Merge branch 'next' into WEB-139

Conflicts:
	src/main/java/org/owasp/webgoat/lessons/PasswordStrength.java
This commit is contained in:
nbaars
2014-09-16 18:28:32 +02:00
126 changed files with 21246 additions and 21202 deletions

View File

@ -105,7 +105,7 @@ public class DBSQLInjection extends GoatHillsFinancial
+ "Remember: You need to end up with a SQL statement that only returns one row, since we are using an INTO clause"); + "Remember: You need to end up with a SQL statement that only returns one row, since we are using an INTO clause");
// Stage 1 // Stage 1
hints.add("You may need to use WebScarab to remove a field length limit to fit your attack."); hints.add("You may need to use OWASP ZAP to remove a field length limit to fit your attack.");
hints.add("Try entering a password of [ ' OR userid=112 OR password=' ]."); hints.add("Try entering a password of [ ' OR userid=112 OR password=' ].");
// Stage 2 // Stage 2

View File

@ -41,6 +41,7 @@ import org.owasp.webgoat.session.WebSession;
*/ */
public class FailOpenAuthentication extends WeakAuthenticationCookie public class FailOpenAuthentication extends WeakAuthenticationCookie
{ {
public final static A ASPECT_LOGO = new A().setHref("http://www.aspectsecurity.com") public final static A ASPECT_LOGO = new A().setHref("http://www.aspectsecurity.com")
.addElement( .addElement(
new IMG("images/logos/aspect.jpg").setAlt("Aspect Security").setBorder(0).setHspace(0) new IMG("images/logos/aspect.jpg").setAlt("Aspect Security").setBorder(0).setHspace(0)
@ -143,7 +144,7 @@ public class FailOpenAuthentication extends WeakAuthenticationCookie
hints.add("You can force errors during the authentication process."); hints.add("You can force errors during the authentication process.");
hints.add("You can change length, existance, or values of authentication parameters."); hints.add("You can change length, existance, or values of authentication parameters.");
hints hints
.add("Try removing a parameter ENTIRELY with <A href=\"http://www.owasp.org/development/webscarab\">WebScarab</A>."); .add("Try removing a parameter ENTIRELY with <A href=\"http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project\">OWASP ZAP</A>.");
return hints; return hints;
} }

View File

@ -92,7 +92,7 @@ public class HttpBasics extends LessonAdapter {
List<String> hints = new ArrayList<String>(); List<String> hints = new ArrayList<String>();
hints.add("Type in your name and press 'go'"); hints.add("Type in your name and press 'go'");
hints.add("Turn on Show Parameters or other features"); hints.add("Turn on Show Parameters or other features");
hints.add("Try to intercept the request with WebScarab"); hints.add("Try to intercept the request with OWASP ZAP");
hints.add("Press the Show Lesson Plan button to view a lesson summary"); hints.add("Press the Show Lesson Plan button to view a lesson summary");
hints.add("Press the Show Solution button to view a lesson solution"); hints.add("Press the Show Solution button to view a lesson solution");

View File

@ -213,22 +213,16 @@ public class HttpSplitting extends SequentialLessonAdapter
protected List<String> getHints(WebSession s) protected List<String> getHints(WebSession s)
{ {
List<String> hints = new ArrayList<String>(); List<String> hints = new ArrayList<String>();
hints.add("Enter a language for the system to search by."); hints.add("Enter a language for the system to search by.");
hints.add("Use CR (%0d) and LF (%0a) for a new line in Windows and only LF (%0a) in Linux."); hints.add("Use CR (%0d) and LF (%0a) for a new line in Windows and only LF (%0a) in Linux.");
hints.add("The Content-Length: 0 will tell the server that the first request is over."); hints.add("The Content-Length: 0 will tell the server that the first request is over.");
hints.add("A 200 OK message looks like this: HTTP/1.1 200 OK"); hints.add("A 200 OK message looks like this: HTTP/1.1 200 OK");
hints hints.add("NOTE: THIS HINT IS FOR WINDOWS AND HAS TO BE ALTERED FOR ANOTHER SYSTEM <br/> Try: foobar%0D%0AContent-Length%3A%200%0D%0A%0D%0AHTTP%2F1.1%20200%20OK%0D%0AContent-Type%3A%20text%2Fhtml%0D%0AContent-Length%3A%2047%0D%0A%0D%0A%3Chtml%3EHacked!%3C%2Fhtml%3E <br/>For insight into what this does, use the PHP charset encoder to decode it.");
.add("NOTE: THIS HINT IS FOR WINDOWS AND HAS TO BE ALTERED FOR ANOTHER SYSTEM <br/> Try: foobar%0D%0AContent-Length%3A%200%0D%0A%0D%0AHTTP%2F1.1%20200%20OK%0D%0AContent-Type%3A%20text%2Fhtml%0D%0AContent-Length%3A%2047%0D%0A%0D%0A%3Chtml%3EHacked!%3C%2Fhtml%3E <br/>For insight into what this does, use the PHP charset encoder to decode it."); hints.add("Cache Poisoning starts with including 'Last-Modified' header in the hijacked page and setting it to a future date.");
hints hints.add("NOTE: THIS HINT IS FOR WINDOWS AND HAS TO BE ALTERED FOR ANOTHER SYSTEM <br/>Try foobar%0D%0AContent-Length%3A%200%0D%0A%0D%0AHTTP%2F1.1%20200%20OK%0D%0AContent-Type%3A%20text%2Fhtml%0D%0ALast-Modified%3A%20Mon%2C%2027%20Oct%202080%2014%3A50%3A18%20GMT%0D%0AContent-Length%3A%2047%0D%0A%0D%0A%3Chtml%3EHacked%20J%3C%2Fhtml%3E");
.add("Cache Poisoning starts with including 'Last-Modified' header in the hijacked page and setting it to a future date."); hints.add("'Last-Modified' header forces the browser to send a 'If-Modified-Since' header. Some cache servers will take the bait and keep serving the hijacked page");
hints hints.add("NOTE: THIS HINT IS FOR WINDOWS AND HAS TO BE ALTERED FOR ANOTHER SYSTEM <br/>Try to intercept the reply and add HTTP/1.1 304 Not Modified0d%0aDate:%20Mon,%2027%20Oct%202030%2014:50:18%20GMT");
.add("NOTE: THIS HINT IS FOR WINDOWS AND HAS TO BE ALTERED FOR ANOTHER SYSTEM <br/>Try foobar%0D%0AContent-Length%3A%200%0D%0A%0D%0AHTTP%2F1.1%20200%20OK%0D%0AContent-Type%3A%20text%2Fhtml%0D%0ALast-Modified%3A%20Mon%2C%2027%20Oct%202080%2014%3A50%3A18%20GMT%0D%0AContent-Length%3A%2047%0D%0A%0D%0A%3Chtml%3EHacked%20J%3C%2Fhtml%3E");
hints
.add("'Last-Modified' header forces the browser to send a 'If-Modified-Since' header. Some cache servers will take the bait and keep serving the hijacked page");
hints
.add("NOTE: THIS HINT IS FOR WINDOWS AND HAS TO BE ALTERED FOR ANOTHER SYSTEM <br/>Try to intercept the reply and add HTTP/1.1 304 Not Modified0d%0aDate:%20Mon,%2027%20Oct%202030%2014:50:18%20GMT");
return hints; return hints;
} }

