renamed main->src regarding to Maven conventions

git-svn-id: http://webgoat.googlecode.com/svn/trunk@394 4033779f-a91e-0410-96ef-6bf7bf53c507

webgoat/src/main/webapp/META-INF/MANIFEST.MF

@@ -0,0 +1 @@
+Manifest-Version: 1.0

webgoat/src/main/webapp/WEB-INF/lib/dependencies.txt

@@ -0,0 +1,112 @@
+  <dependencies>
+  	<dependency>
+  		<groupId>javax.activation</groupId>
+  		<artifactId>activation</artifactId>
+  		<version>1.1</version>
+  	</dependency>
+  	<dependency>
+  		<groupId>axis</groupId>
+  		<artifactId>axis</artifactId>
+  		<version>1.2</version>
+  	</dependency>
+  	<dependency>
+  		<groupId>axis</groupId>
+  		<artifactId>axis-saaj</artifactId>
+  		<version>1.2</version>
+  	</dependency>
+  	<dependency>
+  		<groupId>axis</groupId>
+  		<artifactId>axis-jaxrpc</artifactId>
+  		<version>1.2</version>
+  	</dependency>
+  	<dependency>
+  		<groupId>axis</groupId>
+  		<artifactId>axis-ant</artifactId>
+  		<version>1.2</version>
+  	</dependency>
+  	<dependency>
+  		<groupId>commons-collections</groupId>
+  		<artifactId>commons-collections</artifactId>
+  		<version>3.1</version>
+  	</dependency>
+  	<dependency>
+  		<groupId>commons-digester</groupId>
+  		<artifactId>commons-digester</artifactId>
+  		<version>1.4.1</version>
+  	</dependency>
+  	<dependency>
+  		<groupId>commons-logging</groupId>
+  		<artifactId>commons-logging</artifactId>
+  		<version>1.0.4</version>
+  	</dependency>
+  	<dependency>
+  		<groupId>commons-discovery</groupId>
+  		<artifactId>commons-discovery</artifactId>
+  		<version>0.2</version>
+  	</dependency>
+  	<dependency>
+  		<groupId>com.sun.mail</groupId>
+  		<artifactId>smtp</artifactId>
+  		<version>1.4.2</version>
+  	</dependency>
+  	<dependency>
+  		<groupId>com.sun.mail</groupId>
+  		<artifactId>pop3</artifactId>
+  		<version>1.4.2</version>
+  	</dependency>
+  	<dependency>
+  		<groupId>com.sun.mail</groupId>
+  		<artifactId>imap</artifactId>
+  		<version>1.4.2</version>
+  	</dependency>
+  	<dependency>
+  		<groupId>com.sun.mail</groupId>
+  		<artifactId>dsn</artifactId>
+  		<version>1.4.2</version>
+  	</dependency>
+  	<dependency>
+  		<groupId>javax.mail</groupId>
+  		<artifactId>mail</artifactId>
+  		<version>1.4.2</version>
+  	</dependency>
+  	<dependency>
+  		<groupId>javax.mail</groupId>
+  		<artifactId>mailapi</artifactId>
+  		<version>1.4.2</version>
+  	</dependency>
+  	<dependency>
+  		<groupId>hsqldb</groupId>
+  		<artifactId>hsqldb</artifactId>
+  		<version>1.8.0.7</version>
+  	</dependency>
+  	<dependency>
+  		<groupId>log4j</groupId>
+  		<artifactId>log4j</artifactId>
+  		<version>1.2.8</version>
+  	</dependency>
+  	<dependency>
+  		<groupId>wsdl4j</groupId>
+  		<artifactId>wsdl4j</artifactId>
+  		<version>1.5.1</version>
+  	</dependency>
+  	<dependency>
+  		<groupId>java2html</groupId>
+  		<artifactId>j2h</artifactId>
+  		<version>1.3.1</version>
+  	</dependency>
+  	<dependency>
+  		<groupId>ecs</groupId>
+  		<artifactId>ecs</artifactId>
+  		<version>1.4.2</version>
+  	</dependency>
+  	<dependency>
+  		<groupId>javax.transaction</groupId>
+  		<artifactId>jta</artifactId>
+  		<version>1.0.1B</version>
+  	</dependency>
+  	<dependency>
+  		<groupId>net.sourceforge.jtds</groupId>
+  		<artifactId>jtds</artifactId>
+  		<version>1.2.2</version>
+  	</dependency>
+  </dependencies>

webgoat/src/main/webapp/WEB-INF/server-config.wsdd

@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<deployment xmlns="http://xml.apache.org/axis/wsdd/" xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
+ <globalConfiguration>
+  <parameter name="sendMultiRefs" value="true"/>
+  <parameter name="disablePrettyXML" value="true"/>
+  <parameter name="adminPassword" value="admin"/>
+<!--
+  <parameter name="attachments.Directory" value="C:\webgoat\tomcat\webapps\WebGoat\WEB-INF\attachments"/>
+-->
+  <parameter name="dotNetSoapEncFix" value="true"/>
+  <parameter name="enableNamespacePrefixOptimization" value="true"/>
+  <parameter name="sendXMLDeclaration" value="true"/>
+<!--
+  <parameter name="attachments.implementation" value="org.apache.axis.attachments.AttachmentsImpl"/>
+-->
+  <parameter name="sendXsiTypes" value="true"/>
+  <requestFlow>
+   <handler type="java:org.apache.axis.handlers.JWSHandler">
+    <parameter name="scope" value="session"/>
+   </handler>
+   <handler type="java:org.apache.axis.handlers.JWSHandler">
+    <parameter name="scope" value="request"/>
+    <parameter name="extension" value=".jwr"/>
+   </handler>
+  </requestFlow>
+ </globalConfiguration>
+ <handler name="LocalResponder" type="java:org.apache.axis.transport.local.LocalResponder"/>
+ <handler name="URLMapper" type="java:org.apache.axis.handlers.http.URLMapper"/>
+ <handler name="Authenticate" type="java:org.apache.axis.handlers.SimpleAuthenticationHandler"/>
+ <service name="WSDLScanning" provider="java:RPC">
+  <parameter name="allowedMethods" value="getFirstName, getLastName, getCreditCard, getLoginCount"/>
+  <parameter name="className" value="org.owasp.webgoat.lessons.WSDLScanning"/>
+ </service>
+ <service name="SoapRequest" provider="java:RPC">
+  <parameter name="allowedMethods" value="getFirstName, getLastName, getCreditCard, getLoginCount"/>
+  <parameter name="className" value="org.owasp.webgoat.lessons.SoapRequest"/>
+ </service>
+ <service name="AdminService" provider="java:MSG">
+  <parameter name="allowedMethods" value="AdminService"/>
+  <parameter name="enableRemoteAdmin" value="false"/>
+  <parameter name="className" value="org.apache.axis.utils.Admin"/>
+  <namespace>http://xml.apache.org/axis/wsdd/</namespace>
+ </service>
+ <service name="Version" provider="java:RPC">
+  <parameter name="allowedMethods" value="getVersion"/>
+  <parameter name="className" value="org.apache.axis.Version"/>
+ </service>
+ <service name="WsSqlInjection" provider="java:RPC">
+  <parameter name="allowedMethods" value="getCreditCard"/>
+  <parameter name="className" value="org.owasp.webgoat.lessons.WsSqlInjection"/>
+ </service>
+ <transport name="http">
+  <requestFlow>
+   <handler type="URLMapper"/>
+   <handler type="java:org.apache.axis.handlers.http.HTTPAuthHandler"/>
+  </requestFlow>
+  <parameter name="qs:list" value="org.apache.axis.transport.http.QSListHandler"/>
+  <parameter name="qs:wsdl" value="org.apache.axis.transport.http.QSWSDLHandler"/>
+  <parameter name="qs.list" value="org.apache.axis.transport.http.QSListHandler"/>
+  <parameter name="qs.method" value="org.apache.axis.transport.http.QSMethodHandler"/>
+  <parameter name="qs:method" value="org.apache.axis.transport.http.QSMethodHandler"/>
+  <parameter name="qs.wsdl" value="org.apache.axis.transport.http.QSWSDLHandler"/>
+ </transport>
+ <transport name="local">
+  <responseFlow>
+   <handler type="LocalResponder"/>
+  </responseFlow>
+ </transport>
+</deployment>

