dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

improving lesson due to issue #845

Browse Source
This commit is contained in:
René Zubcevic
2020-07-05 13:13:34 +02:00
committed by Nanne Baars
parent 2d2dc22e19
commit ef6993c636
6 changed files with 64 additions and 153 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
webgoat-lessons/vulnerable-components/src/main/resources/lessonPlans/en/VulnerableComponents_content5a.adoc
View File

@ -1,6 +1,6 @@
== Exploiting http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7285[CVE-2013-7285] (XStream)
WebGoat Sends an XML document to add contacts to a contacts database.
WebGoat uses an XML document to add contacts to a contacts database.
[source,xml]
----
<contact>
@ -11,5 +11,6 @@ WebGoat Sends an XML document to add contacts to a contacts database.
</contact>
----
For this example, we will let you enter the xml directly versus intercepting the request and modifying the data. You provide the XML representation of a contact and WebGoat will convert it a Contact object using `XStream.fromXML(xml)`.
So find information about the CVE vulnerability and sends some payload that triggers the vulnerability.
The java interface that you need for the exercise is: org.owasp.webgoat.vulnerable_components.Contact.
Start by sending the above contact to see what the normal response would be and then read the CVE vulnerability documentation (search the Internet) and try to trigger the vulnerability.
For this example, we will let you enter the XML directly versus intercepting the request and modifying the data. You provide the XML representation of a contact and WebGoat will convert it a Contact object using `XStream.fromXML(xml)`.