View File

@ -107,7 +107,7 @@ public class SQLInjection extends GoatHillsFinancial
+ "Try appending a SQL statement that always resolves to true"); + "Try appending a SQL statement that always resolves to true");
// Stage 1 // Stage 1
hints.add("You may need to use WebScarab to remove a field length limit to fit your attack."); hints.add("You may need to use OWASP ZAP to remove a field length limit to fit your attack.");
hints.add("Try entering a password of [ smith' OR '1' = '1 ]."); hints.add("Try entering a password of [ smith' OR '1' = '1 ].");
// Stage 2 // Stage 2

View File

@ -124,7 +124,7 @@ public class WsSqlInjection extends LessonAdapter
+ "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;/ns1:getCreditCard&gt; <br>" + "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;/ns1:getCreditCard&gt; <br>"
+ "&nbsp;&nbsp;&nbsp;&nbsp;&lt;/SOAP-ENV:Body&gt; <br>" + "&nbsp;&nbsp;&nbsp;&nbsp;&lt;/SOAP-ENV:Body&gt; <br>"
+ "&nbsp;&nbsp;&lt;/SOAP-ENV:Envelope&gt; <br>" + ""); + "&nbsp;&nbsp;&lt;/SOAP-ENV:Envelope&gt; <br>" + "");
hints.add("Use the \"Webservices\" Functions in WebScarab."); hints.add("Use the \"Webservices\" Functions in OWASP ZAP.");
/* /*
* "&lt;?xml version=\"1.0\" encoding=\"UTF-8\"?&gt; <br>" + " &lt;SOAP-ENV:Envelope * "&lt;?xml version=\"1.0\" encoding=\"UTF-8\"?&gt; <br>" + " &lt;SOAP-ENV:Envelope
* xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" <br>" + " * xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" <br>" + "

View File

@ -55,7 +55,7 @@ Refresh=Refresh
WeakAuthenticationCookieHints1=The server authenticates the user using a cookie, if you send the right cookie. WeakAuthenticationCookieHints1=The server authenticates the user using a cookie, if you send the right cookie.
WeakAuthenticationCookieHints2=Is the AuthCookie value guessable knowing the username and password? WeakAuthenticationCookieHints2=Is the AuthCookie value guessable knowing the username and password?
WeakAuthenticationCookieHints3=Add 'AuthCookie=********;' to the Cookie: header using <A href=\"http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project\">WebScarab</A>. WeakAuthenticationCookieHints3=Add 'AuthCookie=********;' to the Cookie: header using <A href=\"https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project \">WebScarab</A>.
WeakAuthenticationCookieHints4=After logging in as webgoat a cookie is added. 65432ubphcfx<br/>After logging in as aspect a cookie is added. 65432udfqtb<br/>Is there anything similar about the cookies and the login names? WeakAuthenticationCookieHints4=After logging in as webgoat a cookie is added. 65432ubphcfx<br/>After logging in as aspect a cookie is added. 65432udfqtb<br/>Is there anything similar about the cookies and the login names?
#RemoteAdminFlaw.java #RemoteAdminFlaw.java
@ -199,7 +199,7 @@ ThisAmountCharged=This amount will be charged to your credit card immediately.
HiddenFieldTamperingHint1=This application is using hidden fields to transmit price information to the server. HiddenFieldTamperingHint1=This application is using hidden fields to transmit price information to the server.
HiddenFieldTamperingHint2=Use a program to intercept and change the value in the hidden field. HiddenFieldTamperingHint2=Use a program to intercept and change the value in the hidden field.
HiddenFieldTamperingHint3=Use <A href=\"http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project\">WebScarab</A> to change the price of the TV from " HiddenFieldTamperingHint3=Use <A href=\"https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project \">WebScarab</A> to change the price of the TV from "
HiddenFieldTamperingHint32= to HiddenFieldTamperingHint32= to
# Modify data with SQL Injection # Modify data with SQL Injection
@ -219,8 +219,8 @@ SqlAddDataHint5=SOLUTION:<br/>bar'; INSERT INTO salaries VALUES ('cwillis', 9999
# Bypass Html Field Restrictions # Bypass Html Field Restrictions
BypassHtmlFieldRestrictionsHint1=You must re-enable the disabled form field or manually add its parameter name to your request. BypassHtmlFieldRestrictionsHint1=You must re-enable the disabled form field or manually add its parameter name to your request.
BypassHtmlFieldRestrictionsHint2=You can use <A href=\"http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project\">WebScarab</A> to intercept requests and make changes. BypassHtmlFieldRestrictionsHint2=You can use <A href=\"https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project \">WebScarab</A> to intercept requests and make changes.
BypassHtmlFieldRestrictionsHint3=Rather than using <A href=\"http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project\">WebScarab</A>, you could instead use the <A href=\"http://chrispederick.com/work/web-developer/\">Web Developer</a> and/or <A href=\"http://devels-playground.blogspot.com/\">Hackbar</a> Firefox extensions to complete this lesson. BypassHtmlFieldRestrictionsHint3=Rather than using <A href=\"https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project \">WebScarab</A>, you could instead use the <A href=\"http://chrispederick.com/work/web-developer/\">Web Developer</a> and/or <A href=\"http://devels-playground.blogspot.com/\">Hackbar</a> Firefox extensions to complete this lesson.

