dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

get the info button functioning

Browse Source
This commit is contained in:
lawson89@gmail.com 2014-09-07 23:39:05 -04:00
parent be7d40706a
commit e9cd630a95
4 changed files with 420 additions and 234 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
src/main/java/org/owasp/webgoat/controller/About.java Normal file
View File

@ -0,0 +1,49 @@
/*
* To change this license header, choose License Headers in Project Properties.
* To change this template file, choose Tools | Templates
* and open the template in the editor.
*/
package org.owasp.webgoat.controller;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.servlet.ModelAndView;
/**
*
* @author rlawson
*/
@Controller
public class About {
final Logger logger = LoggerFactory.getLogger(About.class);
private static final String WELCOMED = "welcomed";
@RequestMapping(value = "about.mvc", method = RequestMethod.GET)
public ModelAndView welcome(HttpServletRequest request,
@RequestParam(value = "error", required = false) String error,
@RequestParam(value = "logout", required = false) String logout) {
// set the welcome attribute
// this is so the attack servlet does not also
// send them to the welcome page
HttpSession session = request.getSession();
if (session.getAttribute(WELCOMED) == null) {
session.setAttribute(WELCOMED, "true");
}
//go ahead and send them to webgoat (skip the welcome page)
ModelAndView model = new ModelAndView();
//model.setViewName("welcome");
//model.setViewName("main_new");
model.setViewName("about");
return model;
}
}

124
src/main/webapp/WEB-INF/pages/about.jsp Normal file
View File

@ -0,0 +1,124 @@
<%@ page contentType="text/html; charset=ISO-8859-1" language="java"
errorPage=""%>
<!-- Latest compiled and minified CSS -->
<link rel="stylesheet" href="plugins/bootstrap/css/bootstrap.min.css"/>
<link rel="stylesheet" href="css/webgoat.css" type="text/css" />
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal"><span aria-hidden="true">&times;</span><span class="sr-only">Close</span></button>
<h1 class="modal-title" id="myModalLabel">About WebGoat</h1>
</div>
<div class="modal-body">
<p>Thank you for using WebGoat! This program is a demonstration of common web application flaws.
The exercises are intended to provide hands on experience with
application penetration testing techniques. </p>
<p>The WebGoat project is led
by Bruce Mayhew. Please send all comments to Bruce at [TODO, session was blowing up here for some reason].</p>
<div id="team">
<table border="0" align="center" class="lessonText">
<tr>
<td width="50%">
<div align="center"><a href="http://www.owasp.org"><img
border="0" src="images/logos/owasp.jpg" alt="OWASP Foundation"
longdesc="http://www.owasp.org" /></a></div>
</td>
<td width="50%">
<div align="center"><a href="http://www.aspectsecurity.com"><img
border="0" src="images/logos/aspect.jpg" alt="Aspect Security"
longdesc="http://www.aspectsecurity.com" /></a></div>
</td>
</tr>
<tr>
<td colspan="2">
<div align="center"><span class="style1">
WebGoat Authors </span></div>
</td>
</tr>
<tr>
<td colspan="2">
<div align="center"><span class="style2">
Bruce Mayhew </span></div>
</td>
</tr>
<tr>
<td colspan="2">
<div align="center"><span class="style2">
Jeff Williams </span></div>
</td>
</tr>
<tr>
<td width="50%">
<div align="center"><span class="style1"><br />
WebGoat Design Team </span></div>
</td>
<td width="50%">
<div align="center"><span class="style1"><br />
V5.4 Lesson Contributers </span></div>
</td>
</tr>
<tr>
<td valign="top">
<div align="center" class="style2">David Anderson</div>
<div align="center" class="style2">Laurence Casey (Graphics)</div>
<div align="center" class="style2">Rogan Dawes</div>
<div align="center" class="style2">Bruce Mayhew</div>
</td>
<td valign="top">
<div align="center" class="style2">Sherif Koussa</div>
<div align="center" class="style2">Yiannis Pavlosoglou</div>
<div align="center" class="style2"></div>
</td>
</tr>
<tr>
<td height="25" valign="bottom">
<div align="center"><span class="style1">Special Thanks
for V5.4</span></div>
</td>
<td height="25" valign="bottom">
<div align="center"><span class="style1">Documentation
Contributers</span></div>
</td>
</tr>
<tr>
<td>
<div align="center" class="style2">Brian Ciomei (Multitude of bug fixes)</div>
<div align="center" class="style2">To all who have sent comments</div>
</td>
<td>
<div align="center" class="style2">
<a href="http://www.zionsecurity.com/" target="_blank">Erwin Geirnaert</a></div>
<div align="center" class="style2">
<a href="http://yehg.org/" target="_blank">Aung Khant</a></div>
<div align="center" class="style2">
<a href="http://www.softwaresecured.com" target="blank">Sherif Koussa</a>
</div>
</td>
</tr>
<tr>
<td>
<div align="center" class="style2">&nbsp;</div>
</td>
</tr>
</table>
</div>
<div align="center" class="style2">&nbsp;</div>
<div align="center" class="style2">&nbsp;</div>
<div align="center" class="style2">&nbsp;</div>
<div id="warning">WARNING<br />
While running this program, your machine is extremely vulnerable to
attack if you are not running on localhost. If you are NOT running on localhost (default configuration), You should disconnect from the network while using this program.
<br />
<br />
This program is for educational purposes only. Use of these techniques
without permission could lead to job termination, financial liability,
and/or criminal penalties.</div>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-default" data-dismiss="modal">Close</button>
</div>

9
src/main/webapp/WEB-INF/pages/main_new.jsp
View File

@ -76,7 +76,7 @@
<h1 id="lessonTitle">Lesson Title in here</h1> <h1 id="lessonTitle">Lesson Title in here</h1>
</div><!--lesson title end--> </div><!--lesson title end-->
<div class="user-nav pull-right"> <div class="user-nav pull-right">
<button type="button" class="btn btn-default"> <button type="button" class="btn btn-default" ng-click="showAbout()">
<i class="fa fa-info"></i> <i class="fa fa-info"></i>
</button> </button>
<button type="button" class="btn btn-default"> <button type="button" class="btn btn-default">
@ -326,5 +326,12 @@
} }
</script> </script>
<!-- Modal -->
<div class="modal fade" id="aboutModal" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
<div class="modal-dialog modal-lg">
<div class="modal-content">
</div>
</div>
</div>
</body> </body>
</html> </html>

6
src/main/webapp/js/goatControllers.js
View File

@ -148,6 +148,12 @@ goat.controller('goatLesson', function($scope, $http, $modal, $log, $templateCac
}; };
$scope.showAbout = function() {
$('#aboutModal').modal({
remote: 'about.mvc'
});
};
}).animation('.slideDown', function() { }).animation('.slideDown', function() {
var NgHideClassName = 'ng-hide'; var NgHideClassName = 'ng-hide';