webgoat/src/main/webapp/WEB-INF/web.xml

@@ -0,0 +1,353 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE web-app 
+    PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" 
+    "http://java.sun.com/dtd/web-app_2_3.dtd">
+
+<web-app>
+
+    <!-- General description of your web application -->
+    <display-name>WebGoat</display-name>
+    <description>
+      This web application is designed to demonstrate web
+      application security flaws for the purpose of educating
+      developers and security professionals about web
+      application security problems. Please contact Bruce Mayhew 
+      (webgoat@owasp.org) if you have any questions.
+    </description>
+
+
+
+   <!-- Context initialization parameters that define shared
+         String constants used within your application, which
+         can be customized by the system administrator who is
+         installing your application.  The values actually
+         assigned to these parameters can be retrieved in a
+         servlet or JSP page by calling:
+
+             String value =
+               getServletContext().getInitParameter("name");
+
+         where "name" matches the <param-name> element of
+         one of these initialization parameters.
+
+         You can define any number of context initialization
+         parameters, including zero.
+    -->
+
+    <context-param>
+      <param-name>email</param-name>
+      <param-value>WebGoat@owasp.org</param-value>
+      <description>
+        The EMAIL address of the administrator to whom questions
+        and comments about this application should be addressed.
+      </description>
+    </context-param>
+
+    <!-- Servlet definitions for the servlets that make up
+         your web application, including initialization
+         parameters.  With Tomcat, you can also send requests
+         to servlets not listed here with a request like this:
+
+           http://localhost:8080/{context-path}/servlet/{classname}
+
+         but this usage is not guaranteed to be portable.  It also
+         makes relative references to images and other resources
+         required by your servlet more complicated, so defining
+         all of your servlets (and defining a mapping to them with
+         a servlet-mapping element) is recommended.
+
+         Servlet initialization parameters can be retrieved in a
+         servlet or JSP page by calling:
+
+            String value =
+               getServletConfig().getInitParameter("name");
+
+         where "name" matches the <param-name> element of
+         one of these initialization parameters.
+
+         You can define any number of servlets, including zero.
+    -->
+
+    <servlet>
+      <servlet-name>AxisServlet</servlet-name>
+      <display-name>Apache-Axis Servlet</display-name>
+      <servlet-class>
+          org.apache.axis.transport.http.AxisServlet
+      </servlet-class>
+    </servlet>
+ 
+    <servlet>
+      <servlet-name>AdminServlet</servlet-name>
+      <display-name>Axis Admin Servlet</display-name>
+      <servlet-class>
+          org.apache.axis.transport.http.AdminServlet
+      </servlet-class>
+      <load-on-startup>100</load-on-startup>
+    </servlet>
+
+    <servlet>
+      <servlet-name>SOAPMonitorService</servlet-name>
+      <display-name>SOAPMonitorService</display-name>
+      <servlet-class>
+          org.apache.axis.monitor.SOAPMonitorService
+      </servlet-class>
+      <init-param>
+        <param-name>SOAPMonitorPort</param-name>
+        <param-value>5001</param-value>
+      </init-param>
+      <load-on-startup>100</load-on-startup>
+    </servlet>
+ 
+    <servlet>
+      <servlet-name>WebGoat</servlet-name>
+      <description>
+        This servlet plays the "controller" role in the MVC architecture
+        used in this application.
+
+        The initialization parameter namess for this servlet are the
+        "servlet path" that will be received by this servlet (after the
+        filename extension is removed).  The corresponding value is the
+        name of the action class that will be used to process this request.
+      </description>
+      <servlet-class>org.owasp.webgoat.HammerHead</servlet-class>
+
+ 	  <init-param>
+      		<param-name>email</param-name>
+      		<param-value>WebGoat@owasp.org</param-value>
+      		<description>
+        		The EMAIL address of the administrator to whom questions
+        		and comments about this application should be addressed.
+      		</description>
+      </init-param>
+      
+	  <init-param>
+            <param-name>debug</param-name>
+            <param-value>false</param-value>
+      </init-param>
+
+      <init-param>
+            <param-name>CookieDebug</param-name>
+            <param-value>true</param-value>
+      </init-param>
+
+      <init-param>
+            <param-name>DefuseOSCommands</param-name>
+            <param-value>false</param-value>
+      </init-param>
+      
+      <init-param>
+            <param-name>Enterprise</param-name>
+            <param-value>true</param-value>
+      </init-param>
+      
+      <init-param>
+            <param-name>CodingExercises</param-name>
+            <param-value>true</param-value>
+      </init-param>
+      
+      <init-param>
+      		<!-- Specify an address where you would like comments to be sent.  -->
+      		<!-- This can be any URL or HTML tags, and will appear on the report card and lesson incomplete pages -->
+      		<!-- Use iso8859-1 encoding to represent special characters that might confuse XML parser. For 
+      			 example, replace "<" with "&lt;" and ">" with "&gt;". -->
+            <param-name>FeedbackAddress</param-name>
+            <param-value>
+				&lt;A HREF=mailto:webgoat@owasp.org&gt;webgoat@owasp.org&lt;/A&gt;
+            </param-value>
+      </init-param>
+      
+      <init-param>
+            <param-name>DatabaseDriver</param-name>
+            <param-value>
+		    	org.hsqldb.jdbcDriver
+            </param-value>
+      </init-param>
+
+      <init-param>
+            <param-name>DatabaseConnectionString</param-name>
+            <!-- 
+            The string "${USER}" in the connection string will be replaced by the active username
+            when making a connection.
+             -->
+            <param-value>
+				jdbc:hsqldb:mem:${USER}
+		    </param-value>
+      </init-param>
+
+      <!-- Load this servlet at server startup time -->
+
+      <load-on-startup>5</load-on-startup>
+
+    </servlet>
+
+
+    <servlet>
+      <servlet-name>LessonSource</servlet-name>
+      <description>
+        This servlet returns the Java source of the current lesson. 
+      </description>
+      <servlet-class>org.owasp.webgoat.LessonSource</servlet-class>
+    </servlet>
+
+    <servlet>
+      <servlet-name>Catcher</servlet-name>
+      <description>
+        This servlet catches any posts and marks the appropriate lesson property. 
+      </description>
+      <servlet-class>org.owasp.webgoat.Catcher</servlet-class>
+    </servlet>
+
+    <servlet>
+	 <servlet-name>conf</servlet-name>
+	 <jsp-file>/lessons/ConfManagement/config.jsp</jsp-file>
+    </servlet>
+    <!-- Define mappings that are used by the servlet container to
+         translate a particular request URI (context-relative) to a
+         particular servlet.  The examples below correspond to the
+         servlet descriptions above.  Thus, a request URI like:
+
+           http://localhost:8080/{contextpath}/graph
+
+         will be mapped to the "graph" servlet, while a request like:
+
+           http://localhost:8080/{contextpath}/saveCustomer.do
+
+         will be mapped to the "controller" servlet.
+
+         You may define any number of servlet mappings, including zero.
+         It is also legal to define more than one mapping for the same
+         servlet, if you wish to.
+    -->
+
+
+    <servlet-mapping>
+      <servlet-name>AxisServlet</servlet-name>
+      <url-pattern>/servlet/AxisServlet</url-pattern>
+    </servlet-mapping>
+ 
+    <servlet-mapping>
+      <servlet-name>AxisServlet</servlet-name>
+      <url-pattern>*.jws</url-pattern>
+    </servlet-mapping>
+ 
+    <servlet-mapping>
+      <servlet-name>AxisServlet</servlet-name>
+      <url-pattern>/services/*</url-pattern>
+    </servlet-mapping>
+ 
+    <servlet-mapping>
+      <servlet-name>SOAPMonitorService</servlet-name>
+      <url-pattern>/SOAPMonitor</url-pattern>
+    </servlet-mapping>
+ 
+    <!-- uncomment this if you want the admin servlet -->
+    <!--
+    <servlet-mapping>
+      <servlet-name>AdminServlet</servlet-name>
+      <url-pattern>/servlet/AdminServlet</url-pattern>
+    </servlet-mapping>
+     -->
+
+    <servlet-mapping>
+      <servlet-name>WebGoat</servlet-name>
+      <url-pattern>/attack</url-pattern>
+    </servlet-mapping>
+    
+    <servlet-mapping>
+      <servlet-name>LessonSource</servlet-name>
+      <url-pattern>/source</url-pattern>
+    </servlet-mapping>
+
+    <servlet-mapping>
+      <servlet-name>Catcher</servlet-name>
+      <url-pattern>/catcher</url-pattern>
+    </servlet-mapping>
+
+    <servlet-mapping>
+      <servlet-name>conf</servlet-name>
+      <url-pattern>/conf</url-pattern>
+    </servlet-mapping>
+
+    <!-- Define the default session timeout for your application,
+         in minutes.  From a servlet or JSP page, you can modify
+         the timeout for a particular session dynamically by using
+         HttpSession.getMaxInactiveInterval(). -->
+
+    <session-config>
+    	<!-- 2 days -->
+        <session-timeout>2880</session-timeout>
+    </session-config>
+
+    <mime-mapping>
+        <extension>wmv</extension>
+        <mime-type>video/x-ms-wmv</mime-type>
+    </mime-mapping>
+
+	<!-- Define reference to the user database for looking up roles -->
+	<resource-env-ref>
+	    <description>
+	      Link to the UserDatabase instance from which we request lists of
+	      defined role names.  Typically, this will be connected to the global
+	      user database with a ResourceLink element in server.xml or the context
+	      configuration file for the Manager web application.
+	    </description>
+	    <resource-env-ref-name>users</resource-env-ref-name>
+	    <resource-env-ref-type>
+	      org.apache.catalina.UserDatabase
+	    </resource-env-ref-type>
+	</resource-env-ref>
+	
+
+	<!-- Define a Security Constraint on this Application -->
+	<security-constraint>
+	    <web-resource-collection>
+	      <web-resource-name>WebGoat Application</web-resource-name>
+	      <url-pattern>/*</url-pattern>
+	    </web-resource-collection>
+	    <auth-constraint>
+	       <role-name>webgoat_user</role-name>
+	       <role-name>webgoat_admin</role-name>
+	       <role-name>webgoat_challenge</role-name>
+	    </auth-constraint>
+	</security-constraint>
+	
+	<security-constraint>
+	    <web-resource-collection>
+	      <web-resource-name>WebGoat Application Source</web-resource-name>
+	      <url-pattern>/JavaSource/*</url-pattern>
+	    </web-resource-collection>
+	    <auth-constraint>
+	       <role-name>server_admin</role-name>
+	    </auth-constraint>
+	</security-constraint>
+	
+	
+	<!-- Login configuration uses BASIC authentication -->
+	<login-config>
+	    <auth-method>BASIC</auth-method>
+	    <realm-name>WebGoat Application</realm-name>
+	</login-config>
+	
+	<!-- Security roles referenced by this web application -->
+	<security-role>
+	    <description>The role that is required to administrate WebGoat</description>
+	    <role-name>webgoat_admin</role-name>
+	</security-role>
+	
+	<security-role>
+	    <description>The role that is required to start the challenge log viewer</description>
+	    <role-name>webgoat_challenge</role-name>
+	</security-role>
+
+	<security-role>
+	    <description>The role that is required to use WebGoat</description>
+	    <role-name>webgoat_user</role-name>
+	</security-role>
+
+	<security-role>
+	    <description>This role is for admins only</description>
+	    <role-name>server_admin</role-name>
+	</security-role>
+
+</web-app>
+

webgoat/src/main/webapp/WEB-INF/webgoat-class.properties

@@ -0,0 +1,60 @@
+category.General.ranking=11
+lesson.HttpBasics.ranking=10
+lesson.HttpSplitting.ranking=20
+lesson.ThreadSafetyProblem.ranking=30
+
+category.Broken\ Authentication\ and\ Session\ Management.ranking=21
+lesson.BasicAuthentication.ranking=10
+lesson.WeakAuthenticationCookie.ranking=20
+
+category.Broken\ Access\ Control.ranking=31
+lesson.AccessControlMatrix.ranking=10
+lesson.PathBasedAccessControl.ranking=20
+lesson.RoleBasedAccessControl.hidden=true
+
+category.Cross-Site\ Scripting\ (XSS).ranking=41
+lesson.StoredXss.ranking=10
+lesson.ReflectedXSS.ranking=20
+lesson.CSRF.ranking=30
+lesson.CsrfPromptByPass.ranking=40
+lesson.CsrfTokenByPass.ranking=50
+lesson.CrossSiteScripting.hidden=true
+
+category.Unvalidated\ Parameters.ranking=51
+lesson.HiddenFieldTampering.ranking=10
+lesson.JavaScriptValidation.ranking=20
+lesson.UncheckedEmail.ranking=30
+
+category.Insecure\ Storage.ranking=61
+lesson.Encoding.ranking=10
+
+category.Injection\ Flaws.ranking=71
+lesson.SqlNumericInjection.ranking=10
+lesson.SqlStringInjection.ranking=20
+lesson.CommandInjection.ranking=30
+lesson.LogSpoofing.ranking=40
+lesson.SQLInjection.hidden=true
+
+category.Improper\ Error\ Handling.ranking=81
+lesson.FailOpenAuthentication.ranking=10
+
+category.Code\ Quality.ranking=91
+lesson.HtmlClues.ranking=10
+
+category.Web\ Services.category.ranking=101
+lesson.SoapRequest.ranking=10
+lesson.WSDLScanning.ranking=20
+lesson.WsSqlInjection.ranking=30
+
+category.New\ Lesson.category.ranking=111
+lesson.HowToAddNewLesson.ranking=10
+
+lesson.WeakSessionID.hidden=true
+lesson.BufferOverflow.hidden=true
+lesson.BlindSqlInjection.hidden=true
+lesson.DOS_Login.hidden=true
+lesson.ForcedBrowsing.hidden=true
+lesson.ForgotPassword.hidden=true
+lesson.ParameterInjection.hidden=true
+lesson.RemoteAdminFlaw.hidden=true
+lesson.ChallengeScreen.hidden=true

