();
+ hints
+ .add("Web applications handle many HTTP requests at the same time.");
+ hints.add("Developers use variables that are not thread safe.");
+ hints
+ .add("Show the Java source code and trace the 'currentUser' variable");
+ hints
+ .add("Open two browsers and send 'jeff' in one and 'dave' in the other.");
+
+ return hints;
+ }
+
+
+ /**
+ * Gets the instructions attribute of the ThreadSafetyProblem object
+ *
+ * @return The instructions value
+ */
+ public String getInstructions(WebSession s)
+ {
+
+ String instructions = "The user should be able to exploit the concurrency error in this web application "
+ + "and view login information for another user that is attempting the same function "
+ + "at the same time. This will require the use of two browsers. Valid user "
+ + "names are 'jeff' and 'dave'."
+ + "Please enter your username to access your account.";
+
+ return (instructions);
+ }
+
+ private final static Integer DEFAULT_RANKING = new Integer(80);
+
+
+ protected Integer getDefaultRanking()
+ {
+ return DEFAULT_RANKING;
+ }
+
+
+ protected Category getDefaultCategory()
+ {
+ return AbstractLesson.GENERAL;
+ }
+
+
+ /**
+ * Gets the title attribute of the ConcurrencyScreen object
+ *
+ * @return The title value
+ */
+ public String getTitle()
+ {
+ return ("How to Exploit Thread Safety Problems");
+ }
+
+
+ /**
+ * Constructor for the ConcurrencyScreen object
+ *
+ * @param s Description of the Parameter
+ */
+ public void handleRequest(WebSession s)
+ {
+ try
{
-
- String instructions = "The user should be able to exploit the concurrency error in this web application " +
- "and view login information for another user that is attempting the same function " +
- "at the same time. This will require the use of two browsers. Valid user " +
- "names are 'jeff' and 'dave'." +
- "
Please enter your username to access your account.";
+ super.handleRequest(s);
- return (instructions );
+ if (connection == null)
+ {
+ connection = DatabaseUtilities.makeConnection(s);
+ }
}
-
-
- private final static Integer DEFAULT_RANKING = new Integer(80);
-
- protected Integer getDefaultRanking()
+ catch (Exception e)
{
- return DEFAULT_RANKING;
- }
-
- protected Category getDefaultCategory()
- {
- return AbstractLesson.GENERAL;
- }
-
- /**
- * Gets the title attribute of the ConcurrencyScreen object
- *
- * @return The title value
- */
- public String getTitle()
- {
- return ( "How to Exploit Thread Safety Problems" );
- }
-
-
- /**
- * Constructor for the ConcurrencyScreen object
- *
- * @param s Description of the Parameter
- */
- public void handleRequest( WebSession s )
- {
- try
- {
- super.handleRequest( s );
-
- if ( connection == null )
- {
- connection = DatabaseUtilities.makeConnection( s );
- }
- }
- catch ( Exception e )
- {
- System.out.println( "Exception caught: " + e );
- e.printStackTrace( System.out );
- }
+ System.out.println("Exception caught: " + e);
+ e.printStackTrace(System.out);
}
+ }
}
-
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/TraceXSS.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/TraceXSS.java
index 2cafb5865..0859b3519 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/TraceXSS.java
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/TraceXSS.java
@@ -19,12 +19,34 @@ import org.owasp.webgoat.session.ECSFactory;
import org.owasp.webgoat.session.WebSession;
import org.owasp.webgoat.util.HtmlEncoder;
-
-/**
- * Copyright (c) 2002 Free Software Foundation developed under the custody of the Open Web
- * Application Security Project (http://www.owasp.org) This software package org.owasp.webgoat.is published by OWASP
- * under the GPL. You should read and accept the LICENSE before you use, modify and/or redistribute
- * this software.
