diff --git a/ webgoat/main/build.xml b/ webgoat/main/build.xml
index 9223b59dc..b6b9a7b30 100644
--- a/ webgoat/main/build.xml
+++ b/ webgoat/main/build.xml
@@ -56,9 +56,10 @@
-
+
+
@@ -84,7 +85,9 @@
+
+
@@ -189,6 +192,13 @@
+
+
+
+
+
+
@@ -221,7 +231,14 @@
+ includes="doc/, java/, tomcat/, webgoat.bat, webgoat_8080.bat, readme.txt"/>
+
+
+
+
+
+
@@ -232,7 +249,7 @@
@@ -257,7 +274,7 @@
-
+
@@ -266,25 +283,22 @@
-
+ includes="eclipse/, java/, project/, tomcat/, webscarab/, eclipse.bat, webgoat.bat, webgoat_8080.bat, webscarab.bat"
+ excludes="project/.*, project/.settings/**, project/dist/**, project/owasp_distributions/**, project/bin/**, project/build/**"/>
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
diff --git a/ webgoat/main/project/WebContent/WEB-INF/web.xml b/ webgoat/main/project/WebContent/WEB-INF/web.xml
index da78355ce..e3595d6f5 100644
--- a/ webgoat/main/project/WebContent/WEB-INF/web.xml
+++ b/ webgoat/main/project/WebContent/WEB-INF/web.xml
@@ -138,7 +138,7 @@
example, replace "<" with "<" and ">" with ">". -->
FeedbackAddress
- <A HREF=mailto:webgoat@g2-inc.com>webgoat@g2-inc.com</A>
+ <A HREF=mailto:WebGoat@g2-inc.com>WebGoat@g2-inc.com</A>
diff --git a/ webgoat/main/project/WebContent/WEB-INF/webgoat.properties b/ webgoat/main/project/WebContent/WEB-INF/webgoat.properties
index e69de29bb..985d9dda0 100644
--- a/ webgoat/main/project/WebContent/WEB-INF/webgoat.properties
+++ b/ webgoat/main/project/WebContent/WEB-INF/webgoat.properties
@@ -0,0 +1 @@
+#lesson.BufferOverflow.hidden=true
diff --git a/ webgoat/main/project/build.xml b/ webgoat/main/project/build.xml
index 86a5b4866..d7ab1033a 100644
--- a/ webgoat/main/project/build.xml
+++ b/ webgoat/main/project/build.xml
@@ -74,7 +74,7 @@
-
+
@@ -259,10 +259,10 @@
-
-
+
+
-
+
diff --git a/ webgoat/main/project/doc/WebGoatv4UsersGuide_DRAFT.doc b/ webgoat/main/project/doc/WebGoat_Users_Guide.doc
similarity index 100%
rename from webgoat/main/project/doc/WebGoatv4UsersGuide_DRAFT.doc
rename to webgoat/main/project/doc/WebGoat_Users_Guide.doc
diff --git a/ webgoat/main/readme.txt b/ webgoat/main/readme.txt
index b6efe0e33..e5a8f851c 100644
--- a/ webgoat/main/readme.txt
+++ b/ webgoat/main/readme.txt
@@ -1,5 +1,13 @@
-WebGoat 4.0
-05.23.2006
+********** WebGoat 5.0
+********** 01.17.2007
+**********
+**
+** Source Code: http://code.google.com/p/webgoat
+** User Guide: http://www.owasp.org/index.php/WebGoat_User_and_Install_Guide_Table_of_Contents
+** Home Page: http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project
+** Contact Info: webgoat@g2-inc.com
+**
+**********
Thank you for downloading WebGoat!
@@ -25,31 +33,22 @@ http://www.owasp.org
CREDITS (Latest release)
- Laurence Casey (http://www.aspectsecurity.com)
- Bruce Mayhew (http://www.aspectsecurity.com)
- Jeremy Ferragamo (http://www.aspectsecurity.com)
- Alex Smolen (http://www.parasoft.com)
+ Bruce Mayhew (http://www.g2-inc.com)
+ Sherif Koussa (http://www.macadamian.com)
Rogan Dawes (http://dawes.za.net/rogan)
- Chuck Willis (http://www.securityfoundry.com)
-
+ Carlo Pelliccioni
The many people who have sent comments and suggestions...
