From fc6b0f28df085caea862cd83bddd264fa138eae0 Mon Sep 17 00:00:00 2001 From: Nanne Baars Date: Tue, 16 Nov 2021 14:48:21 +0100 Subject: [PATCH] Add endpoint for the JavaScript to post to The JavaScript posts to a random endpoint resulting in a HTTP/405 we now post to an existing endpoint. Resolves: #1142 --- .../insecure_login/InsecureLoginTask.java | 16 +++++++++++----- .../src/main/resources/js/credentials.js | 2 +- .../lessonPlans/en/InsecureLogin_Intro.adoc | 6 +++--- .../lessonPlans/en/InsecureLogin_Task.adoc | 4 ++-- 4 files changed, 17 insertions(+), 11 deletions(-) diff --git a/webgoat-lessons/insecure-login/src/main/java/org/owasp/webgoat/insecure_login/InsecureLoginTask.java b/webgoat-lessons/insecure-login/src/main/java/org/owasp/webgoat/insecure_login/InsecureLoginTask.java index 10cb2bc72..2e9b7a26d 100644 --- a/webgoat-lessons/insecure-login/src/main/java/org/owasp/webgoat/insecure_login/InsecureLoginTask.java +++ b/webgoat-lessons/insecure-login/src/main/java/org/owasp/webgoat/insecure_login/InsecureLoginTask.java @@ -24,10 +24,10 @@ package org.owasp.webgoat.insecure_login; import org.owasp.webgoat.assignments.AssignmentEndpoint; import org.owasp.webgoat.assignments.AttackResult; -import org.springframework.web.bind.annotation.PostMapping; -import org.springframework.web.bind.annotation.RequestParam; -import org.springframework.web.bind.annotation.ResponseBody; -import org.springframework.web.bind.annotation.RestController; +import org.springframework.http.HttpStatus; +import org.springframework.web.bind.annotation.*; + +import java.util.Map; @RestController public class InsecureLoginTask extends AssignmentEndpoint { @@ -35,9 +35,15 @@ public class InsecureLoginTask extends AssignmentEndpoint { @PostMapping("/InsecureLogin/task") @ResponseBody public AttackResult completed(@RequestParam String username, @RequestParam String password) { - if (username.toString().equals("CaptainJack") && password.toString().equals("BlackPearl")) { + if ("CaptainJack".equals(username) && "BlackPearl".equals(password)) { return success(this).build(); } return failed(this).build(); } + + @PostMapping("/InsecureLogin/login") + @ResponseStatus(HttpStatus.ACCEPTED) + public void login() { + //only need to exists as the JS needs to call an existing endpoint + } } diff --git a/webgoat-lessons/insecure-login/src/main/resources/js/credentials.js b/webgoat-lessons/insecure-login/src/main/resources/js/credentials.js index b7387c623..5f4e09e09 100755 --- a/webgoat-lessons/insecure-login/src/main/resources/js/credentials.js +++ b/webgoat-lessons/insecure-login/src/main/resources/js/credentials.js @@ -1,6 +1,6 @@ function submit_secret_credentials() { var xhttp = new XMLHttpRequest(); - xhttp['open']('POST', '#attack/307/100', true); + xhttp['open']('POST', 'InsecureLogin/login', true); //sending the request is obfuscated, to descourage js reading var _0xb7f9=["\x43\x61\x70\x74\x61\x69\x6E\x4A\x61\x63\x6B","\x42\x6C\x61\x63\x6B\x50\x65\x61\x72\x6C","\x73\x74\x72\x69\x6E\x67\x69\x66\x79","\x73\x65\x6E\x64"];xhttp[_0xb7f9[3]](JSON[_0xb7f9[2]]({username:_0xb7f9[0],password:_0xb7f9[1]})) } \ No newline at end of file diff --git a/webgoat-lessons/insecure-login/src/main/resources/lessonPlans/en/InsecureLogin_Intro.adoc b/webgoat-lessons/insecure-login/src/main/resources/lessonPlans/en/InsecureLogin_Intro.adoc index bcc3d3ead..a321040c0 100755 --- a/webgoat-lessons/insecure-login/src/main/resources/lessonPlans/en/InsecureLogin_Intro.adoc +++ b/webgoat-lessons/insecure-login/src/main/resources/lessonPlans/en/InsecureLogin_Intro.adoc @@ -1,7 +1,7 @@ -== Concept -Encryption is a very important tool for secure communication. In this lesson, we will find out, why it should always be employed when sending sensitive data. +=== Concept +Encryption is an essential tool for secure communication. In this lesson, we will find out why it should always be employed when sending sensitive data. -== Goals +=== Goals * The user should have a basic understanding of packet sniffer usage * The user will be able to intercept and read unencrypted requests diff --git a/webgoat-lessons/insecure-login/src/main/resources/lessonPlans/en/InsecureLogin_Task.adoc b/webgoat-lessons/insecure-login/src/main/resources/lessonPlans/en/InsecureLogin_Task.adoc index e6e7fea56..5d3c92a85 100755 --- a/webgoat-lessons/insecure-login/src/main/resources/lessonPlans/en/InsecureLogin_Task.adoc +++ b/webgoat-lessons/insecure-login/src/main/resources/lessonPlans/en/InsecureLogin_Task.adoc @@ -1,4 +1,4 @@ === Let's try -Click the "log in" button to send a request containing login credentials of another user. -Then, write these credentials into the appropriate fields and submit to confirm. +Click the "log in" button to send a request containing the login credentials of another user. +Then, write these credentials into the appropriate fields and submit them to confirm. Try using a packet sniffer to intercept the request.