View File

@ -55,7 +55,7 @@ Refresh=Neu Laden
WeakAuthenticationCookieHints1=The server authenticates the user using a cookie, if you send the right cookie. WeakAuthenticationCookieHints1=The server authenticates the user using a cookie, if you send the right cookie.
WeakAuthenticationCookieHints2=Is the AuthCookie value guessable knowing the username and password? WeakAuthenticationCookieHints2=Is the AuthCookie value guessable knowing the username and password?
WeakAuthenticationCookieHints3=Add 'AuthCookie=********;' to the Cookie: header using <A href=\"http://www.owasp.org/development/webscarab\">WebScarab</A>. WeakAuthenticationCookieHints3=Add 'AuthCookie=********;' to the Cookie: header using <A href=\"https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project \">WebScarab</A>.
WeakAuthenticationCookieHints4=After logging in as webgoat a cookie is added. 65432ubphcfx<br/>After logging in as aspect a cookie is added. 65432udfqtb<br/>Is there anything similar about the cookies and the login names? WeakAuthenticationCookieHints4=After logging in as webgoat a cookie is added. 65432ubphcfx<br/>After logging in as aspect a cookie is added. 65432udfqtb<br/>Is there anything similar about the cookies and the login names?
#RemoteAdminFlaw.java #RemoteAdminFlaw.java
@ -199,7 +199,7 @@ ThisAmountCharged=Ihre Kreditkarte wird sofort mit dem Betrag belastet
HiddenFieldTamperingHint1=Die Applikation nutzt ein verstecktes Feld um Preisinformationen an den Server zu <20>bertragen. HiddenFieldTamperingHint1=Die Applikation nutzt ein verstecktes Feld um Preisinformationen an den Server zu <20>bertragen.
HiddenFieldTamperingHint2=Benutzen Sie ein Programm um den Wert des versteckten Feldes abzufangen und zu ver<65>ndern. HiddenFieldTamperingHint2=Benutzen Sie ein Programm um den Wert des versteckten Feldes abzufangen und zu ver<65>ndern.
HiddenFieldTamperingHint3=Benutzen Sie <A href=\"http://www.owasp.org/development/webscarab\">WebScarab</A> um den Preis des Fernsehers auf einen anderen Wert einzustellen. HiddenFieldTamperingHint3=Benutzen Sie <A href=\"https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project \">WebScarab</A> um den Preis des Fernsehers auf einen anderen Wert einzustellen.
HiddenFieldTamperingHint32= bis HiddenFieldTamperingHint32= bis