+/*******************************************************************************
+ *
+ *
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ *
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ *
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ *
+ * Getting Source ==============
+ *
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ *
+ * For details, please see http://code.google.com/p/webgoat/
*
* @author Bruce Mayhew WebGoat
* @created October 28, 2003
@@ -33,193 +55,232 @@ import org.owasp.webgoat.util.HtmlEncoder;
public class TraceXSS extends LessonAdapter
{
- /**
- * Description of the Method
- *
- * @param s Description of the Parameter
- * @return Description of the Return Value
- */
+ /**
+ * Description of the Method
+ *
+ * @param s Description of the Parameter
+ * @return Description of the Return Value
+ */
- protected Element createContent( WebSession s )
+ protected Element createContent(WebSession s)
+ {
+
+ ElementContainer ec = new ElementContainer();
+ String regex1 = "^[0-9]{3}$";// any three digits
+ Pattern pattern1 = Pattern.compile(regex1);
+
+ try
{
+ String param1 = s.getParser().getRawParameter("field1", "111");
+ String param2 = HtmlEncoder.encode(s.getParser().getRawParameter(
+ "field2", "4128 3214 0002 1999"));
+ float quantity = 1.0f;
+ float total = 0.0f;
+ float runningTotal = 0.0f;
- ElementContainer ec = new ElementContainer();
- String regex1 = "^[0-9]{3}$";// any three digits
- Pattern pattern1 = Pattern.compile( regex1 );
-
- try
+ // test input field1
+ if (!pattern1.matcher(param1).matches())
+ {
+ if (param1.toLowerCase().indexOf("script") != -1
+ && param1.toLowerCase().indexOf("trace") != -1)
{
- String param1 = s.getParser().getRawParameter( "field1", "111" );
- String param2 = HtmlEncoder.encode( s.getParser().getRawParameter( "field2", "4128 3214 0002 1999" ) );
- float quantity = 1.0f;
- float total = 0.0f;
- float runningTotal = 0.0f;
-
- // test input field1
- if ( !pattern1.matcher( param1 ).matches() )
- {
- if ( param1.toLowerCase().indexOf( "script" ) != -1 && param1.toLowerCase().indexOf( "trace" ) != -1)
- {
- makeSuccess( s );
- }
-
- s.setMessage( "Whoops! You entered " + param1 + " instead of your three digit code. Please try again." );
- }
-
- // FIXME: encode output of field2, then s.setMessage( field2 );
-
- ec.addElement( new HR().setWidth("90%") );
- ec.addElement( new Center().addElement( new H1().addElement( "Shopping Cart " )));
- Table t = new Table().setCellSpacing( 0 ).setCellPadding( 2 ).setBorder( 1 ).setWidth("90%").setAlign("center");
-
- if ( s.isColor() )
- {
- t.setBorder( 1 );
- }
-
- TR tr = new TR();
- tr.addElement( new TH().addElement("Shopping Cart Items -- To Buy Now").setWidth("80%"));
- tr.addElement( new TH().addElement("Price:").setWidth("10%"));
- tr.addElement( new TH().addElement("Quantity:").setWidth("3%"));
- tr.addElement( new TH().addElement("Total").setWidth("7%"));
- t.addElement( tr );
-
- tr = new TR();
- tr.addElement( new TD().addElement("Studio RTA - Laptop/Reading Cart with Tilting Surface - Cherry "));
- tr.addElement( new TD().addElement("69.99").setAlign("right"));
- tr.addElement( new TD().addElement(new Input( Input.TEXT, "QTY1", s.getParser().getStringParameter("QTY1", "1") )).setAlign( "right" ));
- quantity = s.getParser().getFloatParameter("QTY1", 1.0f);
- total = quantity * 69.99f;
- runningTotal += total;
- tr.addElement( new TD().addElement("$" +total));
- t.addElement( tr );
- tr = new TR();
- tr.addElement( new TD().addElement("Dynex - Traditional Notebook Case"));
- tr.addElement( new TD().addElement("27.99").setAlign("right"));
- tr.addElement( new TD().addElement(new Input( Input.TEXT, "QTY2", s.getParser().getStringParameter("QTY2", "1") )).setAlign( "right" ));
- quantity = s.getParser().getFloatParameter("QTY2", 1.0f);
- total = quantity * 27.99f;
