dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add endpoint for the JavaScript to post to

Browse Source 
The JavaScript posts to a random endpoint resulting in a HTTP/405 we now post to an existing endpoint.

Resolves: #1142
This commit is contained in:
Nanne Baars 2021-11-16 14:48:21 +01:00 committed by Nanne Baars
parent f13632578d
commit fc6b0f28df
4 changed files with 17 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
webgoat-lessons/insecure-login/src/main/java/org/owasp/webgoat/insecure_login/InsecureLoginTask.java
View File

@ -24,10 +24,10 @@ package org.owasp.webgoat.insecure_login;
import org.owasp.webgoat.assignments.AssignmentEndpoint;
import org.owasp.webgoat.assignments.AttackResult;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.http.HttpStatus;
import org.springframework.web.bind.annotation.*;
import java.util.Map;
@RestController
public class InsecureLoginTask extends AssignmentEndpoint {
@ -35,9 +35,15 @@ public class InsecureLoginTask extends AssignmentEndpoint {
@PostMapping("/InsecureLogin/task")
@ResponseBody
public AttackResult completed(@RequestParam String username, @RequestParam String password) {
if (username.toString().equals("CaptainJack") && password.toString().equals("BlackPearl")) {
if ("CaptainJack".equals(username) && "BlackPearl".equals(password)) {
return success(this).build();
}
return failed(this).build();
}
@PostMapping("/InsecureLogin/login")
@ResponseStatus(HttpStatus.ACCEPTED)
public void login() {
//only need to exists as the JS needs to call an existing endpoint
}
}

2
webgoat-lessons/insecure-login/src/main/resources/js/credentials.js
View File

@ -1,6 +1,6 @@
function submit_secret_credentials() {
var xhttp = new XMLHttpRequest();
xhttp['open']('POST', '#attack/307/100', true);
xhttp['open']('POST', 'InsecureLogin/login', true);
//sending the request is obfuscated, to descourage js reading
var _0xb7f9=["\x43\x61\x70\x74\x61\x69\x6E\x4A\x61\x63\x6B","\x42\x6C\x61\x63\x6B\x50\x65\x61\x72\x6C","\x73\x74\x72\x69\x6E\x67\x69\x66\x79","\x73\x65\x6E\x64"];xhttp[_0xb7f9[3]](JSON[_0xb7f9[2]]({username:_0xb7f9[0],password:_0xb7f9[1]}))
}

6
webgoat-lessons/insecure-login/src/main/resources/lessonPlans/en/InsecureLogin_Intro.adoc
View File

@ -1,7 +1,7 @@
== Concept
Encryption is a very important tool for secure communication. In this lesson, we will find out, why it should always be employed when sending sensitive data.
=== Concept
Encryption is an essential tool for secure communication. In this lesson, we will find out why it should always be employed when sending sensitive data.
== Goals
=== Goals
* The user should have a basic understanding of packet sniffer usage
* The user will be able to intercept and read unencrypted requests

4
webgoat-lessons/insecure-login/src/main/resources/lessonPlans/en/InsecureLogin_Task.adoc
View File

@ -1,4 +1,4 @@
=== Let's try
Click the "log in" button to send a request containing login credentials of another user.
Then, write these credentials into the appropriate fields and submit to confirm.
Click the "log in" button to send a request containing the login credentials of another user.
Then, write these credentials into the appropriate fields and submit them to confirm.
Try using a packet sniffer to intercept the request.