View File

@ -55,7 +55,7 @@ Refresh=\u041E\u0431\u043D\u043E\u0432\u0438\u0442\u044C
WeakAuthenticationCookieHints1=\u0421\u0435\u0440\u0432\u0435\u0440 \u0430\u0443\u0442\u0435\u043D\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u0443\u0435\u0442 \u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u0442\u0435\u043B\u044F \u0441 \u0438\u0441\u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u043D\u0438\u0435\u043C cookie \u0435\u0441\u043B\u0438 \u0432 \u043D\u0438\u0445 \u043D\u0430\u0445\u043E\u0434\u044F\u0442\u0441\u044F \u0432\u0435\u0440\u043D\u044B\u0435 \u0434\u0430\u043D\u043D\u044B\u0435 WeakAuthenticationCookieHints1=\u0421\u0435\u0440\u0432\u0435\u0440 \u0430\u0443\u0442\u0435\u043D\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u0443\u0435\u0442 \u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u0442\u0435\u043B\u044F \u0441 \u0438\u0441\u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u043D\u0438\u0435\u043C cookie \u0435\u0441\u043B\u0438 \u0432 \u043D\u0438\u0445 \u043D\u0430\u0445\u043E\u0434\u044F\u0442\u0441\u044F \u0432\u0435\u0440\u043D\u044B\u0435 \u0434\u0430\u043D\u043D\u044B\u0435
WeakAuthenticationCookieHints2=\u041C\u043E\u0436\u043D\u043E \u043B\u0438 \u0443\u0433\u0430\u0434\u0430\u0442\u044C \u043B\u043E\u0433\u0438\u043D \u0438 \u043F\u0430\u0440\u043E\u043B\u044C \u0438\u0437 AuthCookie? WeakAuthenticationCookieHints2=\u041C\u043E\u0436\u043D\u043E \u043B\u0438 \u0443\u0433\u0430\u0434\u0430\u0442\u044C \u043B\u043E\u0433\u0438\u043D \u0438 \u043F\u0430\u0440\u043E\u043B\u044C \u0438\u0437 AuthCookie?
WeakAuthenticationCookieHints3=\u0414\u043E\u0431\u0430\u0432\u044C\u0442\u0435 'AuthCookie=********;' \u0432 \u0437\u0430\u0433\u043E\u043B\u043E\u0432\u043E\u043A 'Cookie:' \u0438\u0441\u043F\u043E\u043B\u044C\u0437\u0443\u044F <A href=\"http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project\">WebScarab</A>. WeakAuthenticationCookieHints3=\u0414\u043E\u0431\u0430\u0432\u044C\u0442\u0435 'AuthCookie=********;' \u0432 \u0437\u0430\u0433\u043E\u043B\u043E\u0432\u043E\u043A 'Cookie:' \u0438\u0441\u043F\u043E\u043B\u044C\u0437\u0443\u044F <A href=\"https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project \">WebScarab</A>.
WeakAuthenticationCookieHints4=\u041F\u043E\u0441\u043B\u0435 \u0442\u043E\u0433\u043E \u043A\u0430\u043A \u0432\u044B \u0432\u043E\u0448\u043B\u0438 \u043F\u043E\u0434 \u0438\u043C\u0435\u043D\u0435\u043C webgoat \u0443 \u0432\u0430\u0441 \u043F\u043E\u044F\u0432\u0438\u043B\u0438\u0441\u044C \u043D\u043E\u0432\u044B\u0435 cookie \u0441\u043E \u0437\u043D\u0430\u0447\u0435\u043D\u0438\u0435\u043C '65432ubphcfx'<br/>\u041F\u043E\u0441\u043B\u0435 \u0432\u0445\u043E\u0434\u0430 \u043F\u043E\u0434 \u0438\u043C\u0435\u043D\u0435\u043C aspect \u0443 \u0432\u0430\u0441 \u043F\u043E\u044F\u0432\u0438\u043B\u0438\u0441\u044C \u043D\u043E\u0432\u044B\u0435 cookie \u0441\u043E \u0437\u043D\u0430\u0447\u0435\u043D\u0438\u0435\u043C '65432udfqtb'<br/>\u0415\u0441\u0442\u044C \u043B\u0438 \u0447\u0442\u043E-\u0442\u043E \u043E\u0431\u0449\u0435\u0435 \u043C\u0435\u0436\u0434\u0443 cookies \u0438 \u0432\u0432\u043E\u0434\u0438\u043C\u044B\u043C\u0438 \u043B\u043E\u0433\u0438\u043D\u0430\u043C\u0438? WeakAuthenticationCookieHints4=\u041F\u043E\u0441\u043B\u0435 \u0442\u043E\u0433\u043E \u043A\u0430\u043A \u0432\u044B \u0432\u043E\u0448\u043B\u0438 \u043F\u043E\u0434 \u0438\u043C\u0435\u043D\u0435\u043C webgoat \u0443 \u0432\u0430\u0441 \u043F\u043E\u044F\u0432\u0438\u043B\u0438\u0441\u044C \u043D\u043E\u0432\u044B\u0435 cookie \u0441\u043E \u0437\u043D\u0430\u0447\u0435\u043D\u0438\u0435\u043C '65432ubphcfx'<br/>\u041F\u043E\u0441\u043B\u0435 \u0432\u0445\u043E\u0434\u0430 \u043F\u043E\u0434 \u0438\u043C\u0435\u043D\u0435\u043C aspect \u0443 \u0432\u0430\u0441 \u043F\u043E\u044F\u0432\u0438\u043B\u0438\u0441\u044C \u043D\u043E\u0432\u044B\u0435 cookie \u0441\u043E \u0437\u043D\u0430\u0447\u0435\u043D\u0438\u0435\u043C '65432udfqtb'<br/>\u0415\u0441\u0442\u044C \u043B\u0438 \u0447\u0442\u043E-\u0442\u043E \u043E\u0431\u0449\u0435\u0435 \u043C\u0435\u0436\u0434\u0443 cookies \u0438 \u0432\u0432\u043E\u0434\u0438\u043C\u044B\u043C\u0438 \u043B\u043E\u0433\u0438\u043D\u0430\u043C\u0438?
#RemoteAdminFlaw.java #RemoteAdminFlaw.java
@ -199,7 +199,7 @@ ThisAmountCharged=\u0414\u0430\u043D\u043D\u0430\u044F \u0441\u0443\u043C\u043C\
HiddenFieldTamperingHint1=\u0414\u0430\u043D\u043D\u043E\u0435 \u043F\u0440\u0438\u043B\u043E\u0436\u0435\u043D\u0438\u0435 \u0438\u0441\u043F\u043E\u043B\u044C\u0437\u0443\u0435\u0442 \u0441\u043A\u0440\u044B\u0442\u044B\u0435 \u043F\u043E\u043B\u044F \u0434\u043B\u044F \u043F\u0435\u0440\u0435\u0434\u0430\u0447\u0438 \u0438\u043D\u0444\u043E\u0440\u043C\u0430\u0446\u0438\u0438 \u043E \u0446\u0435\u043D\u0435 \u043D\u0430 \u0441\u0442\u043E\u0440\u043E\u043D\u0443 \u0441\u0435\u0440\u0432\u0435\u0440\u0430. HiddenFieldTamperingHint1=\u0414\u0430\u043D\u043D\u043E\u0435 \u043F\u0440\u0438\u043B\u043E\u0436\u0435\u043D\u0438\u0435 \u0438\u0441\u043F\u043E\u043B\u044C\u0437\u0443\u0435\u0442 \u0441\u043A\u0440\u044B\u0442\u044B\u0435 \u043F\u043E\u043B\u044F \u0434\u043B\u044F \u043F\u0435\u0440\u0435\u0434\u0430\u0447\u0438 \u0438\u043D\u0444\u043E\u0440\u043C\u0430\u0446\u0438\u0438 \u043E \u0446\u0435\u043D\u0435 \u043D\u0430 \u0441\u0442\u043E\u0440\u043E\u043D\u0443 \u0441\u0435\u0440\u0432\u0435\u0440\u0430.