webgoat/src/main/webapp/WEB-INF/webgoat-lab.properties

@@ -0,0 +1,57 @@
+category.General.ranking=11
+lesson.HttpBasics.ranking=10
+lesson.HttpSplitting.ranking=20
+lesson.ThreadSafetyProblem.ranking=30
+
+category.Broken\ Authentication\ and\ Session\ Management.ranking=21
+lesson.BasicAuthentication.ranking=10
+lesson.WeakAuthenticationCookie.ranking=20
+
+category.Broken\ Access\ Control.ranking=31
+lesson.AccessControlMatrix.ranking=10
+lesson.PathBasedAccessControl.ranking=20
+
+category.Cross-Site\ Scripting\ (XSS).ranking=41
+lesson.StoredXss.ranking=10
+lesson.ReflectedXSS.ranking=20
+lesson.CSRF.ranking=30
+lesson.CsrfPromptByPass.ranking=40
+lesson.CsrfTokenByPass.ranking=50
+
+category.Unvalidated\ Parameters.ranking=51
+lesson.HiddenFieldTampering.ranking=10
+lesson.JavaScriptValidation.ranking=20
+lesson.UncheckedEmail.ranking=30
+
+category.Insecure\ Storage.ranking=61
+lesson.Encoding.ranking=10
+
+category.Injection\ Flaws.ranking=71
+lesson.SqlNumericInjection.ranking=10
+lesson.SqlStringInjection.ranking=20
+lesson.CommandInjection.ranking=30
+lesson.LogSpoofing.ranking=40
+
+category.Improper\ Error\ Handling.ranking=81
+lesson.FailOpenAuthentication.ranking=10
+
+category.Code\ Quality.ranking=91
+lesson.HtmlClues.ranking=10
+
+category.Web\ Services.category.ranking=101
+lesson.SoapRequest.ranking=10
+lesson.WSDLScanning.ranking=20
+lesson.WsSqlInjection.ranking=30
+
+category.New\ Lesson.category.ranking=111
+lesson.HowToAddNewLesson.ranking=10
+
+lesson.WeakSessionID.hidden=true
+lesson.BufferOverflow.hidden=true
+lesson.BlindSqlInjection.hidden=true
+lesson.DOS_Login.hidden=true
+lesson.ForcedBrowsing.hidden=true
+lesson.ForgotPassword.hidden=true
+lesson.ParameterInjection.hidden=true
+lesson.RemoteAdminFlaw.hidden=true
+lesson.ChallengeScreen.hidden=true

webgoat/src/main/webapp/WEB-INF/webgoat-owasp.properties

@@ -0,0 +1 @@
+#lesson.BufferOverflow.hidden=true

webgoat/src/main/webapp/WEB-INF/webgoat.properties

@@ -0,0 +1 @@
+#lesson.BufferOverflow.hidden=true

webgoat/src/main/webapp/WEB-INF/webgoat_oracle.sql

@@ -0,0 +1,132 @@
+DROP USER webgoat_guest CASCADE;
+CREATE USER webgoat_guest IDENTIFIED BY webgoat DEFAULT TABLESPACE users;
+GRANT CONNECT, RESOURCE TO webgoat_guest;
+GRANT CREATE PROCEDURE TO webgoat_guest;
+
+CREATE TABLE WEBGOAT_guest.EMPLOYEE (
+    userid INT NOT NULL PRIMARY KEY,
+    first_name VARCHAR(20),
+    last_name VARCHAR(20),
+    ssn VARCHAR(12),
+    password VARCHAR(10),
+    title VARCHAR(20),
+    phone VARCHAR(13),
+    address1 VARCHAR(80),
+    address2 VARCHAR(80),
+    manager INT,
+    start_date CHAR(8),
+    salary INT,
+    ccn VARCHAR(30),
+    ccn_limit INT,
+    disciplined_date CHAR(8),
+    disciplined_notes VARCHAR(60),
+    personal_description VARCHAR(60)
+);
+
+
+CREATE OR REPLACE FUNCTION WEBGOAT_guest.EMPLOYEE_LOGIN(v_id NUMBER, v_password VARCHAR) RETURN NUMBER AS
+    stmt VARCHAR(32767);cnt NUMBER;
+BEGIN
+    stmt  := 'SELECT COUNT (*) FROM EMPLOYEE WHERE USERID = ' || v_id || ' AND PASSWORD = ''' || v_password || '''';
+    EXECUTE IMMEDIATE stmt INTO cnt;
+    RETURN cnt;
+END;
+/
+
+CREATE OR REPLACE FUNCTION WEBGOAT_guest.EMPLOYEE_LOGIN_BACKUP(v_id NUMBER, v_password VARCHAR) RETURN NUMBER AS
+    stmt VARCHAR(32767);cnt NUMBER;
+BEGIN
+    stmt  := 'SELECT COUNT (*) FROM EMPLOYEE WHERE USERID = ' || v_id || ' AND PASSWORD = ''' || v_password || '''';
+    EXECUTE IMMEDIATE stmt INTO cnt;
+    RETURN cnt;
+END;
+/
+
+CREATE OR REPLACE PROCEDURE WEBGOAT_guest.UPDATE_EMPLOYEE(
+    v_userid IN employee.userid%type, 
+    v_first_name IN employee.first_name%type, 
+    v_last_name IN employee.last_name%type, 
+    v_ssn IN employee.ssn%type, 
+    v_title IN employee.title%type, 
+    v_phone IN employee.phone%type, 
+    v_address1 IN employee.address1%type, 
+    v_address2 IN employee.address2%type, 
+    v_manager IN employee.manager%type, 
+    v_start_date IN employee.start_date%type, 
+    v_salary IN employee.salary%type, 
+    v_ccn IN employee.ccn%type, 
+    v_ccn_limit IN employee.ccn_limit%type, 
+    v_disciplined_date IN employee.disciplined_date%type, 
+    v_disciplined_notes IN employee.disciplined_notes%type, 
+    v_personal_description IN employee.personal_description%type
+)
+AS 
+BEGIN
+    UPDATE EMPLOYEE
+    SET
+        first_name = v_first_name, 
+        last_name = v_last_name, 
+        ssn = v_ssn, 
+        title = v_title, 
+        phone = v_phone, 
+        address1 = v_address1, 
+        address2 = v_address2, 
+        manager = v_manager, 
+        start_date = v_Start_date,
+        salary = v_salary, 
+        ccn = v_ccn, 
+        ccn_limit = v_ccn_limit, 
+        disciplined_date = v_disciplined_date, 
+        disciplined_notes = v_disciplined_notes, 
+        personal_description = v_personal_description
+    WHERE
+        userid = v_userid;
+END;
+/
+
+CREATE OR REPLACE PROCEDURE WEBGOAT_guest.UPDATE_EMPLOYEE_BACKUP(
+    v_userid IN employee.userid%type, 
+    v_first_name IN employee.first_name%type, 
+    v_last_name IN employee.last_name%type, 
+    v_ssn IN employee.ssn%type, 
+    v_title IN employee.title%type, 
+    v_phone IN employee.phone%type, 
+    v_address1 IN employee.address1%type, 
+    v_address2 IN employee.address2%type, 
+    v_manager IN employee.manager%type, 
+    v_start_date IN employee.start_date%type, 
+    v_salary IN employee.salary%type, 
+    v_ccn IN employee.ccn%type, 
+    v_ccn_limit IN employee.ccn_limit%type, 
+    v_disciplined_date IN employee.disciplined_date%type, 
+    v_disciplined_notes IN employee.disciplined_notes%type, 
+    v_personal_description IN employee.personal_description%type
+)
+AS 
+BEGIN
+    UPDATE EMPLOYEE
+    SET
+        first_name = v_first_name, 
+        last_name = v_last_name, 
+        ssn = v_ssn, 
+        title = v_title, 
+        phone = v_phone, 
+        address1 = v_address1, 
+        address2 = v_address2, 
+        manager = v_manager, 
+        start_date = v_Start_date,
+        salary = v_salary, 
+        ccn = v_ccn, 
+        ccn_limit = v_ccn_limit, 
+        disciplined_date = v_disciplined_date, 
+        disciplined_notes = v_disciplined_notes, 
+        personal_description = v_personal_description
+    WHERE
+        userid = v_userid;
+END;
+/
+
+
+exit;
+
+

