Fix zip slip lesson.

The lesson did not work properly as the directory is reused across several path traversal lessons. First thing before uploading the zip file we now clean the directory. The html had a reference to a location of the profile picture, this was part of a hint but this only causes confusion as this is not indicating to where you need to upload the picture with the Zip Slip vulnerability. The assignment now contains a direct hint as where the image needs to be saved. The assignment is about creating a vulnerable zip file and NOT about guessing where the image should be saved inside WebGoat.
2023-01-05 07:47:38 +01:00
parent 9666597164
commit fcaa2d8589
4 changed files with 41 additions and 20 deletions
--- a/src/main/resources/lessons/pathtraversal/html/PathTraversal.html
+++ b/src/main/resources/lessons/pathtraversal/html/PathTraversal.html
@ -229,8 +229,6 @@
                  enctype="multipart/form-data"
                  action="/WebGoat/PathTraversal/zip-slip">
                <div class="preview text-center">
-                    <img  th:src="@{|~/WebGoat/PathTraversal/zip-slip/profile-image/${#authentication.name}|}" width="1"
-                         height="1" />
                    <img class="preview-img" th:src="@{/images/account.png}" alt="Preview Image" width="200"
                         height="200" id="previewZipSlip"/>
                    <div class="browse-button">