HiddenFieldTamperingHint2=\u0418\u0441\u043F\u043E\u043B\u044C\u0437\u0443\u0439\u0442\u0435 \u043F\u0440\u043E\u0433\u0440\u0430\u043C\u043C\u044B \u0434\u043B\u044F \u043F\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u0430 \u0437\u0430\u043F\u0440\u043E\u0441\u043E\u0432 \u0434\u043B\u044F \u0442\u043E\u0433\u043E \u0447\u0442\u043E\u0431 \u0438\u0437\u043C\u0435\u043D\u0438\u0442\u044C \u0437\u043D\u0430\u0447\u0435\u043D\u0438\u0435 \u0441\u043A\u0440\u044B\u0442\u044B\u0445 \u043F\u043E\u043B\u0435\u0439. HiddenFieldTamperingHint2=\u0418\u0441\u043F\u043E\u043B\u044C\u0437\u0443\u0439\u0442\u0435 \u043F\u0440\u043E\u0433\u0440\u0430\u043C\u043C\u044B \u0434\u043B\u044F \u043F\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u0430 \u0437\u0430\u043F\u0440\u043E\u0441\u043E\u0432 \u0434\u043B\u044F \u0442\u043E\u0433\u043E \u0447\u0442\u043E\u0431 \u0438\u0437\u043C\u0435\u043D\u0438\u0442\u044C \u0437\u043D\u0430\u0447\u0435\u043D\u0438\u0435 \u0441\u043A\u0440\u044B\u0442\u044B\u0445 \u043F\u043E\u043B\u0435\u0439.
HiddenFieldTamperingHint3=\u0418\u0441\u043F\u043E\u043B\u044C\u0437\u0443\u0439\u0442\u0435 <A href=\"http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project\">WebScarab</A> \u0434\u0434\u044F \u0442\u043E\u0433\u043E \u0447\u0442\u043E\u0431 \u0438\u0437\u043C\u0435\u043D\u0438\u0442\u044C \u0446\u0435\u043D\u0443 TV \u0441 " HiddenFieldTamperingHint3=\u0418\u0441\u043F\u043E\u043B\u044C\u0437\u0443\u0439\u0442\u0435 <A href=\"https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project \">WebScarab</A> \u0434\u0434\u044F \u0442\u043E\u0433\u043E \u0447\u0442\u043E\u0431 \u0438\u0437\u043C\u0435\u043D\u0438\u0442\u044C \u0446\u0435\u043D\u0443 TV \u0441 "
HiddenFieldTamperingHint32= \u043D\u0430 HiddenFieldTamperingHint32= \u043D\u0430
# Modify data with SQL Injection # Modify data with SQL Injection
@ -219,5 +219,5 @@ SqlAddDataHint5=\u0420\u0415\u0428\u0415\u041D\u0418\u0415:<br/>bar'; INSERT INT
# Bypass Html Field Restrictions # Bypass Html Field Restrictions
BypassHtmlFieldRestrictionsHint1=\u0412\u044B \u0434\u043E\u043B\u0436\u043D\u044B \u0440\u0430\u0437\u0431\u043B\u043E\u043A\u0438\u0440\u043E\u0432\u0430\u0442\u044C \u043E\u0442\u043A\u043B\u044E\u0447\u0435\u043D\u043D\u044B\u0435 \u043F\u043E\u043B\u044F \u0444\u043E\u0440\u043C\u044B \u0438\u043B\u0438 \u0432\u0440\u0443\u0447\u043D\u0443\u044E \u0434\u043E\u0431\u0430\u0432\u0438\u0442\u044C \u0441\u043E\u043E\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0443\u044E\u0449\u0438\u0435 \u043F\u0430\u0440\u0430\u043C\u0435\u0442\u0440\u044B \u0432 \u0437\u0430\u043F\u0440\u043E\u0441. BypassHtmlFieldRestrictionsHint1=\u0412\u044B \u0434\u043E\u043B\u0436\u043D\u044B \u0440\u0430\u0437\u0431\u043B\u043E\u043A\u0438\u0440\u043E\u0432\u0430\u0442\u044C \u043E\u0442\u043A\u043B\u044E\u0447\u0435\u043D\u043D\u044B\u0435 \u043F\u043E\u043B\u044F \u0444\u043E\u0440\u043C\u044B \u0438\u043B\u0438 \u0432\u0440\u0443\u0447\u043D\u0443\u044E \u0434\u043E\u0431\u0430\u0432\u0438\u0442\u044C \u0441\u043E\u043E\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0443\u044E\u0449\u0438\u0435 \u043F\u0430\u0440\u0430\u043C\u0435\u0442\u0440\u044B \u0432 \u0437\u0430\u043F\u0440\u043E\u0441.
BypassHtmlFieldRestrictionsHint2=\u0412\u044B \u043C\u043E\u0436\u0435\u0442\u0435 \u0438\u0441\u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u0442\u044C <A href=\"http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project\">WebScarab</A> \u0434\u043B\u044F \u043F\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u0430 \u0438 \u0438\u0437\u043C\u0435\u043D\u0435\u043D\u0438\u044F \u0434\u0430\u043D\u043D\u044B\u0445. BypassHtmlFieldRestrictionsHint2=\u0412\u044B \u043C\u043E\u0436\u0435\u0442\u0435 \u0438\u0441\u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u0442\u044C <A href=\"https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project \">WebScarab</A> \u0434\u043B\u044F \u043F\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u0430 \u0438 \u0438\u0437\u043C\u0435\u043D\u0435\u043D\u0438\u044F \u0434\u0430\u043D\u043D\u044B\u0445.
BypassHtmlFieldRestrictionsHint3=\u041F\u0435\u0440\u0435\u0434 \u0442\u0435\u043C \u043A\u0430\u043A \u0438\u0441\u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u0442\u044C <A href=\"http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project\">WebScarab</A> \u0432\u044B \u043C\u043E\u0436\u0435\u0442\u0435 \u0432\u043E\u0441\u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u0442\u044C\u0441\u044F \u0441\u043B\u0435\u0434\u0443\u044E\u0449\u0438\u043C\u0438 \u043F\u043B\u0430\u0433\u0438\u043D\u0430\u043C\u0438 \u0434\u043B\u044F Firefox - <A href=\"http://chrispederick.com/work/web-developer/\">Web Developer</a> \u0438/\u0438\u043B\u0438 <A href=\"http://devels-playground.blogspot.com/\">Hackbar</a>. BypassHtmlFieldRestrictionsHint3=\u041F\u0435\u0440\u0435\u0434 \u0442\u0435\u043C \u043A\u0430\u043A \u0438\u0441\u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u0442\u044C <A href=\"https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project \">WebScarab</A> \u0432\u044B \u043C\u043E\u0436\u0435\u0442\u0435 \u0432\u043E\u0441\u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u0442\u044C\u0441\u044F \u0441\u043B\u0435\u0434\u0443\u044E\u0449\u0438\u043C\u0438 \u043F\u043B\u0430\u0433\u0438\u043D\u0430\u043C\u0438 \u0434\u043B\u044F Firefox - <A href=\"http://chrispederick.com/work/web-developer/\">Web Developer</a> \u0438/\u0438\u043B\u0438 <A href=\"http://devels-playground.blogspot.com/\">Hackbar</a>.