webgoat/src/main/webapp/WEB-INF/webgoat_sqlserver.sql

@@ -0,0 +1,226 @@
+EXEC sp_configure 'clr enabled', 1
+GO
+
+RECONFIGURE
+GO
+
+USE master;
+
+go
+
+DROP LOGIN webgoat_guest;
+
+go
+
+DROP database webgoat;
+
+go
+
+
+CREATE database webgoat;
+
+go
+
+USE webgoat;
+
+go
+
+CREATE SCHEMA webgoat_guest;
+
+go
+
+CREATE LOGIN webgoat_guest with password = '_webgoat';
+
+go
+
+CREATE USER webgoat_guest with default_schema = webgoat_guest;
+
+go
+
+GRANT CONTROL TO webgoat_guest;
+
+go
+
+
+CREATE TABLE WEBGOAT_guest.EMPLOYEE (
+    userid INT NOT NULL PRIMARY KEY,
+    first_name VARCHAR(20),
+    last_name VARCHAR(20),
+    ssn VARCHAR(12),
+    password VARCHAR(10),
+    title VARCHAR(20),
+    phone VARCHAR(13),
+    address1 VARCHAR(80),
+    address2 VARCHAR(80),
+    manager INT,
+    start_date CHAR(8),
+    salary INT,
+    ccn VARCHAR(30),
+    ccn_limit INT,
+    disciplined_date CHAR(8),
+    disciplined_notes VARCHAR(60),
+    personal_description VARCHAR(60)
+);
+
+go
+
+IF EXISTS
+(
+	SELECT	1
+	FROM	INFORMATION_SCHEMA.ROUTINES
+	WHERE		ROUTINE_NAME 	= 'UPDATE_EMPLOYEE'
+		AND	ROUTINE_SCHEMA	= 'webgoat_guest'
+		AND	ROUTINE_TYPE	= 'PROCEDURE'
+)
+BEGIN
+	DROP PROCEDURE webgoat_guest.UPDATE_EMPLOYEE
+	DROP PROCEDURE webgoat_guest.UPDATE_EMPLOYEE_BACKUP
+END
+GO
+
+CREATE PROCEDURE webgoat_guest.UPDATE_EMPLOYEE
+    @v_userid INT,
+    @v_first_name VARCHAR(20),
+    @v_last_name VARCHAR(20),
+    @v_ssn VARCHAR(12),
+    @v_title VARCHAR(20),
+    @v_phone VARCHAR(13),
+    @v_address1 VARCHAR(80),
+    @v_address2 VARCHAR(80),
+    @v_manager INT,
+    @v_start_date CHAR(8),
+    @v_salary INT,
+    @v_ccn VARCHAR(30),
+    @v_ccn_limit INT,
+    @v_disciplined_date CHAR(8),
+    @v_disciplined_notes VARCHAR(60),
+    @v_personal_description VARCHAR(60)
+AS
+    UPDATE EMPLOYEE
+    SET
+        first_name = @v_first_name, 
+        last_name = @v_last_name, 
+        ssn = @v_ssn, 
+        title = @v_title, 
+        phone = @v_phone, 
+        address1 = @v_address1, 
+        address2 = @v_address2, 
+        manager = @v_manager, 
+        start_date = @v_Start_date,
+        salary = @v_salary, 
+        ccn = @v_ccn, 
+        ccn_limit = @v_ccn_limit, 
+        disciplined_date = @v_disciplined_date, 
+        disciplined_notes = @v_disciplined_notes, 
+        personal_description = @v_personal_description
+    WHERE
+        userid = @v_userid;
+
+go
+
+CREATE PROCEDURE webgoat_guest.UPDATE_EMPLOYEE_BACKUP
+    @v_userid INT,
+    @v_first_name VARCHAR(20),
+    @v_last_name VARCHAR(20),
+    @v_ssn VARCHAR(12),
+    @v_title VARCHAR(20),
+    @v_phone VARCHAR(13),
+    @v_address1 VARCHAR(80),
+    @v_address2 VARCHAR(80),
+    @v_manager INT,
+    @v_start_date CHAR(8),
+    @v_salary INT,
+    @v_ccn VARCHAR(30),
+    @v_ccn_limit INT,
+    @v_disciplined_date CHAR(8),
+    @v_disciplined_notes VARCHAR(60),
+    @v_personal_description VARCHAR(60)
+AS
+    UPDATE EMPLOYEE
+    SET
+        first_name = @v_first_name, 
+        last_name = @v_last_name, 
+        ssn = @v_ssn, 
+        title = @v_title, 
+        phone = @v_phone, 
+        address1 = @v_address1, 
+        address2 = @v_address2, 
+        manager = @v_manager, 
+        start_date = @v_Start_date,
+        salary = @v_salary, 
+        ccn = @v_ccn, 
+        ccn_limit = @v_ccn_limit, 
+        disciplined_date = @v_disciplined_date, 
+        disciplined_notes = @v_disciplined_notes, 
+        personal_description = @v_personal_description
+    WHERE
+        userid = @v_userid;
+
+go
+
+IF EXISTS
+(
+	SELECT	1
+	FROM	INFORMATION_SCHEMA.ROUTINES
+	WHERE		ROUTINE_NAME 	= 'EMPLOYEE_LOGIN'
+		AND	ROUTINE_SCHEMA	= 'webgoat_guest'
+		AND	ROUTINE_TYPE	= 'FUNCTION'
+)
+BEGIN
+	DROP FUNCTION webgoat_guest.EMPLOYEE_LOGIN
+	DROP FUNCTION webgoat_guest.EMPLOYEE_LOGIN_BACKUP
+END
+GO
+
+CREATE FUNCTION webgoat_guest.EMPLOYEE_LOGIN (
+    @v_id INT,
+    @v_password VARCHAR(100)
+) RETURNS INTEGER
+AS
+    BEGIN
+        DECLARE @sql nvarchar(4000), @count int
+        SELECT @sql = N'SELECT @cnt = COUNT(*) FROM EMPLOYEE WHERE USERID = ' + convert(varchar(10),@v_id) + N' AND PASSWORD = ''' + @v_password + N'''';
+        EXEC sp_executesql @sql, N'@cnt int OUTPUT', @cnt = @count OUTPUT
+        return @count
+    END
+GO
+
+CREATE FUNCTION webgoat_guest.EMPLOYEE_LOGIN_BACKUP (
+    @v_id INT,
+    @v_password VARCHAR(100)
+) RETURNS INTEGER
+AS
+    BEGIN
+        DECLARE @sql nvarchar(4000), @count int
+        SELECT @sql = N'SELECT @cnt = COUNT(*) FROM EMPLOYEE WHERE USERID = ' + convert(varchar(10),@v_id) + N' AND PASSWORD = ''' + @v_password + N'''';
+        EXEC sp_executesql @sql, N'@cnt int OUTPUT', @cnt = @count OUTPUT
+        return @count
+    END
+GO
+
+IF EXISTS
+(
+	SELECT	1
+	FROM	INFORMATION_SCHEMA.ROUTINES
+	WHERE		ROUTINE_NAME 	= 'RegexMatch'
+		AND	ROUTINE_SCHEMA	= 'webgoat_guest'
+		AND	ROUTINE_TYPE	= 'FUNCTION'
+)
+BEGIN
+	DROP FUNCTION webgoat_guest.RegexMatch
+END
+GO
+
+IF EXISTS (SELECT name FROM sys.assemblies WHERE name = N'RegexMatch') 
+	DROP ASSEMBLY RegexMatch;
+GO
+
+CREATE ASSEMBLY RegexMatch FROM 'C:\AspectClass\Database\Labs\tomcat\webapps\WebGoat\WEB-INF\RegexMatch.dll' WITH PERMISSION_SET = SAFE;
+GO
+
+CREATE FUNCTION webgoat_guest.RegexMatch (
+@input NVARCHAR(MAX),
+@pattern NVARCHAR(MAX)
+) RETURNS BIT
+AS EXTERNAL NAME  RegexMatch.[UserDefinedFunctions].RegexMatch;
+GO

webgoat/src/main/webapp/css/layers.css

@@ -0,0 +1,2 @@
+#lessonTitle {position:absolute;left:94px;top:75px;width:690px;height:22px;z-index:1;float: right;font-size: 20px;color: #FFFFFF;}
+#hMenuBar {position:absolute;left:245px;top:108px;width:538px;height:22px;z-index:2;}

webgoat/src/main/webapp/css/lesson.css

@@ -0,0 +1,11 @@
+body.page {color: #000000;font-family: Verdana, Tahoma, sans-serif;font-size: 8pt;}
+td {font-family: Verdana, Tahoma, sans-serif;font-size: 8pt; }
+tr {font-family: Verdana, Tahoma, sans-serif;}
+span {font-family: Verdana, Tahoma, sans-serif;}
+.f8-0 {font-size: 8pt;font-family: Verdana, Tahoma, sans-serif;}
+.f8-1 {font-size: 8pt;font-family: Verdana, Tahoma, sans-serif;}
+.div_tree {padding-left:10px;overflow:visible;}
+.report_tree_link {width:100%;font-size: 8pt;font-family: Verdana, Tahoma, sans-serif;margin-left:2px;padding-right:2px;margin-top:2px;border-spacing:0px;}
+.form_link {font-size: 8pt;font-family: Verdana, Tahoma, sans-serif;font-weight: bold;}
+.report_title {font-size: 8pt;font-family: Verdana, Tahoma, sans-serif;border: 1px solid #afafaf;background-color: #cfcfef;margin-top:3px;margin-bottom:3px;margin-left:1px;padding:3px;font-weight: bold;}
+.middle {vertical-align:middle;}

webgoat/src/main/webapp/css/menu.css

@@ -0,0 +1,11 @@
+.pviimenudiv td {font-family: "Trebuchet MS", Arial, sans-serif; font-size: 10px}
+.pviimenudiv p {font-family: "Trebuchet MS", Arial, sans-serif; font-size: 10px; margin-top: 12px; margin-bottom: 6px}
+.pviimenudiv b {font-family: Verdana, Arial, Helvetica, sans-serif; font-style: normal; color: #666666}
+.pviimenudiv a:link {color: #333333; text-decoration: underline}
+.pviimenudiv a:visited {color: #0066FF; text-decoration: underline}
+.pviimenudiv a:hover {color: red; text-decoration: underline}
+.pviimenudiv a:active {color: #0066FF; text-decoration: underline}
+.pviimenudivstage a:link {color: #333333; font-size: 9px; display: block; margin-left: 2em; }
+.pviimenudivstage a:visited {color: #0066FF; font-size: 9px;  display: block; margin-left: 2em; }
+.pviimenudivstage a:hover {color: red; font-size: 9px;  display: block; margin-left: 2em; }
+.pviimenudivstage a:active {color: #0066FF; font-size: 9px;  display: block; margin-left: 2em; }

