dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

minor changes

Browse Source 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@256 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
rogan.dawes 2008-01-10 10:48:01 +00:00
parent 489bff08f8
commit dd6a893f28
2 changed files with 73 additions and 73 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

86
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ClientSideValidation.java
View File

@ -25,12 +25,12 @@ public class ClientSideValidation extends SequentialLessonAdapter {
/** /**
* Description of the Method * Description of the Method
* *
* @param s * @param s
* Description of the Parameter * Description of the Parameter
* @return Description of the Return Value * @return Description of the Return Value
*/ */
public final static A ASPECT_LOGO = new A().setHref("http://www.aspectsecurity.com").addElement(new IMG("images/logos/aspect.jpg").setAlt("Aspect Security").setBorder(0).setHspace(0).setVspace(0)); public final static A ASPECT_LOGO = new A().setHref("http://www.aspectsecurity.com").addElement(new IMG("images/logos/aspect.jpg").setAlt("Aspect Security").setBorder(0).setHspace(0).setVspace(0));
@ -51,11 +51,11 @@ public class ClientSideValidation extends SequentialLessonAdapter {
} }
protected Element evalStage1(WebSession s) { protected Element evalStage1(WebSession s) {
ElementContainer ec = new ElementContainer(); ElementContainer ec = new ElementContainer();
String param1 = s.getParser().getRawParameter("field1", ""); String param1 = s.getParser().getRawParameter("field1", "");
//test success //test success
if (param1.equalsIgnoreCase("platinum") if (param1.equalsIgnoreCase("platinum")
@ -69,32 +69,32 @@ public class ClientSideValidation extends SequentialLessonAdapter {
s.setMessage("Stage 1 completed."); s.setMessage("Stage 1 completed.");
// Redirect user to Stage2 content. // Redirect user to Stage2 content.
ec.addElement(doStage2(s)); ec.addElement(doStage2(s));
} else { } else {
if (!stage1FirstVisit) { if (!stage1FirstVisit) {
s.setMessage("Keep looking for the coupon code."); s.setMessage("Keep looking for the coupon code.");
} }
stage1FirstVisit = false; stage1FirstVisit = false;
ec.addElement(stage1Content(s)); ec.addElement(stage1Content(s));
} }
return ec; return ec;
} }
protected Element stage1Content(WebSession s) { protected Element stage1Content(WebSession s) {
ElementContainer ec = new ElementContainer(); ElementContainer ec = new ElementContainer();
try { try {
ec.addElement(new Script() ec.addElement(new Script()
.setSrc("javascript/clientSideValidation.js")); .setSrc("javascript/clientSideValidation.js"));
ec.addElement(new HR().setWidth("90%")); ec.addElement(new HR().setWidth("90%"));
ec.addElement(new Center().addElement(new H1() ec.addElement(new Center().addElement(new H1()
@ -106,7 +106,7 @@ public class ClientSideValidation extends SequentialLessonAdapter {
ec.addElement(new BR()); ec.addElement(new BR());
ec.addElement(new HR().setWidth("90%")); ec.addElement(new HR().setWidth("90%"));
} catch (Exception e) { } catch (Exception e) {
s.setMessage("Error generating " + this.getClass().getName()); s.setMessage("Error generating " + this.getClass().getName());
@ -186,7 +186,7 @@ public class ClientSideValidation extends SequentialLessonAdapter {
tr = new TR(); tr = new TR();
tr.addElement(new TD() tr.addElement(new TD()
.addElement("Total to be charged to your credit card:")); .addElement("Total to be charged to your credit card:"));
tr.addElement(new TD() tr.addElement(new TD()
.addElement( .addElement(
new Input(Input.TEXT, "GRANDTOT", s.getParser() new Input(Input.TEXT, "GRANDTOT", s.getParser()
@ -257,7 +257,7 @@ public class ClientSideValidation extends SequentialLessonAdapter {
.addElement(new TD() .addElement(new TD()
.addElement("Studio RTA - Laptop/Reading Cart with Tilting Surface - Cherry ")); .addElement("Studio RTA - Laptop/Reading Cart with Tilting Surface - Cherry "));
tr.addElement(new TD().addElement( tr.addElement(new TD().addElement(
new Input(Input.TEXT, "PRC1", s.getParser().getStringParameter( new Input(Input.TEXT, "PRC1", s.getParser().getStringParameter(
