main/resources/lessons/xxe/html/XXE.html
View File

@ -5,19 +5,19 @@
<body>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/xxe/documentation/XXE_plan.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/xxe/documentation/XXE_plan.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/xxe/documentation/XXE_intro.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/xxe/documentation/XXE_intro.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/xxe/documentation/XXE_simple_introduction.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/xxe/documentation/XXE_simple_introduction.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/xxe/documentation/XXE_simple.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/xxe/documentation/XXE_simple.adoc}"></div>
<link rel="stylesheet" type="text/css" th:href="@{/lesson_css/xxe.css}"/>
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
@ -77,16 +77,16 @@
<div class="lesson-page-wrapper">
<div class="lesson-page-solution">
<div class="adoc-content" th:replace="doc:lessons/xxe/documentation/XXE_simple_solution.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/xxe/documentation/XXE_simple_solution.adoc}"></div>
</div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/xxe/documentation/XXE_code.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/xxe/documentation/XXE_code.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/xxe/documentation/XXE_changing_content_type.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/xxe/documentation/XXE_changing_content_type.adoc}"></div>
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<form class="attack-form" accept-charset="UNKNOWN"
@ -144,20 +144,20 @@
<div class="lesson-page-wrapper">
<div class="lesson-page-solution">
<div class="adoc-content" th:replace="doc:lessons/xxe/documentation/XXE_changing_content_type_solution.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/xxe/documentation/XXE_changing_content_type_solution.adoc}"></div>
</div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/xxe/documentation/XXE_overflow.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/xxe/documentation/XXE_overflow.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/xxe/documentation/XXE_blind.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/xxe/documentation/XXE_blind.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/xxe/documentation/XXE_blind_assignment.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/xxe/documentation/XXE_blind_assignment.adoc}"></div>
<div class="attack-container">
<img th:src="@{/images/wolf-enabled.png}" class="webwolf-enabled"/>
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
@ -215,11 +215,11 @@
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/xxe/documentation/XXE_mitigation.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/xxe/documentation/XXE_mitigation.adoc}"></div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/xxe/documentation/XXE_static_code_analysis.adoc"></div>
<div class="adoc-content" th:replace="~{doc:lessons/xxe/documentation/XXE_static_code_analysis.adoc}"></div>
<br/>
<a id="submitlink" class="btn btn-primary" href="" onclick="javascript:$('#patchbutton').load('/WebGoat/service/enable-security.mvc');return false;"><span id="patchbutton">Apply XXE security patch</span></a>
</div>