webgoat/src/main/webapp/css/webgoat.css

@@ -0,0 +1,289 @@
+body{ 
+	min-width: 800px;
+	font-family: Arial,sans-serif;
+	color: #333333;
+	line-height: 1.166;	
+	margin: 0px;
+	padding: 0px;
+}
+
+a:link, a:visited, a:hover {
+	color: #666666;
+	text-decoration: none;
+}
+
+a:hover {
+	text-decoration: underline;
+	color: red;
+}
+
+h1, h2, h3, h4, h5, h6 {
+	font-family: Arial,sans-serif;
+	margin: 0px;
+	padding: 0px;
+}
+
+h1{
+	font-family: Verdana,Arial,sans-serif;
+	font-size: 120%;
+	color: #333333;
+}
+
+h2{
+	font-size: 114%;
+	color: #333333;
+}
+
+h3{
+	font-size: 100%;
+	color: #334d55;
+}
+
+h4{
+	font-size: 100%;
+	font-weight: normal;
+	color: #333333;
+}
+
+h5{
+	font-size: 100%;
+	color: #334d55;
+}
+
+ul{
+	list-style-type: square;
+}
+
+ul ul{
+	list-style-type: disc;
+}
+
+ul ul ul{
+	list-style-type: none;
+}
+
+#navBar{
+	margin: 0 79% 0 0;
+	padding: 0px;
+	background-color: #999999;
+}
+
+#twoCol{
+	margin: 0;
+	padding-left: 13px;
+}
+
+#siteName{
+	margin: 0px;
+	padding: 0px 0px 10px 10px;
+}
+
+#lessonName{
+	padding: 5px 0px 10px 10px;
+}
+
+#globalNav{
+	color: #cccccc;
+	padding: 0px 10px;
+	white-space: nowrap;
+}
+
+#globalNav img{
+	display: block;
+}
+
+#globalNav a {
+	font-size: 10px;
+	padding: 0px 4px 0px 0px; 
+}
+
+.lessonContent{
+	padding: 10px 10px 10px 10px; 
+	font-size: 10px;
+}
+
+.lessonText h3{
+	padding: 30px 0px 5px 0px;
+	text-align: center;
+}
+
+.lessonText img{
+	float: left;
+	padding: 0px 10px 0px 0px;
+	margin: 0 5px 5px 0;
+}
+
+#bottom{
+	color: #999999;
+	clear: both;
+	font-size: 10px;
+	padding-top: 5px;
+}
+
+#navBar ul a:link, #navBar ul a:visited {}
+
+#navBar ul {
+	list-style: none; 
+	margin: 0; 
+	padding: 0;
+}
+
+/* hack to fix IE/Win's broken rendering of block-level anchors in lists */
+#navBar li {}
+
+/* fix for browsers that don't need the hack */
+html>body #navBar li {}
+
+#top{
+	height:136px;
+	background-image: url(../images/header/header.jpg);
+	width: 800px;
+}
+
+#top_challenge{
+	height:136px;
+	width: 800px;
+}
+
+#topLinks{
+	position: relative;
+	margin: 0px;
+	padding: 0px;
+	font-size: small;
+}
+
+#topLinks h3{
+	padding: 10px 0px 2px 10px;
+}
+
+#topLinks a:link{
+	padding: 2px 0px 2px 10px;
+	width: 100%;voice-family: "\"}\""; 
+	voice-family:inherit;
+	width: auto;
+}
+
+#topLinks a:visited{
+	border-top: 1px solid #cccccc;
+	padding: 2px 0px 2px 10px;
+}
+
+#topLinks a:hover{
+	background-color: #FFFFFF;
+	padding: 5px 2px 2px 10px;
+}
+
+#menuSpacer {
+	float: left;
+	width: 225px;
+}
+
+#lessonArea {
+	float: right;
+	width: 540px;
+	height: 100%;
+	padding: 10px;
+}
+
+#wrap {
+	width: 800px;
+	word-wrap:break-word; /* Fixes IE wrapping issue */
+}
+
+#topRight {
+	position:absolute;
+	left:485px;
+	top:0px;
+	width:320px;
+	height:23px;
+	z-index:3;
+	float: right;
+}
+
+#topRightInner {
+	position:absolute;
+	left:450px;
+	top:10px;
+	width:300px;
+	height:23px;
+	z-index:4;
+	float: right;
+}
+
+.info {
+	color: red; 
+	font-weight: bold;
+}
+
+#reset {
+	text-align: right;
+	font-weight: bold;
+	float: right;
+	display: inline;
+	margin-bottom: 10px;
+}
+
+#training {
+	text-align: left;
+	font-weight: bold;
+	display: inline;
+	float: left;
+	margin-bottom: 10px;
+	
+}
+
+#training_wrap {
+	width: 540px;
+}
+
+#hint{}
+#parameter{}
+#cookie{}
+#message{
+	margin-bottom: 20px;
+	margin-top: 10px;
+}
+
+#lessonPlans {
+	border: 1px solid #000000;
+	background-color: #FFFFFF;
+	margin: 15px;
+	padding: 25px;
+	padding-bottom: 75px;
+}
+
+#credits {
+	float: right;
+}
+
+#start {
+	height: 390px;
+	width: 700px;
+	padding: 10px 50px 10px 50px;
+	font-size: 15px;
+}
+#warning {
+	border: 1px solid #666666;
+	padding: 10px;
+	font-size: 10px;
+	color: #FF3300;
+	width: 600px;
+	margin-left: 100px;
+	margin-right: 100px;
+}
+#team {
+	width: 580px;
+	margin-right: 50px;
+	margin-left: 50px;
+	padding-top: 5px;
+	padding-right: 10px;
+	padding-bottom: 5px;
+	padding-left: 10px;
+}
+.style1 {
+	font-size: 11px;
+	font-weight: bold;
+}
+.style2 {
+	font-size: 10px;
+}

webgoat/src/main/webapp/css/webgoat_challenge.css

@@ -0,0 +1,45 @@
+#bottom_ch{
+	color: #999999;
+	clear: both;
+	font-size: 10px;
+	padding-top: 5px;
+}
+
+#top_ch{
+	width: 500px;
+	height:136px;
+	background-image: url(../images/header/header.jpg);
+}
+
+#wrap_ch {
+	width: 500px;
+}
+
+#credits_ch {
+	float: right;
+}
+
+#start_ch {
+	height: 350px;
+	width: 500px;
+	padding: 10px 10px 10px 10px;
+	font-size: 15px;
+}
+#warning_ch {
+	border: 1px solid #666666;
+	padding: 10px;
+	font-size: 10px;
+	color: #FF3300;
+	width: 450px;
+	margin-left: 5px;
+	margin-right: 5px;
+}
+#team_ch {
+}
+.style1_ch {
+	font-size: 11px;
+	font-weight: bold;
+}
+.style2_ch {
+	font-size: 10px;
+}

webgoat/src/main/webapp/database/database.prp

@@ -0,0 +1,365 @@
+!---------------------------------------------------------------------
+!
+! BASIC PROPERTIES
+!
+!---------------------------------------------------------------------
+
+!
+! Path where index tables are held. Can be absolute or relative 
+! to the properties file. Defaults to tablePath.
+!
+indexPath=./indexes
+!
+! Path where system tables are held. Can be absolute or relative to 
+! the properties file. Defaults to tablePath.
+!
+systemPath=./system
+!
+! Path where database tables are held. Can be absolute or relative 
+! to the properties file. Defaults to "current" directory.
+!
+tablePath=./tables
+!
+! Path where results set tables are held. Can be absolute or relative 
+! to the properties file. Defaults to tablePath.
+!
+tmpPath=./tmp
+!
+! Non-zero means paths are relative to the properties file. 
+! Default is absolute paths for files.
+!
+relativeToProperties=1
+!
+! Alternative partitions can be defined so that tables can be placed
+! in multiple locations. Each partition is numbered: 1, 2, 3,... Tables
+! can be created on partitions using the syntax 
+!
+!   CREATE TABLE <name> ON PARTITION <number>...
+!
+! The partition count has to be supplied.
+!
+!partitionCount=2
+!
+! The locations of each partition must be supplied. These are always
+! absolute path names.
+!
+!partition1=d:/petes
+!partition2=c:/temp
+
+
+!---------------------------------------------------------------------
+!
+! TUNING PROPERTIES
+!
+!---------------------------------------------------------------------
+
+!
+! The amount of each column to cache, expressed either as an absolute 
+! number of rows or as a percentage figure. Defaults to 256 or 10 respectively.
+!
+! This value applies only when tables are first created. It has no effect
+! when a table is being re-opened.
+!
+cacheAmount=512
+!
+! CACHE_ROWS Must be one of CACHE_ROWS or CACHE_PERCENT. Determines whether 
+! to cache columns in tables based on an absolute number of rows, or the 
+! percentage number of rows in the table. 
+!
+! This value applies only when tables are first created. It has no effect
+! when a table is being re-opened.
+!
+cacheCondition=CACHE_ROWS
+!
+! The amount of the system tables to be cached. Defaults to 100.
+!
+! This value applies only when tables are first created. It has no effect
+! when a table is being re-opened.
+!
+!systemCacheSize=10
+!
+! Similar to cacheCondition, but applies only to the system tables.
+!
+! This value applies only when tables are first created. It has no effect
+! when a table is being re-opened.
+!
+!systemCacheCondition=CACHE_ROWS
+!
+! The percentage cache hit improvement required in order to move the 
+! cache to a new location in a column. 
+!
+! (Currently not implemented).
+!
+cacheResetPercent=10
+!
+! Non-zero means that database changes do not get written to the 
+! database immediately. See tuning.html. 
+!
+fastUpdate=0
+!
+! Percentage of free space in an index that must be present before 
+! the index reorganises itself. High values means frequent index
+! reorganisation. Low values means slow index inserts.
+!
+indexLoad=5
+!
+! The number of cache misses to include in calculations of the next 
+! base for the cache. 
+!
+! (Currently not implemented).
+!
+missesInCacheStats=100
+!
+! Non-zero means that results sets get instantiated on disk. By default
+! InstantDB holds results sets emtirely in memory (apart from Binary
+! columns). For large results sets this can be a problem. This property
+! forces all results sets to be held on disk.
+!
+resultsOnDisk=0
+!
+! Similar to cacheCondition but applies only to disk based
+! results sets. Default is CACHE_ROWS.
+!
+resultsSetCache=CACHE_ROWS
+!
+! Similar to cacheAmount but applies only to disk based
+! results sets. Default is 100.
+!
+resultsSetCacheAmount=100
+!
+! Number of rows to read into the disk read ahead buffer. 
+! Recommended to be set somewhere around 128 to 256. 
+! Default is 20.
+!
+rowCacheSize=128
+!
+! The read ahead buffer is effective at speeding up full
+! table scans. However for indexed lookups or multiple
+! simultaneous scans it is better to read a single row at
+! a time. Each table holds a small number of single row
+! buffers to improve such operations. Default is 8.
+!
+!singleRowCount=4
+!
+! Sometimes the look ahead buffer can be held by a single
+! thread even though it is not retrieveing many values from it.
+! If too many lookups retrieve data from the single row
+! buffers then it is better to flush the look ahead buffer and
+! make it available for re-use. Default is 128.
+!
+!flushAfterCacheMisses=64
+!
+! Number of rows to read ahead for system tables. By default
+! system tables cache everything, so it is wasteful to have large
+! read ahead buffers since they will very rarely be used. This
+! allows the size of the system read ahead buffers to be reduced
+! if necessary. Defaults to rowCacheSize.
+!
+!systemRows=20
+!
+! The control column in all tables normally has a large cache
+! since this speeds up all operation on that table. This can be
+! varied to either improve performance or to reduce space.
+! default is 8192.
+!
+! This value applies only when tables are first created. It has no effect
+! when a table is being re-opened.
+!
+!controlColCacheSize=512
+!
+! By default, InstantDB only does a cursory search for deleted rows during 
+! UPDATE statements. Setting searchDeletes=1 causes more detailed searches 
+! for deleted rows. This slows down UPDATE executions, but reults in more 
+! compact tables.  Default is 0.
+!
+searchDeletes=0
+!
+! The interval, in milliseconds, between checks for statement execution
+! timeouts. Default is 5000.
+!
+!timerCheck=5000
+!
+! The number of statements between checks on available memory. If set
+! to 100 (say), then every 100 statements, InstantDB will check to
+! see how much memory is still free. If too little is avilable (see
+! below) then java.lang.System.gc() is called.
+!
+! If set to zero (the default) then no memory checking takes place.
+!
+!garbageCollectStatements=100
+!
+! If InstantDB is performing period memory checks (see above) then
+! this is the value in percent of available memory that must be
+! used before System.gc() gets called.
+!
+!garbageCollectPercent=70
+
+!---------------------------------------------------------------------
+!
+! LOGGING AND DEBUGGING PROPERTIES
+!
+!---------------------------------------------------------------------
+
+!
+! Non-zero means include SQL statements in the export file. 
+!
+exportSQL=0
+!
+! Non-zero means trace output also directed to console. 
+! Defaults to 0.
+!
+traceConsole=1
+!
+! Relative or absolute path where exporting and tracing goes.
+!
+! NOTE - A relative path is relative to the current Java
+! runtime directory. It is *not* relative to this properties
+! file. This is regardless of the relativeToProperties
+! setting above.
+!
+traceFile=./trace.log
+!
+! Bitmap of various items that can be traced. See debug.html. 
+! Defaults to 0.
+!
+traceLevel=2
+
+!---------------------------------------------------------------------
+!
+! TRANSACTION AND RECOVERY PROPERTIES
+!
+!---------------------------------------------------------------------
+
+!
+! 0 means do not perform recovery on startup.
+! 1 means perform automatic recovery
+! 2 (default) means prompt the user using standard in 
+!
+recoveryPolicy=1
+!
+! Sets the level of transaction journalling. See trans.html.
+! Defaults to 1.
+!
+! 0 - No journalling takes place.
+! 1 - Normal journalling (default).
+! 2 - Full journalling.
+!
+transLevel=1
+!
+! When doing an import, defines the number of rows imported 
+! before the transaction is committed. Recommended value 8192.
+! defaults to 100.
+!
+transImports=100
+!
+! Sets the default transaction isolation level. This is a complex
+! topic, but basically, the higher the level, the more locking
+! goes on. The allowed values are:
+!
+!   TRANSACTION_READ_UNCOMMITTED = 1
+!   TRANSACTION_READ_COMMITTED   = 2
+!   TRANSACTION_REPEATABLE_READ  = 4
+!   TRANSACTION_SERIALIZABLE     = 8 (default)
+!
+! SERIALIZABLE means that InstantDB takes exclusive access to all
+! tables in a transaction until the transaction completes. Even if
+! the transaction only performs reads.
+!
+! REPEATABLE_READ transactions takes read locks for SELECTs and
+! write locks for everything else. All locks released on transaction
+! completion.
+!
+! READ_COMMITTED transactions are the same as REPEATABLE_READ 
+! except that read locks get freed on statement completion.
+!
+! READ_UNCOMMITTED transactions do not take read locks. A result
+! set can include data being modified by another transaction.
+!
+!defaultIsolationLevel=2
+
+!---------------------------------------------------------------------
+!
+! DATE, TIME AND CURRENCY PROPERTIES
+!
+!---------------------------------------------------------------------
+
+!
+! Number of digits after decimal point in currency outputs. Defaults to 2.
+!
+currencyDecimal=2
+!
+! Currency symbol used in currency outputs. Defaults to $.
+!
+currencySymbol=$
+!
+! Default format for date columns. Defaults to "yyyy-mm-dd".
+!
+!dateFormat=yyyy-mm-dd
+!
+! Default format for timestamp columns. Defaults to "yyyy-mm-dd hh:nn:ss.lll".
+!
+!dateTimeFormat=yyyy-mm-dd hh:nn:ss.lll
+!
+! Default format for time columns. Defaults to "hh:nn:ss.lll".
+!
+!timeFormat=hh:nn:ss.lll
+!
+! If set, then all two digit dates less than its value are interpreted 
+! as 21st century dates. 
+!
+!milleniumBoundary=50
+!
+! Set to 1 causes the date string "now" to store a full timestamp. 
+! Default is to store only the date for fields with now hour in the 
+! format string.
+!
+nowMeansTime=0
+
+!---------------------------------------------------------------------
+!
+! STRING HANDLING PROPERTIES
+!
+!---------------------------------------------------------------------
+
+!
+! If set to 1 then String hashes use the JDK Object.hashCode() function.
+! By default, uses InstantDB's String hashing.
+!
+altStringHashing=0
+!
+! Set to 1 to cause LIKE clauses to always perform case insensitive 
+! comparisons. 
+!
+likeIgnoreCase=0
+!
+! Same as SET LITERAL STRICT_ON. Prevents string literals being interpreted
+! as column names or numbers. Default is 0.
+!
+strictLiterals=0
+!
+! Set this value to 1 (one) if you would like PreparedStatement.setString()
+! to ignore "\" (backslash) characters when proceesing string constants.
+! When set, InstantDB will not attempt to interpret \ as the start of an
+! escape sequence. Default is 0.
+!
+!prepareIgnoresEscapes=1
+
+!---------------------------------------------------------------------
+!
+! MISCELLANEOUS PROPERTIES
+!
+!---------------------------------------------------------------------
+
+!
+! Allows selected InstantDB keywords to be un-reserved. 
+! e.g. ignoreKeywords=url,quote would allow the keywords 
+! url and quote to be used as table or column names. 
+!
+! This faciliy is provided for compatatbility reasons only.
+! It's use is not recommended AND IS NOT SUPPORTED.
+!
+!ignoreKeywords
+!
+! Non-zero means database is opened in read only mode.
+!
+readOnly=0