WHAT'S NEW
- * Runs on Linux and OSX 10.4
- * WebGoat is now current in CVS. (http://cvs.sourceforge.net/viewcvs.py/owasp/webgoat/)
- * Improved ant build process and added Unix support
- * Infrastructure changes to support multi-stage lessons
- * Eclipse development release
- * Minor screen improvements
-
- * Web services lessons
- * Blind SQL lesson
- * Weak session identifier lesson
- * Split SQL lesson into numeric and string SQL lessons
- * Added parameterized query stage to SQL lessons
- * Additional stage for basic authentication lesson
- * Summary report card for multi-user environment
+ * WebGoat is now current at Google code. (http://code.google.com/p/webgoat)
+ * HTTP Splitting
+ * Cross-Site Request Forgery
+ * XPATH Injection
+ * AJAX Security
+ * Log Spoofing
+ * Cache Poisoning
+ * Back Doors via SQL Injection
INSTALLATION
diff --git a/ webgoat/main/webgoat.sh b/ webgoat/main/webgoat.sh
index 9850952d7..25f26ea17 100644
--- a/ webgoat/main/webgoat.sh
+++ b/ webgoat/main/webgoat.sh
@@ -1,60 +1,60 @@
-#!/bin/sh
-
-SYSTEM=`uname -s`
-CATALINA_HOME=./tomcat
-PATH=${PATH}:./tomcat/bin
-export CATALINA_HOME PATH
-
-chmod +x ./$CATALINA_HOME/bin/*.sh
-if [ $SYSTEM = "Darwin" ]; then
- JAVA_HOME=/System/Library/Frameworks/JavaVM.framework/Versions/1.5/Home
- export JAVA_HOME
-
-else
-
-is_java_1dot5() {
- if [ "X$JAVA_HOME" != "X" -a -d $JAVA_HOME ]; then
- $JAVA_HOME/bin/java -version 2>&1 | grep 'version \"1.5' >/dev/null
- if [ $? -ne 0 ]; then
- echo "The JVM in \$JAVA_HOME isn't version 1.5."
- exit 1
- fi
- else
- echo "Please set JAVA_HOME to a Java 1.5 JDK install"
- exit 1
- fi
-}
-
-is_java_1dot5
-
-fi
-
-case "$1" in
- start80)
- cp -f $CATALINA_HOME/conf/server_80.xml $CATALINA_HOME/conf/server.xml
- $CATALINA_HOME/bin/startup.sh
- printf "\n Open http://127.0.0.1/WebGoat/attack"
- printf "\n Username: guest"
- printf "\n Password: guest"
- printf "\n Or try http://guest:guest@127.0.0.1/WebGoat/attack \n\n\r"
- sleep 2
- tail -f $CATALINA_HOME/logs/catalina.out
- ;;
- start8080)
- cp -f $CATALINA_HOME/conf/server_8080.xml $CATALINA_HOME/conf/server.xml
- $CATALINA_HOME/bin/startup.sh
- printf "\n Open http://127.0.0.1:8080/WebGoat/attack"
- printf "\n Username: guest"
- printf "\n Password: guest"
- printf "\n Or try http://guest:guest@127.0.0.1:8080/WebGoat/attack \n\n\r"
- sleep 2
- tail -f $CATALINA_HOME/logs/catalina.out
- ;;
- stop)
- $CATALINA_HOME/bin/shutdown.sh
- ;;
- *)
- echo $"Usage: $prog {start8080|start80|stop}"
- exit 1
- ;;
-esac
+#! /bin/sh
+
+SYSTEM=`uname -s`
+CATALINA_HOME=./tomcat
+PATH=${PATH}:./tomcat/bin
+export CATALINA_HOME PATH
+
+chmod +x ./$CATALINA_HOME/bin/*.sh
+if [ $SYSTEM = "Darwin" ]; then
+ JAVA_HOME=/System/Library/Frameworks/JavaVM.framework/Versions/1.5/Home
+ export JAVA_HOME
+
+else
+
+is_java_1dot5() {
+ if [ "X$JAVA_HOME" != "X" -a -d $JAVA_HOME ]; then
+ $JAVA_HOME/bin/java -version 2>&1 | grep 'version \"1.5' >/dev/null
+ if [ $? -ne 0 ]; then
+ echo "The JVM in \$JAVA_HOME isn't version 1.5."
+ exit 1
+ fi
+ else
+ echo "Please set JAVA_HOME to a Java 1.5 JDK install"
+ exit 1
+ fi
+}
+
+is_java_1dot5
+
+fi
+
+case "$1" in
+ start80)
+ cp -f $CATALINA_HOME/conf/server_80.xml $CATALINA_HOME/conf/server.xml
+ $CATALINA_HOME/bin/startup.sh
+ printf "\n Open http://127.0.0.1/WebGoat/attack"
+ printf "\n Username: guest"
+ printf "\n Password: guest"
+ printf "\n Or try http://guest:guest@127.0.0.1/WebGoat/attack \n\n\r"
+ sleep 2
+ tail -f $CATALINA_HOME/logs/catalina.out
+ ;;
+ start8080)
+ cp -f $CATALINA_HOME/conf/server_8080.xml $CATALINA_HOME/conf/server.xml
+ $CATALINA_HOME/bin/startup.sh
+ printf "\n Open http://127.0.0.1:8080/WebGoat/attack"
+ printf "\n Username: guest"
+ printf "\n Password: guest"
+ printf "\n Or try http://guest:guest@127.0.0.1:8080/WebGoat/attack \n\n\r"
+ sleep 2
+ tail -f $CATALINA_HOME/logs/catalina.out
+ ;;
+ stop)
+ $CATALINA_HOME/bin/shutdown.sh
+ ;;
+ *)
+ echo $"Usage: $prog {start8080|start80|stop}"
+ exit 1
+ ;;
+esac