"PRC1", "69.99")).setSize(10).setReadOnly(true)).setAlign("right")); "PRC1", "69.99")).setSize(10).setReadOnly(true)).setAlign("right"));
@ -300,7 +300,7 @@ public class ClientSideValidation extends SequentialLessonAdapter {
.addElement(new TD() .addElement(new TD()
.addElement("Hewlett-Packard - Pavilion Notebook with Intel® Centrino™")); .addElement("Hewlett-Packard - Pavilion Notebook with Intel® Centrino™"));
tr.addElement(new TD().addElement( tr.addElement(new TD().addElement(
new Input(Input.TEXT, "PRC3", s.getParser().getStringParameter( new Input(Input.TEXT, "PRC3", s.getParser().getStringParameter(
"PRC3", "1599.99")).setSize(10).setReadOnly(true)) "PRC3", "1599.99")).setSize(10).setReadOnly(true))
@ -313,7 +313,7 @@ public class ClientSideValidation extends SequentialLessonAdapter {
input.setSize(10); input.setSize(10);
tr.addElement(new TD().addElement(input).setAlign("right")); tr.addElement(new TD().addElement(input).setAlign("right"));
tr.addElement(new TD().addElement( tr.addElement(new TD().addElement(
new Input(Input.TEXT, "TOT3", s.getParser().getStringParameter( new Input(Input.TEXT, "TOT3", s.getParser().getStringParameter(
"TOT3", "0")).setSize(10).setReadOnly(true)).setAlign("right")); "TOT3", "0")).setSize(10).setReadOnly(true)).setAlign("right"));
@ -324,7 +324,7 @@ public class ClientSideValidation extends SequentialLessonAdapter {
.addElement(new TD() .addElement(new TD()
.addElement("3 - Year Performance Service Plan $1000 and Over ")); .addElement("3 - Year Performance Service Plan $1000 and Over "));
tr tr
.addElement(new TD().addElement( .addElement(new TD().addElement(
new Input(Input.TEXT, "PRC4", s.getParser() new Input(Input.TEXT, "PRC4", s.getParser()
@ -338,7 +338,7 @@ public class ClientSideValidation extends SequentialLessonAdapter {
input.setSize(10); input.setSize(10);
tr.addElement(new TD().addElement(input).setAlign("right")); tr.addElement(new TD().addElement(input).setAlign("right"));
tr.addElement(new TD().addElement( tr.addElement(new TD().addElement(
new Input(Input.TEXT, "TOT4", s.getParser().getStringParameter( new Input(Input.TEXT, "TOT4", s.getParser().getStringParameter(
"TOT4", "0")).setSize(10).setReadOnly(true)).setAlign("right")); "TOT4", "0")).setSize(10).setReadOnly(true)).setAlign("right"));
@ -354,39 +354,39 @@ public class ClientSideValidation extends SequentialLessonAdapter {
/** /**
* Gets the hints attribute of the AccessControlScreen object * Gets the hints attribute of the AccessControlScreen object
* *
* @return The hints value * @return The hints value
*/ */
public List<String> getHints(WebSession s) public List<String> getHints(WebSession s)
{ {
List<String> hints = new ArrayList<String>(); List<String> hints = new ArrayList<String>();
hints.add("Use Firebug to examine the JavaScript."); hints.add("Use Firebug to examine the JavaScript.");
hints.add("Using Firebug, you can add breakpoints in the JavaScript."); hints.add("Using Firebug, you can add breakpoints in the JavaScript.");
hints.add("Use Firebug to find the array or encrypted coupon codes, and " + hints.add("Use Firebug to find the array of encrypted coupon codes, and " +
"step through the JavaScript to see the decrypted values."); "step through the JavaScript to see the decrypted values.");
hints.add("You can use Firebug to inspect (and modify) the HTML."); hints.add("You can use Firebug to inspect (and modify) the HTML.");
hints.add("Use Firebug to remove the 'readonly' attribute from the input next to " + hints.add("Use Firebug to remove the 'readonly' attribute from the input next to " +
"'The total charged to your credit card:' and set the value to 0."); "'The total charged to your credit card:' and set the value to 0.");
return hints; return hints;
} }
/** /**
* Gets the instructions attribute of the WeakAccessControl object * Gets the instructions attribute of the WeakAccessControl object
* *
* @return The instructions value * @return The instructions value
*/ */
public String getInstructions(WebSession s) { public String getInstructions(WebSession s) {