webgoat/src/main/webapp/javascript/DOMXSS.js

@@ -0,0 +1,5 @@
+function displayGreeting(name) {
+	if (name != ''){
+		document.getElementById("greeting").innerHTML="Hello, " + name+ "!";
+	}
+}

webgoat/src/main/webapp/javascript/DOMXSS_backup.js

@@ -0,0 +1,5 @@
+function displayGreeting(name) {
+	if (name != ''){
+		document.getElementById("greeting").innerHTML="Hello, " + name+ "!";
+	}
+}

webgoat/src/main/webapp/javascript/clientSideFiltering.js

@@ -0,0 +1,105 @@
+var dataFetched = false;
+
+function selectUser(){
+
+		var newEmployeeID = document.getElementById("UserSelect").options[document.getElementById("UserSelect").selectedIndex].value;
+
+	    if (navigator.userAgent.indexOf("MSIE ") == -1)
+    {
+			document.getElementById("employeeRecord").innerHTML = document.getElementById(newEmployeeID).innerHTML;
+    }
+    else
+    {
+    		//IE is a buggy ....
+
+		var TR = document.createElement("tr");
+    	var TD0 = document.createElement("td");
+    	var TD1 = document.createElement("td");
+    	var TD2 = document.createElement("td");
+    	var TD3 = document.createElement("td");
+    	var TD4 = document.createElement("td");
+    	
+    	var text0 = document.createTextNode(document.getElementById(newEmployeeID).childNodes[0].firstChild.nodeValue);
+    	var text1 = document.createTextNode(document.getElementById(newEmployeeID).childNodes[1].firstChild.nodeValue);
+    	var text2 = document.createTextNode(document.getElementById(newEmployeeID).childNodes[2].firstChild.nodeValue);
+    	var text3 = document.createTextNode(document.getElementById(newEmployeeID).childNodes[3].firstChild.nodeValue);
+    	var text4 = document.createTextNode(document.getElementById(newEmployeeID).childNodes[4].firstChild.nodeValue);
+
+    	TD0.appendChild(text0);
+    	TD1.appendChild(text1);
+    	TD2.appendChild(text2);
+    	TD3.appendChild(text3);
+    	TD4.appendChild(text4);
+    	
+    	TR.appendChild(TD0);
+    	TR.appendChild(TD1);
+    	TR.appendChild(TD2);
+    	TR.appendChild(TD3);
+    	TR.appendChild(TD4);
+    	
+    	document.getElementById("employeeRecord").appendChild(TR);    	
+    }   
+    
+}
+
+
+function fetchUserData(){
+	if(!dataFetched){
+		dataFetched = true;		
+		ajaxFunction(document.getElementById("userID").value);
+	}
+}
+
+
+
+
+
+function ajaxFunction(userId)
+  {
+         
+	var xmlHttp;
+  try
+    {
+
+    // Firefox, Opera 8.0+, Safari
+    xmlHttp=new XMLHttpRequest();
+
+    }
+  catch (e)
+    {
+ 
+    // Internet Explorer
+    try
+      {
+      xmlHttp=new ActiveXObject("Msxml2.XMLHTTP");
+      }
+    catch (e)
+      {
+      try
+        {
+       
+        xmlHttp=new ActiveXObject("Microsoft.XMLHTTP");
+        }
+      catch (e)
+        {
+        alert("Your browser does not support AJAX!");
+        return false;
+        }
+      }
+    }
+    xmlHttp.onreadystatechange=function()
+      {      
+      var result = xmlHttp.responseText;
+
+      if(xmlHttp.readyState==4)
+        {
+        	//We need to do this because IE is buggy
+        	var newdiv = document.createElement("div");
+        	newdiv.innerHTML = result;
+        	var container = document.getElementById("hiddenEmployeeRecords");
+        	container.appendChild(newdiv);     
+        }
+      }
+    xmlHttp.open("GET","lessons/Ajax/clientSideFiltering.jsp?userId=" + userId,true);
+    xmlHttp.send(null);
+  }