View File

@ -75,7 +75,7 @@
</button> </button>
</div><!--toggle navigation end--> </div><!--toggle navigation end-->
<div class="lessonTitle" > <div class="lessonTitle" >
<h1 id="lessonTitle">Lesson Title in here</h1> <h1 id="lessonTitle"></h1>
</div><!--lesson title end--> </div><!--lesson title end-->
<div class="user-nav pull-right" style="margin-right: 75px;"> <div class="user-nav pull-right" style="margin-right: 75px;">
<div class="dropdown" style="display:inline"> <div class="dropdown" style="display:inline">
@ -107,12 +107,12 @@
</header> </header>
<!--sidebar left start--> <!--sidebar left start-->
<aside class="sidebar"> <aside class="sidebar" >
<div id="leftside-navigation" class="nano"> <div id="leftside-navigation" ng-controller="goatMenu" class="nano">
<ul class="nano-content"> <ul class="nano-content">
<li class="sub-menu" ng-repeat="item in menuTopics"> <li class="sub-menu" ng-repeat="item in menuTopics">
<a ng-click="expanded = !expanded" href=""><i class="fa {{item.class}}"></i><span>{{item.name}}</span></a> <a ng-click="accordionMenu(item.id)" href=""><i class="fa {{item.class}}"></i><span>{{item.name}}</span></a><!-- expanded = !expanded-->
<ul class="slideDown" ng-show="expanded"> <ul class="slideDown lessonsAndStages" id="{{item.id}}" isOpen=0>
<li ng-repeat="lesson in item.children"> <li ng-repeat="lesson in item.children">
<a ng-click="renderLesson(lesson.link)" title="link to {{lesson.name}}" href="">{{lesson.name}}</a> <a ng-click="renderLesson(lesson.link)" title="link to {{lesson.name}}" href="">{{lesson.name}}</a>
<span ng-repeat="stage in lesson.children" > <span ng-repeat="stage in lesson.children" >
@ -122,15 +122,13 @@
</ul> </ul>
</li> </li>
</ul> </ul>
</div> </div>
</aside> </aside>
<!--sidebar left end--> <!--sidebar left end-->
<!--main content start--> <!--main content start-->
<section class="main-content-wrapper"> <section class="main-content-wrapper">
<section id="main-content" > <!--ng-controller="goatLesson"-->
<section id="main-content" > <!-- ng-controller="lessonController" -->
<div class="row"> <div class="row">
<div class="col-md-8"> <div class="col-md-8">
<div class="col-md-12" align="left"> <div class="col-md-12" align="left">
@ -149,7 +147,8 @@
<span class="glyphicon-class glyphicon glyphicon-circle-arrow-left" id="showPrevHintBtn" ng-click="viewPrevHint()"></span> <span class="glyphicon-class glyphicon glyphicon-circle-arrow-left" id="showPrevHintBtn" ng-click="viewPrevHint()"></span>
<span class="glyphicon-class glyphicon glyphicon-circle-arrow-right" id="showNextHintBtn" ng-click="viewNextHint()"></span> <span class="glyphicon-class glyphicon glyphicon-circle-arrow-right" id="showNextHintBtn" ng-click="viewNextHint()"></span>
<br/> <br/>
{{curHint}}
<span id="curHintContainer"></span><!--{{curHint}}-->
</div> </div>
</div> </div>
</div> </div>
@ -292,10 +291,10 @@
var DEBUG_FORM_SUBMISSION = false; var DEBUG_FORM_SUBMISSION = false;
$(document).ready(function() { $(document).ready(function() {
//TODO merge appliction.js code into other js files
app.init(); app.init();
//can be augmented later to 'resume' for a given user ... currently kluged to start at fixed lesson
var url = 'attack?Screen=32&menu=5';
angular.element($('#leftside-navigation')).scope().renderLesson(url);
}); });
// make all forms ajax forms // make all forms ajax forms
var options = { var options = {

View File

@ -807,6 +807,12 @@ fieldset[disabled] .btn-warning.active {
display: none; display: none;
background-color: #eee; background-color: #eee;
} }
#showPrevHintBtn, #showNextHintBtn {
cursor: pointer;
}
.info { .info {
color:#e84c3d; color:#e84c3d;
font-weight: bold; font-weight: bold;