@ -394,7 +394,7 @@ public class ClientSideValidation extends SequentialLessonAdapter {
if (getLessonTracker(s).getStage() == 1) { if (getLessonTracker(s).getStage() == 1) {
instructions = "STAGE 1:\tFor this exercise, your mission is to discover a coupon code to receive an unintended discount."; instructions = "STAGE 1:\tFor this exercise, your mission is to discover a coupon code to receive an unintended discount.";
} }
else if (getLessonTracker(s).getStage() == 2) { else if (getLessonTracker(s).getStage() == 2) {
instructions = "STAGE 2:\tNow, try to get your entire order for free."; instructions = "STAGE 2:\tNow, try to get your entire order for free.";
} }
@ -409,13 +409,13 @@ public class ClientSideValidation extends SequentialLessonAdapter {
/** /**
* Gets the title attribute of the AccessControlScreen object * Gets the title attribute of the AccessControlScreen object
* *
* @return The title value * @return The title value
*/ */
public String getTitle() { public String getTitle() {
return "Insecure Client Storage"; return "Insecure Client Storage";
} }
public Element getCredits() public Element getCredits()
{ {
return super.getCustomCredits("", ASPECT_LOGO); return super.getCustomCredits("", ASPECT_LOGO);

60
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DOMXSS.java
View File

@ -19,9 +19,9 @@ import org.apache.ecs.html.Script;
import org.owasp.webgoat.session.*; import org.owasp.webgoat.session.*;
public class DOMXSS extends SequentialLessonAdapter { public class DOMXSS extends SequentialLessonAdapter {
public final static A ASPECT_LOGO = new A().setHref("http://www.aspectsecurity.com").addElement(new IMG("images/logos/aspect.jpg").setAlt("Aspect Security").setBorder(0).setHspace(0).setVspace(0)); public final static A ASPECT_LOGO = new A().setHref("http://www.aspectsecurity.com").addElement(new IMG("images/logos/aspect.jpg").setAlt("Aspect Security").setBorder(0).setHspace(0).setVspace(0));
private final static String PERSON = "person"; private final static String PERSON = "person";
@ -93,25 +93,25 @@ public class DOMXSS extends SequentialLessonAdapter {
return (ec); return (ec);
} }
protected Element doStage5(WebSession s) throws Exception { protected Element doStage5(WebSession s) throws Exception {
ElementContainer ec = new ElementContainer(); ElementContainer ec = new ElementContainer();
ec.addElement(mainContent(s)); ec.addElement(mainContent(s));
/** /**
* They pass iff: * They pass iff:
* *
* 1. If the DOMXSS.js file contains the lines "escapeHTML(name)" * 1. If the DOMXSS.js file contains the lines "escapeHTML(name)"
*/ */
String file = s.getWebResource("javascript/DOMXSS.js"); String file = s.getWebResource("javascript/DOMXSS.js");
String content = getFileContent(file); String content = getFileContent(file);
if(content.indexOf("escapeHTML(name)") != -1) if(content.indexOf("escapeHTML(name)") != -1)
{ {
makeSuccess(s); makeSuccess(s);
} }
return ec; return ec;
} }
@ -154,29 +154,29 @@ public class DOMXSS extends SequentialLessonAdapter {
*/ */
public List<String> getHints(WebSession s) { public List<String> getHints(WebSession s) {
List<String> hints = new ArrayList<String>(); List<String> hints = new ArrayList<String>();
hints.add("Try entering the following: " + "&lt;IMG SRC=\"images/logos/owasp.jpg\"/&gt;"); hints.add("Try entering the following: " + "&lt;IMG SRC=\"images/logos/owasp.jpg\"/&gt;");
hints.add("Try entering the following: " + "&lt;img src=x onerror=;;alert('XSS') /&gt;"); hints.add("Try entering the following: " + "&lt;img src=x onerror=;;alert('XSS') /&gt;");
hints.add("Try entering the following: " + "&lt;IFRAME SRC=\"javascript:alert('XSS');\"&gt;&lt;/IFRAME&gt;"); hints.add("Try entering the following: " + "&lt;IFRAME SRC=\"javascript:alert('XSS');\"&gt;&lt;/IFRAME&gt;");
hints.add("Try entering the following: " + "Please enter your password:&lt;BR&gt;&lt;input type = \"password\" name=\"pass\"/&gt;&lt;button " + hints.add("Try entering the following: " + "Please enter your password:&lt;BR&gt;&lt;input type = \"password\" name=\"pass\"/&gt;&lt;button " +