webgoat/src/main/webapp/javascript/clientSideValidation.js

@@ -0,0 +1,145 @@
+var coupons = ["nvojubmq",
+"emph",
+"sfwmjt",
+"faopsc",
+"fopttfsq",
+"pxuttfsq"];
+
+
+function isValidCoupon(coupon) {
+	coupon = coupon.toUpperCase();
+	for(var i=0; i<coupons.length; i++) {
+		decrypted = decrypt(coupons[i]);
+		if(coupon == decrypted){
+			ajaxFunction(coupon);
+			return true;
+		}
+	}
+	return false;	
+}
+
+
+
+
+function decrypt(code){
+
+	code = code.toUpperCase();
+
+	alpha = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
+	
+	caesar = '';
+
+	for (i = code.length ;i >= 0;i--){	
+	
+		for (j = 0;j<alpha.length;j++){		
+			
+			if(code.charAt(i) == alpha.charAt(j)){
+			
+				caesar = caesar + alpha.charAt((j+(alpha.length-1))%alpha.length);
+			}		
+		}
+	}	
+	return caesar;
+}
+
+function ajaxFunction(coupon)
+  {
+  
+  var xmlHttp;
+  try
+    {
+    // Firefox, Opera 8.0+, Safari
+    xmlHttp=new XMLHttpRequest();
+    }
+  catch (e)
+    {
+    // Internet Explorer
+    try
+      {
+      xmlHttp=new ActiveXObject("Msxml2.XMLHTTP");
+      }
+    catch (e)
+      {
+      try
+        {
+        xmlHttp=new ActiveXObject("Microsoft.XMLHTTP");
+        }
+      catch (e)
+        {
+        alert("Your browser does not support AJAX!");
+        return false;
+        }
+      }
+    }
+    xmlHttp.onreadystatechange=function()
+      {
+      if(xmlHttp.readyState==4)
+        {
+        document.form.GRANDTOT.value = calcTot(document.form.SUBTOT.value , xmlHttp.responseText);
+        }
+      }
+    xmlHttp.open("GET","lessons/Ajax/clientSideValidation.jsp?coupon=" + coupon,true);
+    xmlHttp.send(null);
+  }
+  
+  
+  function updateTotals(){
+
+	f = document.form;
+	
+	f.TOT1.value = calcTot(f.PRC1.value , f.QTY1.value);
+	f.TOT2.value = calcTot(f.PRC2.value , f.QTY2.value);
+	f.TOT3.value = calcTot(f.PRC3.value , f.QTY3.value);
+	f.TOT4.value = calcTot(f.PRC4.value , f.QTY4.value);	
+	
+	f.SUBTOT.value = formatCurrency(unFormat(f.TOT1.value) 
+							+ unFormat(f.TOT2.value) 
+							+ unFormat(f.TOT3.value) 
+							+ unFormat(f.TOT4.value));
+	
+	f.GRANDTOT.value = f.SUBTOT.value;	
+	
+	isValidCoupon(f.field1.value);
+	
+	
+}
+
+function unFormat(price){
+	
+	price = parseFloat(unFormatCurrency(price));
+
+	if(isNaN(price))
+		price = 0;
+	
+	return price;
+
+}
+
+function calcTot( price,  qty){
+	
+	price = unFormatCurrency(price);
+	
+	return formatCurrency(price*qty);
+}
+
+
+function unFormatCurrency(price){
+	price = price.toString().replace(/\$|\,/g,'');
+	return price;
+}
+
+function formatCurrency(num) {
+	num = num.toString().replace(/\$|\,/g,'');
+	if(isNaN(num))
+		num = "0";
+	sign = (num == (num = Math.abs(num)));
+	num = Math.floor(num*100+0.50000000001);
+	cents = num%100;
+	num = Math.floor(num/100).toString();
+	if(cents<10)
+		cents = "0" + cents;
+	for (var i = 0; i < Math.floor((num.length-(1+i))/3); i++)
+		num = num.substring(0,num.length-(4*i+3))+','+
+	num.substring(num.length-(4*i+3));
+	return (((sign)?'':'-') + '$' + num + '.' + cents);
+}

webgoat/src/main/webapp/javascript/escape.js

@@ -0,0 +1,6 @@
+function escapeHTML (str) {
+   var div = document.createElement('div');
+   var text = document.createTextNode(str);
+   div.appendChild(text);
+   return div.innerHTML;
+}

webgoat/src/main/webapp/javascript/eval.js

@@ -0,0 +1,62 @@
+var http_request = false;
+
+function makeXHR(method, url, parameters) {
+	  //alert('url: ' + url + ' parameters: ' + parameters);
+      http_request = false;
+      if (window.XMLHttpRequest) { // Mozilla, Safari,...
+         http_request = new XMLHttpRequest();
+         if (http_request.overrideMimeType) {
+            http_request.overrideMimeType('text/html');
+         }
+      } else if (window.ActiveXObject) { // IE
+         try {
+            http_request = new ActiveXObject("Msxml2.XMLHTTP");
+         } catch (e) {
+            try {
+               http_request = new ActiveXObject("Microsoft.XMLHTTP");
+            } catch (e) {}
+         }
+      }
+      if (!http_request) {
+         alert('Cannot create XMLHTTP instance');
+         return false;
+      }
+      
+      // http_request.onreadystatechange = alertContents;
+      http_request.open(method, url, true);
+      http_request.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
+      http_request.setRequestHeader("Content-length", parameters.length);
+      http_request.setRequestHeader("Connection", "close");
+      
+      http_request.onreadystatechange = function() {
+      		if(http_request.readyState == 4) {
+      			var status = http_request.status;
+      			var responseText = http_request.responseText;
+      			
+      			//alert('status: ' + status);
+      			//alert('responseText: ' + responseText);
+      			
+      			eval(http_request.responseText);      			
+		
+      			if(responseText.indexOf("');") != -1 
+	      			&& responseText.indexOf("alert") != -1 
+	      			&& responseText.indexOf("document.cookie") != -1){
+	      			
+	      			document.form.submit();
+      			}
+      			
+      		}
+      };
+      
+      http_request.send(parameters);
+}
+
+function purchase(url) {
+	var field1 = document.form.field1.value;
+	var field2 = document.form.field2.value;
+	
+	//alert('field1: ' + field1 + ' field2: ' + field2);
+	
+	var parameters = 'field1=' + field1 + '&field2=' + field2;
+	makeXHR('POST', url, parameters);
+}

webgoat/src/main/webapp/javascript/instructor/DOMXSS_i.js

@@ -0,0 +1,13 @@
+function displayGreeting(name) {
+	if (name != ''){
+		document.getElementById("greeting").innerHTML="Hello, " + escapeHTML(name) + "!";
+	}
+}
+
+function escapeHTML (str) {
+   var div = document.createElement('div');
+   var text = document.createTextNode(str);
+   div.appendChild(text);
+   return div.innerHTML;
+}
+	

webgoat/src/main/webapp/javascript/javascript.js

@@ -0,0 +1,6 @@
+function MM_reloadPage(init) {  //reloads the window if Nav4 resized
+  if (init==true) with (navigator) {if ((appName=="Netscape")&&(parseInt(appVersion)==4)) {
+    document.MM_pgW=innerWidth; document.MM_pgH=innerHeight; onresize=MM_reloadPage; }}
+  else if (innerWidth!=document.MM_pgW || innerHeight!=document.MM_pgH) location.reload();
+}
+MM_reloadPage(true);

webgoat/src/main/webapp/javascript/lessonNav.js

@@ -0,0 +1,59 @@
+// Logout and Help Swap Image 
+
+function MM_reloadPage(init) {  //reloads the window if Nav4 resized
+  if (init==true) with (navigator) {if ((appName=="Netscape")&&(parseInt(appVersion)==4)) {
+    document.MM_pgW=innerWidth; document.MM_pgH=innerHeight; onresize=MM_reloadPage; }}
+  else if (innerWidth!=document.MM_pgW || innerHeight!=document.MM_pgH) location.reload();
+}
+MM_reloadPage(true);
+
+function MM_swapImgRestore() { //v3.0
+  var i,x,a=document.MM_sr; for(i=0;a&&i<a.length&&(x=a[i])&&x.oSrc;i++) x.src=x.oSrc;
+}
+
+function MM_swapImage() { //v3.0
+  var i,j=0,x,a=MM_swapImage.arguments; document.MM_sr=new Array; for(i=0;i<(a.length-2);i+=3)
+   if ((x=MM_findObj(a[i]))!=null){document.MM_sr[j++]=x; if(!x.oSrc) x.oSrc=x.src; x.src=a[i+2];}
+}
+
+// Lesson Nav bar image swapping
+
+function MM_preloadImages() { //v3.0
+  var d=document; if(d.images){ if(!d.MM_p) d.MM_p=new Array();
+    var i,j=d.MM_p.length,a=MM_preloadImages.arguments; for(i=0; i<a.length; i++)
+    if (a[i].indexOf("#")!=0){ d.MM_p[j]=new Image; d.MM_p[j++].src=a[i];}}
+}
+
+function MM_nbGroup(event, grpName) { //v6.0
+  var i,img,nbArr,args=MM_nbGroup.arguments;
+  if (event == "init" && args.length > 2) {
+    if ((img = MM_findObj(args[2])) != null && !img.MM_init) {
+      img.MM_init = true; img.MM_up = args[3]; img.MM_dn = img.src;
+      if ((nbArr = document[grpName]) == null) nbArr = document[grpName] = new Array();
+      nbArr[nbArr.length] = img;
+      for (i=4; i < args.length-1; i+=2) if ((img = MM_findObj(args[i])) != null) {
+        if (!img.MM_up) img.MM_up = img.src;
+        img.src = img.MM_dn = args[i+1];
+        nbArr[nbArr.length] = img;
+    } }
+  } else if (event == "over") {
+    document.MM_nbOver = nbArr = new Array();
+    for (i=1; i < args.length-1; i+=3) if ((img = MM_findObj(args[i])) != null) {
+      if (!img.MM_up) img.MM_up = img.src;
+      img.src = (img.MM_dn && args[i+2]) ? args[i+2] : ((args[i+1])? args[i+1] : img.MM_up);
+      nbArr[nbArr.length] = img;
+    }
+  } else if (event == "out" ) {
+    for (i=0; i < document.MM_nbOver.length; i++) {
+      img = document.MM_nbOver[i]; img.src = (img.MM_dn) ? img.MM_dn : img.MM_up; }
+  } else if (event == "down") {
+    nbArr = document[grpName];
+    if (nbArr)
+      for (i=0; i < nbArr.length; i++) { img=nbArr[i]; img.src = img.MM_up; img.MM_dn = 0; }
+    document[grpName] = nbArr = new Array();
+    for (i=2; i < args.length-1; i+=2) if ((img = MM_findObj(args[i])) != null) {
+      if (!img.MM_up) img.MM_up = img.src;
+      img.src = img.MM_dn = (args[i+1])? args[i+1] : img.MM_up;
+      nbArr[nbArr.length] = img;
+  } }
+}

webgoat/src/main/webapp/javascript/makeWindow.js

@@ -0,0 +1,7 @@
+
+function makeWindow(url, windowName) 
+{
+	day = new Date();
+	id = day.getTime();
+	eval("page" + id + " = window.open(url, '" + id + "', 'toolbar=0,location=0,scrollbars=1,statusbar=0,menubar=0,resizable=1,width=600,height=500');");
+}