View File

@ -3,16 +3,20 @@
/* ### GOAT CONTROLLERS ### */ /* ### GOAT CONTROLLERS ### */
/** Lesson Controller (includes menu stuff) /* menu controller */
* prepares and updates menu topic items for the view var goatMenu = function($scope, $http, $modal, $log, $templateCache) {
*/
goat.controller('goatLesson', function($scope, $http, $modal, $log, $templateCache) {
$scope.cookies = []; $scope.cookies = [];
$scope.params = []; $scope.params = [];
//TODO: implement via separate promise and use config for menu (goat.data.loadMenuData()) $scope.renderMenu = function() {
$http({method: 'GET', url: goatConstants.lessonService}).then( goat.data.loadMenu($http).then( //$http({method: 'GET', url: goatConstants.lessonService})
function(menuData) { function(menuData) {
var menuItems = goat.utils.addMenuClasses(goatConstants.menuPrefix.concat(menuData.data)); var menuItems = goat.utils.addMenuClasses(goatConstants.menuPrefix.concat(menuData.data));
for (var i=0;i<menuItems.length;i++) {
if (menuItems[i].name) {
menuItems[i].id = menuItems[i].name.replace(/\s|\(|\)/g,'');
}
}
$scope.menuTopics = menuItems; $scope.menuTopics = menuItems;
}, },
function(error) { function(error) {
@ -20,43 +24,85 @@ goat.controller('goatLesson', function($scope, $http, $modal, $log, $templateCac
console.error("Error rendering menu: " + error); console.error("Error rendering menu: " + error);
} }
); );
};
$scope.renderLesson = function(url) { $scope.renderLesson = function(url) {
//console.log(url + ' was passed in'); //console.log(url + ' was passed in');
// use jquery to render lesson content to div // use jquery to render lesson content to div
$scope.hintIndex = 0; $scope.hintIndex = 0;
var curScope = $scope; var curScope = $scope;
$('.lessonHelp').hide();
curScope.parameters = goat.utils.scrapeParams(url); curScope.parameters = goat.utils.scrapeParams(url);
goat.data.loadLessonContent(url).then( goat.data.loadLessonContent($http,url).then(
function(reply) { function(reply) {
$("#lesson_content").html(reply); goat.data.loadLessonTitle($http).then(
goat.data.loadLessonTitle().then(
function(reply) { function(reply) {
$("#lessonTitle").text(reply); $("#lessonTitle").text(reply.data);
} }
); );
$("#lesson_content").html(reply.data);
$('#leftside-navigation').height($('#main-content').height()+15)
$scope.$emit('lessonUpdate',{params:curScope.parameters});
}
)};
$scope.accordionMenu = function(id) {
if ($('ul#'+id).attr('isOpen') == 0) {
$scope.expandMe = true;
} else {
$('ul#'+id).slideUp(300).attr('isOpen',0);
return;
}
$('.lessonsAndStages').not('ul#'+id).slideUp(300).attr('isOpen',0);
if ($scope.expandMe) {
$('ul#'+id).slideDown(300).attr('isOpen',1);
}
console.log('accordion for ' + id);
}
$scope.renderMenu();
//can be augmented later to 'resume' for a given user ... currently kluged to start at fixed lesson
var url = 'attack?Screen=32&menu=5';
angular.element($('#leftside-navigation')).scope().renderLesson(url);
}
/*goatMenu.animation('.slideDown', function() {
var NgHideClassName = 'ng-hide';
return {
beforeAddClass: function(element, className, done) {
if (className === NgHideClassName) {
$(element).slideUp(done);
}
},
removeClass: function(element, className, done) {
if (className === NgHideClassName) {
$(element).hide().slideDown(done);
}
}
};
});*/
/* lesson controller */
var goatLesson = function($scope,$http,$log) {
//hook forms //hook forms
goat.utils.makeFormsAjax();
$('#hintsView').hide(); $('#hintsView').hide();
// adjust menu to lessonContent size if necssary // adjust menu to lessonContent size if necssary
//@TODO: this is still clunky ... needs some TLC
if ($('div.panel-body').height() > 400) {
$('#leftside-navigation').height($(window).height());
}
//cookies //cookies
goat.data.loadCookies().then(
$scope.$on('lessonUpdate',function(params){
$scope.parameters = arguments[1].params;
curScope = $scope; //TODO .. update below, this curScope is probably not needed
goat.data.loadCookies($http).then(
function(resp) { function(resp) {
curScope.cookies = resp; curScope.cookies = resp.data;
} }
); );
//hints //hints
curScope.hintIndex = 0; curScope.hintIndex = 0;
goat.data.loadHints().then( goat.data.loadHints($http).then(
function(resp) { function(resp) {
curScope.hints = resp; curScope.hints = resp.data;
if (curScope.hints.length > 0 && curScope.hints[0].hint.indexOf(goatConstants.noHints) === -1) { if (curScope.hints.length > 0 && curScope.hints[0].hint.indexOf(goatConstants.noHints) === -1) {
goat.utils.displayButton('showHintsBtn', true); goat.utils.displayButton('showHintsBtn', true);
} else { } else {
@ -65,27 +111,27 @@ goat.controller('goatLesson', function($scope, $http, $modal, $log, $templateCac
} }
); );
//source //source
goat.data.loadSource().then( goat.data.loadSource($http).then(
function(resp) { function(resp) {
curScope.source = resp; curScope.source = resp.data;
} }
); );
//plan //plan
goat.data.loadPlan().then( goat.data.loadPlan($http).then(
function(resp) { function(resp) {
curScope.plan = resp; curScope.plan = resp.data;
} }
); );
//solution //solution
goat.data.loadSolution().then( goat.data.loadSolution($http).then(
function(resp) { function(resp) {
curScope.solution = resp; curScope.solution = resp.data;
} }
); );
goat.utils.scrollToTop(); });
}
); //goat.utils.scrollToTop();
};
$scope.showLessonSource = function() { $scope.showLessonSource = function() {
$('.lessonHelp').hide(); $('.lessonHelp').hide();
@ -128,23 +174,33 @@ goat.controller('goatLesson', function($scope, $http, $modal, $log, $templateCac
$('.lessonHelp').hide(); $('.lessonHelp').hide();
$('#lesson_hint_row').show(); $('#lesson_hint_row').show();
goat.utils.scrollToHelp(); //goat.utils.scrollToHelp();
//TODO
$scope.curHint = $scope.hints[$scope.hintIndex].hint; $scope.curHint = $scope.hints[$scope.hintIndex].hint;
//$scope.curHint = $sce.trustAsHtml($scope.hints[$scope.hintIndex].hint);
//TODO get html binding workin in the UI ... in the meantime ...
$scope.renderCurHint();
$scope.manageHintButtons(); $scope.manageHintButtons();
}; };
$scope.viewNextHint = function() { $scope.viewNextHint = function() {
$scope.hintIndex++; $scope.hintIndex++;
$scope.curHint = $scope.hints[$scope.hintIndex].hint; $scope.curHint = $scope.hints[$scope.hintIndex].hint;
$scope.renderCurHint();
$scope.manageHintButtons(); $scope.manageHintButtons();
}; };
$scope.viewPrevHint = function() { $scope.viewPrevHint = function() {
$scope.hintIndex--; $scope.hintIndex--;
$scope.curHint = $scope.hints[$scope.hintIndex].hint; $scope.curHint = $scope.hints[$scope.hintIndex].hint;
$scope.renderCurHint();
$scope.manageHintButtons(); $scope.manageHintButtons();
}; };
$scope.renderCurHint = function() {
$('#curHintContainer').html($scope.curHint);
}
$scope.hideHints = function() { $scope.hideHints = function() {
}; };
@ -154,22 +210,6 @@ goat.controller('goatLesson', function($scope, $http, $modal, $log, $templateCac
//remote: 'about.mvc' //remote: 'about.mvc'
}); });
}; };
}
}).animation('.slideDown', function() {
var NgHideClassName = 'ng-hide';
return {
beforeAddClass: function(element, className, done) {
if (className === NgHideClassName) {
$(element).slideUp(done);
}
},
removeClass: function(element, className, done) {
if (className === NgHideClassName) {
$(element).hide().slideDown(done);
}
}
};
});

