From cd4e6a3b95fcc42eb4b6c74cc6ce29fd5f3a68ca Mon Sep 17 00:00:00 2001 From: mayhew64 Date: Fri, 29 Dec 2006 04:51:37 +0000 Subject: [PATCH] Minor nits git-svn-id: http://webgoat.googlecode.com/svn/trunk@51 4033779f-a91e-0410-96ef-6bf7bf53c507 --- .../JavaSource/org/owasp/webgoat/lessons/HttpOnly.java | 5 ++--- .../JavaSource/org/owasp/webgoat/lessons/HttpSplitting.java | 2 +- .../JavaSource/org/owasp/webgoat/lessons/LogSpoofing.java | 3 ++- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HttpOnly.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HttpOnly.java index 3fd583b15..a31ba1bf2 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HttpOnly.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HttpOnly.java @@ -128,9 +128,8 @@ public class HttpOnly extends LessonAdapter { */ protected List getHints() { - List hints = new ArrayList(); - - + List hints = new ArrayList(); + hints.add( "Read the directions and try out the buttons." ); return hints; } diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HttpSplitting.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HttpSplitting.java index 15bfce6eb..8873fd26b 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HttpSplitting.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HttpSplitting.java @@ -192,7 +192,7 @@ public class HttpSplitting extends LessonAdapter { hints.add( "Use CR (%0d) and LF (%0a) for a new line" ); hints.add( "The Content-Length: 0 will tell the server that the first request is over." ); hints.add( "A 200 OK message looks like this: HTTP/1.1 200 OK" ); - hints.add( "Try language=?foobar%0d%0aContent-Length:%200%0d%0a%0d%0aHTTP/1.1%20200%20OK%0d%0aContent-Type:%20text/html%0d%0aContent-Length:%2019%0d%0a%0d%0ahahahahaha" ); + hints.add( "Try: language=?foobar%0d%0aContent-Length:%200%0d%0a%0d%0aHTTP/1.1%20200%20OK%0d%0aContent-Type:%20text/html%0d%0aContent-Length:%2047%0d%0a%0d%0a<html>Insert undesireable content here</html>" ); return hints; } diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/LogSpoofing.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/LogSpoofing.java index 502805919..3eacc29c3 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/LogSpoofing.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/LogSpoofing.java @@ -104,7 +104,8 @@ public class LogSpoofing extends LessonAdapter { List hints = new ArrayList(); hints.add( "Try to fool the humane eye by using new lines." ); hints.add( "Use CR (%0d) and LF (%0a) for a new line." ); - hints.add( "Try: fooledYa%0d%0aLogin Succeeded for username: admin" ); + hints.add( "Try: Smith%0d%0aLogin Succeeded for username: admin" ); + hints.add( "Try: Smith%0d%0aLogin Succeeded for username: admin<script>alert(document.cookie)</script>" ); return hints; }