webgoat/src/main/webapp/javascript/menu_system.js

@@ -0,0 +1,147 @@
+function changeLanguage(){
+	var select=MM_findObj("language",null);
+	
+	document.location="attack?language="+select.value;
+}	
+
+
+function MM_findObj(n, d) {
+  var p,i,x;  if(!d) d=document; if((p=n.indexOf("?"))>0&&parent.frames.length) {
+    d=parent.frames[n.substring(p+1)].document; n=n.substring(0,p);}
+  if(!(x=d[n])&&d.all) x=d.all[n]; for (i=0;!x&&i<d.forms.length;i++) x=d.forms[i][n];
+  for(i=0;!x&&d.layers&&i<d.layers.length;i++) x=MM_findObj(n,d.layers[i].document);
+  if(!x && d.getElementById) x=d.getElementById(n); return x;
+}
+
+function getHW(t,a) {
+  var r,p,h=0,w=0;if((p=MM_findObj(a)) !=null){
+  if(document.all || document.getElementById){h=parseInt(p.offsetHeight);w=parseInt(p.offsetWidth);
+  if(!h){h=parseInt(p.style.pixelHeight);w=parseInt(p.style.pixelWidth);}
+  }else if(document.layers){h=parseInt(p.clip.height);w=parseInt(p.clip.width);}}
+  if(t=="width"){r=w;}else{r=h;}return r; 
+}
+
+function MM1dwt() {
+  var g,lh,sw,fr = false;
+  if(!document.mc)return;
+  for(var x=0;x<m1.length;x++){tl=m1[x].id;lh="P7CM1DWT0"+tl;
+	if((g=MM_findObj(lh)) !=null){fr=true;sw=0;break;}
+	lh="P7CM1DWT1"+tl;if((g=MM_findObj(lh)) !=null){fr=true;sw=1;break;}}
+  if(fr){eval("trigMenuMagic1('"+tl+"',"+sw+")");}
+}
+
+function setMenuMagic1() {
+  var s,d,g,g2,gg,ww,kx,th,tu,ts,nu,xx,k=0,pa=0;args=setMenuMagic1.arguments;
+  if((parseInt(navigator.appVersion)>4 || navigator.userAgent.indexOf("MSIE")>-1)&& navigator.userAgent.indexOf("Opera")==-1){pa="px";}
+  if(navigator.userAgent.indexOf("Opera")>-1){P7OperaW=window.innerWidth;P7OperaH=window.innerHeight;}
+  if(!document.mc) { m3=new Array();
+   m=new Array();document.mc=true;ms=new Array();document.imswap=new Array();document.imswapo=new Array();
+   m1=new Array();m2=new Array();mprop=new Object();mprop.offset=args[0];mprop.rate=args[1];
+   mprop.delay=args[2];mprop.bottom=args[3];
+   if(document.layers){mprop.pageh = document.height;}}
+  for(var x=4;x<args.length;x+=3){if((g=MM_findObj(args[x])) !=null){
+    m[k]=args[x];g.imname=args[x+2];g.sub=args[x+1];m3[k]=0;
+    g2=MM_findObj(args[x+2]);tu=g2.src;ts=tu.lastIndexOf(".");
+    nu=tu.substring(0,ts)+"_open"+tu.substring(ts,tu.length);
+	nu2=tu.substring(0,ts)+"_over"+tu.substring(ts,tu.length);
+    document.imswap[k]=new Image();document.imswap[k].src=tu;
+	document.imswapo[k]=new Image();document.imswapo[k].src=tu;k++;}}
+  var lf=0;for (var j=0;j<m.length;j++){
+   if((g=MM_findObj(m[j])) !=null){d=(document.layers)?g:g.style;m1[j]=g;g.waiting=false;
+    if(j==0){lf=parseInt(d.left);th=parseInt(d.top);}
+    if(j>0){d.left=(lf+pa);th+=getHW('height',m[j-1]);d.top=(th+pa);}
+    if((s=MM_findObj(g.sub)) !=null){m2[j]=s;ww=getHW('width',g.sub);
+     kx=lf-ww-30;dd=(document.layers)?s:s.style;
+     dd.left=(kx+pa);dd.top=(th+pa);ms[j]=th;dd.visibility="visible";s.open=false;s.waiting=false;}}}
+  if((g=MM_findObj(mprop.bottom)) !=null){d=(document.layers)?g:g.style;
+   d.left=(lf+parseInt(args[0])+pa);th+=getHW('height',m[m.length-1]);d.top=(th+pa);}
+}
+
+function BM1(el,x,y,a,b,c,s) {
+ var g,elo=el,f="",m=false,d="";x=parseInt(x);y=parseInt(y);
+ var t = 'g.BM = setTimeout("BM1(\''+elo+'\','; 
+ if ((g=MM_findObj(el))!=null) {d=(document.layers)?g:g.style;}else{return;}
+ var xx=(parseInt(d.left))?parseInt(d.left):0;
+ var yy=(parseInt(d.top))?parseInt(d.top):0;
+ var i=parseInt(a);
+  if (eval(g.moved)){clearTimeout(g.BM);}
+  if (xx<x){xx+=i;m=true;if(xx>x){xx=x;}}
+  if (xx>x){xx-=i;m=true;if(xx<x){xx=x;}}
+  if (yy<y){yy+=i;m=true;if(yy>y){yy=y;}}
+  if (yy>y){yy-=i;m=true;if(yy<y){yy=y;}}
+ if (m) {
+  if((parseInt(navigator.appVersion)>4 || navigator.userAgent.indexOf("MSIE")>-1)&& navigator.userAgent.indexOf("Opera")==-1){   
+   xx+="px";yy+="px";}d.left=xx;d.top=yy;g.moved=true;eval(t+x+','+y+','+a+','+b+','+c+',0)",'+b+')');
+  }else {g.moved=false;wait(elo);}
+}
+
+function wait(a) {
+  var ma,mb;if((mb=MM_findObj(a)) !=null){
+   if(!mb.waiting || mb.waiting=="none"){return;}
+    ma=mb.waiting;mb.waiting=false;eval(ma);}
+}
+
+function trigMenuMagic1(a,sw) {
+  var x,g,gg,d,dd,w,lp,tp,im,im2,ts,nu,e,pa=0;if(!document.mc)return;
+  if((parseInt(navigator.appVersion)>4 || navigator.userAgent.indexOf("MSIE")>-1)&& navigator.userAgent.indexOf("Opera")==-1){pa="px";}
+  if(navigator.userAgent.indexOf("Opera")>-1){if( P7OperaW!=window.innerWidth || P7OperaH!=window.innerHeight)setMenuMagic1();}
+  var ofs=parseInt(mprop.offset),trt = parseInt(mprop.rate);
+  var tdy=parseInt(mprop.delay),tsb,tlf,tst;for(x=0;x<m.length;x++){
+  if(m[x]==a){d=m1[x];dd=(document.layers)?d:d.style;g=m2[x];gg=(document.layers)?g:g.style;
+   e=MM_findObj(d.imname);im=e.src;ts=im.replace("_open","");ts=ts.replace("_over","");
+   if(!g.open){tst="closed";im2=ts.lastIndexOf(".");
+   nu=ts.substring(0,im2)+"_open"+ts.substring(im2,ts.length);ts = nu;}else{tst="open"}break;}}
+   if(document.mm1Q){trt=20000;document.mm1Q=false;}
+  for(j=0;j<m.length;j++){
+   d=m1[j];dd=(document.layers)?d:d.style;g=m2[j];gg=(document.layers)?g:g.style;
+   if(j==0){tlf=parseInt(dd.left);}if(g.open){
+   w=getHW('width',d.sub)+30;w-=parseInt(dd.left);w*=-1;d.waiting=false;
+   eval("BM1('"+d.sub+"',"+w+","+parseInt(gg.top)+","+20000+","+tdy+",0,0)");}
+   d.waiting=false;g.open=false;
+   if(parseInt(sw)==1){e=MM_findObj(d.imname);im=e.src;im2=im.replace("_open","");e.src=im2;}}
+  var tnt=new Array();var df=0,tcd=0,tdl=m[0];for(j=0;j<m.length;j++){
+  d=m1[j];dd=(document.layers)?d:d.style;g=m2[j];gg=(document.layers)?g:g.style;
+  if(j==0){th=parseInt(dd.top);}tnt[j]=th;df=Math.abs(parseInt(dd.top)-th);
+  if(df>tcd){tdl=m[j];tcd=df;}th+=getHW('height',m[j]);
+  if(x==j && tst=="closed"){tsb=th;if(m3[j]!=1){th+=getHW('height',d.sub);}}ms[j]=th;}
+  if(tst=="closed"){d=m1[x];dd=(document.layers)?d:d.style;
+   g=m2[x];gg=(document.layers)?g:g.style;lp=tlf+ofs;
+   gg.top=(tsb+pa);ms[x]=tsb;e=MM_findObj(d.imname);if(parseInt(sw)==1){e.src=ts;}
+   g.open=true;if(m3[x]!=1){gg.visibility="visible";var r;r=MM_findObj(tdl);		
+   r.waiting="BM1('"+d.sub+"',"+lp+","+tsb+","+20000+","+tdy+",0,0)" ;}
+   }else{d=m1[m1.length-1];d.waiting="none";}
+  for(j=0;j<m.length;j++ ){eval("BM1('"+m[j]+"',"+tlf+","+tnt[j]+","+trt+","+tdy+",0,0)");}
+  if((g=MM_findObj(mprop.bottom)) !=null){d=(document.layers)?g:g.style;g.waiting=false;
+   eval("BM1('"+mprop.bottom+"',"+(tlf+ofs)+","+th+","+trt+","+tdy+",0,0)");
+   th+=(document.layers)?getHW('height',mprop.bottom):0;}
+  if(document.layers){var tw2=document.width;
+    if(document.height<th) {document.height=th;document.width=tw2;}}
+}
+
+function rollCMenu1(ev,a,b) {
+ var e,im,ts,j,nu,g,x,tev=ev.type;
+ if(!document.mc)return;
+ if(tev=="mouseover"){for(x=0;x<m.length;x++){
+ if(m[x]==a){g=m2[x];if(parseInt(b)==0 && g.open) {break;return;}
+ e=MM_findObj(m1[x].imname);im=e.src;ts=im.replace("_open","");
+ ts=ts.replace("_over","");j=ts.lastIndexOf(".");
+ e.src=ts.substring(0,j)+"_over"+ts.substring(j,ts.length);break;}}
+ }else if(tev=="mouseout"){for(x=0;x<m.length;x++){
+ if(m[x]==a){e=MM_findObj(d=m1[x].imname);im=e.src;
+ g=m2[x];ts=im.replace("_open","");ts=ts.replace("_over","");
+ if(g.open){j=ts.lastIndexOf(".");
+ nu=ts.substring(0,j)+"_open"+ts.substring(j,ts.length);
+ }else{nu=ts;}e.src=nu;break;}}}
+}
+
+function trigMM1url(param,opt){
+  var ur,x,i,nv,mn,pr=new Array();
+  ur=document.URL;x=ur.indexOf("?");
+  if(x>1){pr=ur.substring(x+1,ur.length).split("&");
+  for(i=0;i<pr.length;i++){nv=pr[i].split("=");
+  if(nv.length>0){if(unescape(nv[0])==param){
+  mn="menu"+unescape(nv[1]);
+  eval("trigMenuMagic1('"+mn+"',"+opt+")");}}}}
+  }
+  
+  document.mm1Q=true;