View File

@ -2,36 +2,39 @@
goat.data = { goat.data = {
/**** jQuery loads ... ****/ /**** jQuery loads ... ****/
loadLessonContent: function (_url) { loadLessonContent: function ($http,_url) {
//TODO: switch to $http (angular) later //TODO: switch to $http (angular) later
//return $http({method:'GET', url: _url}); return $http({method:'GET', url: _url});
//return $.get(_url, {}, null, "html");
return $.get(_url, {}, null, "html");
}, },
loadCookies: function() { loadCookies: function($http) {
return $.get(goatConstants.cookieService, {}); return $http({method: 'GET', url: goatConstants.cookieService});
//return $.get(goatConstants.cookieService, {});
}, },
loadHints: function () { loadHints: function ($http) {
return $.get(goatConstants.hintService, {}); return $http({method: 'GET', url: goatConstants.hintService});
//return $.get(goatConstants.hintService, {});
}, },
loadSource: function() { loadSource: function($http) {
return $.get(goatConstants.sourceService, {}); return $http({method: 'GET', url: goatConstants.sourceService});
//return $.get(goatConstants.sourceService, {});
}, },
loadSolution: function () { loadSolution: function ($http) {
return $.get(goatConstants.solutionService, {}); return $http({method: 'GET', url: goatConstants.solutionService});
//return $.get(goatConstants.solutionService, {});
}, },
loadPlan: function () { loadPlan: function ($http) {
return $.get(goatConstants.lessonPlanService, {}); return $http({method: 'GET', url: goatConstants.lessonPlanService});
//return $.get(goatConstants.lessonPlanService, {});
}, },
loadParams: function() { loadParams: function($http) {
return $.get(goatConstants.paramsService,{}); return $http({method: 'GET', url: goatConstants.paramsService});
//return $.get(goatConstants.paramsService,{});
}, },
/*** angular data grabs ***/ loadMenu: function($http) {
loadMenuData: function() { return $http({method: 'GET', url: goatConstants.lessonService});
//TODO use goatConstants var for url
return $http({method: 'GET', url: goatConstants.menuService});
}, },
loadLessonTitle: function () { loadLessonTitle: function ($http) {
return $.get(goatConstants.lessonTitleService, {}); return $http({method: 'GET', url: goatConstants.lessonTitleService});
} }
}; };

View File

@ -30,7 +30,7 @@ goat.lesson = {
var scope = this; var scope = this;
goat.data.loadHints().then( goat.data.loadHints().then(
function(resp) { function(resp) {
scope.hints = resp; scope.hints = resp.data;
if (scope.hints.length > 0 && scope.hints[0].hint.indexOf(goatConstants.noHints) === -1) { if (scope.hints.length > 0 && scope.hints[0].hint.indexOf(goatConstants.noHints) === -1) {
goat.utils.displayButton('showHintsBtn',true); goat.utils.displayButton('showHintsBtn',true);
} else { } else {
@ -48,7 +48,7 @@ goat.lesson = {
var scope = this; var scope = this;
goat.data.loadSolution().then( goat.data.loadSolution().then(
function(resp) { function(resp) {
scope.solution = resp; scope.solution = resp.data;
goat.utils.displayButton('showSolutionBtn',true); goat.utils.displayButton('showSolutionBtn',true);
$('#showSolutionBtn').unbind().click(goat.utils.showLessonSolution); $('#showSolutionBtn').unbind().click(goat.utils.showLessonSolution);
return scope; return scope;
@ -64,7 +64,7 @@ goat.lesson = {
var scope = this; var scope = this;
goat.data.loadPlan().then( goat.data.loadPlan().then(
function(resp) { function(resp) {
scope.plan = resp; scope.plan = resp.data;
goat.utils.displayButton('showPlanBtn',true); goat.utils.displayButton('showPlanBtn',true);
$('#showPlanBtn').unbind().click(goat.utils.showLessonPlan); $('#showPlanBtn').unbind().click(goat.utils.showLessonPlan);
return scope; return scope;
@ -79,7 +79,7 @@ goat.lesson = {
var scope = this; var scope = this;
goat.data.loadSource().then( goat.data.loadSource().then(
function(resp) { function(resp) {
scope.source = resp; scope.source = resp.data;
goat.utils.displayButton('showSourceBtn',true); goat.utils.displayButton('showSourceBtn',true);
$('#showSourceBtn').unbind().click(goat.utils.showLessonSource); $('#showSourceBtn').unbind().click(goat.utils.showLessonSource);
return scope; return scope;
@ -94,7 +94,7 @@ goat.lesson = {
var scope = this; var scope = this;
goat.data.loadCookies().then( goat.data.loadCookies().then(
function(resp) { function(resp) {
scope.cookies = resp; scope.cookies = resp.data;
return scope; return scope;
}, },
function(err){ function(err){

View File

@ -53,6 +53,7 @@ goat.utils = {
goat.utils.scrollToHelp(); goat.utils.scrollToHelp();
}, },
scrollToHelp:function() { scrollToHelp:function() {
$('#leftside-navigation').height($('#main-content').height()+15)
var target = $('#lessonHelpsWrapper'); var target = $('#lessonHelpsWrapper');
goat.utils.scrollEasy(target); goat.utils.scrollEasy(target);
}, },