"onClick=\"javascript:alert('I have your password: ' + pass.value);\"&gt;Submit&lt;/button&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;"); "onClick=\"javascript:alert('I have your password: ' + pass.value);\"&gt;Submit&lt;/button&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;");
//Attack Strings: //Attack Strings:
//<IMG SRC="images/logos/owasp.jpg"/> //<IMG SRC="images/logos/owasp.jpg"/>
//<img src=x onerror=;;alert('XSS') /> //<img src=x onerror=;;alert('XSS') />
//<IFRAME SRC="javascript:alert('XSS');"></IFRAME> //<IFRAME SRC="javascript:alert('XSS');"></IFRAME>
//Please enter your password:<BR><input type = "password" name="pass"/><button onClick="javascript:alert('I have your password: ' + pass.value);">Submit</button><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR> //Please enter your password:<BR><input type = "password" name="pass"/><button onClick="javascript:alert('I have your password: ' + pass.value);">Submit</button><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR>
return hints; return hints;
} }
@ -203,16 +203,16 @@ public class DOMXSS extends SequentialLessonAdapter {
public String getTitle() { public String getTitle() {
return ("LAB: DOM-Based cross-site scripting"); return ("LAB: DOM-Based cross-site scripting");
} }
public String getInstructions(WebSession s) { public String getInstructions(WebSession s) {
String instructions = ""; String instructions = "";
if (getLessonTracker(s).getStage() == 1) { if (getLessonTracker(s).getStage() == 1) {
instructions = "STAGE 1:\tFor this exercise, your mission is to deface this website using the image at the following location: <a href = '/WebGoat/images/logos/owasp.jpg'>OWASP IMAGE</a>"; instructions = "STAGE 1:\tFor this exercise, your mission is to deface this website using the image at the following location: <a href = '/WebGoat/images/logos/owasp.jpg'>OWASP IMAGE</a>";
} else if (getLessonTracker(s).getStage() == 2) { } else if (getLessonTracker(s).getStage() == 2) {
instructions = "STAGE 2:\tNow, try to create a JavaScript alert up using the image tag"; instructions = "STAGE 2:\tNow, try to create a JavaScript alert using the image tag";
} else if (getLessonTracker(s).getStage() == 3) { } else if (getLessonTracker(s).getStage() == 3) {
instructions = "STAGE 3:\tNext, try to create a JavaScript alert up using the IFRAME tag."; instructions = "STAGE 3:\tNext, try to create a JavaScript alert using the IFRAME tag.";
} else if (getLessonTracker(s).getStage() == 4) { } else if (getLessonTracker(s).getStage() == 4) {
instructions = "STAGE 4:\tUse the following to create a fake login form:<br><br>" + "Please enter your password:&lt;BR&gt;&lt;input type = \"password\" name=\"pass\"/&gt;&lt;button " + instructions = "STAGE 4:\tUse the following to create a fake login form:<br><br>" + "Please enter your password:&lt;BR&gt;&lt;input type = \"password\" name=\"pass\"/&gt;&lt;button " +
"onClick=\"javascript:alert('I have your password: ' + pass.value);\"&gt;Submit&lt;/button&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;"; "onClick=\"javascript:alert('I have your password: ' + pass.value);\"&gt;Submit&lt;/button&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;";
@ -221,17 +221,17 @@ public class DOMXSS extends SequentialLessonAdapter {
} }
return (instructions); return (instructions);
} }
private String getFileContent(String content) private String getFileContent(String content)
{ {
BufferedReader is = null; BufferedReader is = null;
StringBuffer sb = new StringBuffer(); StringBuffer sb = new StringBuffer();
try try
{ {
is = new BufferedReader(new FileReader(new File(content))); is = new BufferedReader(new FileReader(new File(content)));
String s = null; String s = null;
while((s = is.readLine()) != null) while((s = is.readLine()) != null)
{ {
sb.append(s); sb.append(s);
@ -251,14 +251,14 @@ public class DOMXSS extends SequentialLessonAdapter {
} }
catch (IOException ioe) catch (IOException ioe)
{ {
} }
} }
} }
return sb.toString(); return sb.toString();
} }
public Element getCredits() public Element getCredits()
{ {
return super.getCustomCredits("", ASPECT_LOGO); return super.getCustomCredits("", ASPECT_LOGO);