- runningTotal += total;
- tr.addElement( new TD().addElement("$" +total));
- t.addElement( tr );
- tr = new TR();
- tr.addElement( new TD().addElement("Hewlett-Packard - Pavilion Notebook with Intel® Centrino™"));
- tr.addElement( new TD().addElement("1599.99").setAlign("right"));
- tr.addElement( new TD().addElement(new Input( Input.TEXT, "QTY3", s.getParser().getStringParameter("QTY3", "1") )).setAlign( "right" ));
- quantity = s.getParser().getFloatParameter("QTY3", 1.0f);
- total = quantity * 1599.99f;
- runningTotal += total;
- tr.addElement( new TD().addElement("$" +total));
- t.addElement( tr );
- tr = new TR();
- tr.addElement( new TD().addElement("3 - Year Performance Service Plan $1000 and Over "));
- tr.addElement( new TD().addElement("299.99").setAlign("right"));
-
- tr.addElement( new TD().addElement(new Input( Input.TEXT, "QTY4", s.getParser().getStringParameter("QTY4", "1") )).setAlign( "right" ));
- quantity = s.getParser().getFloatParameter("QTY4", 1.0f);
- total = quantity * 299.99f;
- runningTotal += total;
- tr.addElement( new TD().addElement("$" +total));
- t.addElement( tr );
-
- ec.addElement(t);
-
- t = new Table().setCellSpacing( 0 ).setCellPadding( 2 ).setBorder( 0 ).setWidth("90%").setAlign("center");
-
- if ( s.isColor() )
- {
- t.setBorder( 1 );
- }
-
- ec.addElement( new BR() );
-
- tr = new TR();
- tr.addElement( new TD().addElement( "The total charged to your credit card:" ) );
- tr.addElement( new TD().addElement( "$" + runningTotal ));
- tr.addElement( new TD().addElement( ECSFactory.makeButton( "Update Cart" )));
- t.addElement( tr );
- tr = new TR();
- tr.addElement( new TD().addElement( " " ).setColSpan(2) );
- t.addElement( tr );
- tr = new TR();
- tr.addElement( new TD().addElement( "Enter your credit card number:" ) );
- tr.addElement( new TD().addElement( new Input( Input.TEXT, "field2", param2 )));
- t.addElement( tr );
- tr = new TR();
- tr.addElement( new TD().addElement( "Enter your three digit access code:" ) );
- tr.addElement( new TD().addElement( new Input( Input.TEXT, "field1", param1 )));
- t.addElement( tr );
-
- Element b = ECSFactory.makeButton( "Purchase" );
- tr = new TR();
- tr.addElement( new TD().addElement( b ).setColSpan(2).setAlign("center"));
- t.addElement( tr );
-
- ec.addElement( t );
- ec.addElement( new BR() );
- ec.addElement( new HR().setWidth("90%") );
+ makeSuccess(s);
}
- catch ( Exception e )
- {
- s.setMessage( "Error generating " + this.getClass().getName() );
- e.printStackTrace();
- }
- return ( ec );
+
+ s
+ .setMessage("Whoops! You entered "
+ + param1
+ + " instead of your three digit code. Please try again.");
+ }
+
+ // FIXME: encode output of field2, then s.setMessage( field2 );
+
+ ec.addElement(new HR().setWidth("90%"));
+ ec.addElement(new Center().addElement(new H1()
+ .addElement("Shopping Cart ")));
+ Table t = new Table().setCellSpacing(0).setCellPadding(2)
+ .setBorder(1).setWidth("90%").setAlign("center");
+
+ if (s.isColor())
+ {
+ t.setBorder(1);
+ }
+
+ TR tr = new TR();
+ tr.addElement(new TH().addElement(
+ "Shopping Cart Items -- To Buy Now").setWidth("80%"));
+ tr.addElement(new TH().addElement("Price:").setWidth("10%"));
+ tr.addElement(new TH().addElement("Quantity:").setWidth("3%"));
+ tr.addElement(new TH().addElement("Total").setWidth("7%"));
+ t.addElement(tr);
+
+ tr = new TR();
+ tr
+ .addElement(new TD()
+ .addElement("Studio RTA - Laptop/Reading Cart with Tilting Surface - Cherry "));
+ tr.addElement(new TD().addElement("69.99").setAlign("right"));
+ tr.addElement(new TD().addElement(
+ new Input(Input.TEXT, "QTY1", s.getParser()
+ .getStringParameter("QTY1", "1")))
+ .setAlign("right"));
+ quantity = s.getParser().getFloatParameter("QTY1", 1.0f);
+ total = quantity * 69.99f;
+ runningTotal += total;
+ tr.addElement(new TD().addElement("$" + total));
+ t.addElement(tr);
+ tr = new TR();
+ tr.addElement(new TD()
+ .addElement("Dynex - Traditional Notebook Case"));
+ tr.addElement(new TD().addElement("27.99").setAlign("right"));
+ tr.addElement(new TD().addElement(
+ new Input(Input.TEXT, "QTY2", s.getParser()
+ .getStringParameter("QTY2", "1")))
+ .setAlign("right"));
+ quantity = s.getParser().getFloatParameter("QTY2", 1.0f);
+ total = quantity * 27.99f;
+ runningTotal += total;
+ tr.addElement(new TD().addElement("$" + total));
+ t.addElement(tr);
+ tr = new TR();
+ tr
+ .addElement(new TD()
+ .addElement("Hewlett-Packard - Pavilion Notebook with Intel® Centrino™"));
+ tr.addElement(new TD().addElement("1599.99").setAlign("right"));
+ tr.addElement(new TD().addElement(
+ new Input(Input.TEXT, "QTY3", s.getParser()
+ .getStringParameter("QTY3", "1")))
+ .setAlign("right"));
+ quantity = s.getParser().getFloatParameter("QTY3", 1.0f);
+ total = quantity * 1599.99f;
+ runningTotal += total;
+ tr.addElement(new TD().addElement("$" + total));
+ t.addElement(tr);
+ tr = new TR();
+ tr
+ .addElement(new TD()
+ .addElement("3 - Year Performance Service Plan $1000 and Over "));
+ tr.addElement(new TD().addElement("299.99").setAlign("right"));
+
+ tr.addElement(new TD().addElement(
+ new Input(Input.TEXT, "QTY4", s.getParser()
+ .getStringParameter("QTY4", "1")))
+ .setAlign("right"));
+ quantity = s.getParser().getFloatParameter("QTY4", 1.0f);
+ total = quantity * 299.99f;
+ runningTotal += total;
+ tr.addElement(new TD().addElement("$" + total));
+ t.addElement(tr);
+
+ ec.addElement(t);
+
+ t = new Table().setCellSpacing(0).setCellPadding(2).setBorder(0)
+ .setWidth("90%").setAlign("center");
+
+ if (s.isColor())
+ {
+ t.setBorder(1);
+ }
+
+ ec.addElement(new BR());
+
+ tr = new TR();
+ tr.addElement(new TD()
+ .addElement("The total charged to your credit card:"));
+ tr.addElement(new TD().addElement("$" + runningTotal));
+ tr.addElement(new TD().addElement(ECSFactory
+ .makeButton("Update Cart")));
+ t.addElement(tr);
+ tr = new TR();
+ tr.addElement(new TD().addElement(" ").setColSpan(2));
+ t.addElement(tr);
+ tr = new TR();
+ tr
+ .addElement(new TD()
+ .addElement("Enter your credit card number:"));
+ tr.addElement(new TD().addElement(new Input(Input.TEXT, "field2",
+ param2)));
+ t.addElement(tr);
+ tr = new TR();
+ tr.addElement(new TD()
+ .addElement("Enter your three digit access code:"));
+ tr.addElement(new TD().addElement(new Input(Input.TEXT, "field1",
+ param1)));
+ t.addElement(tr);
+
+ Element b = ECSFactory.makeButton("Purchase");
+ tr = new TR();
+ tr.addElement(new TD().addElement(b).setColSpan(2).setAlign(
+ "center"));
+ t.addElement(tr);
+
+ ec.addElement(t);
+ ec.addElement(new BR());
+ ec.addElement(new HR().setWidth("90%"));
}
-
-
- /**
- * DOCUMENT ME!
- *
- * @return DOCUMENT ME!
- */
- protected Category getDefaultCategory()
+ catch (Exception e)
{
- return AbstractLesson.A4;
+ s.setMessage("Error generating " + this.getClass().getName());
+ e.printStackTrace();
}
+ return (ec);
+ }
+ /**
+ * DOCUMENT ME!
+ *
+ * @return DOCUMENT ME!
+ */
+ protected Category getDefaultCategory()
+ {
+ return AbstractLesson.A4;
+ }
- /**
- * Gets the hints attribute of the AccessControlScreen object
- *
- * @return The hints value
- */
- protected List getHints()
- {
- List hints = new ArrayList();
- hints.add( "Most web servers support GET/POST. Many default installations also support TRACE");
- hints.add( "JavaScript has the ability to post a URL:
" +
- "<script type=\"text/javascript\">if ( navigator.appName.indexOf(\"Microsoft\") !=-1)" +
- " {var xmlHttp = new ActiveXObject(\"Microsoft.XMLHTTP\");xmlHttp.open(\"GET\", \"./\", false);" +
- " xmlHttp.send();str1=xmlHttp.responseText; " +
- "document.write(str1);</script>");
- hints.add( "Try changing the HTTP GET to a HTTP TRACE" );
- hints.add( "Try a cross site trace (XST) Command:
" +
- "<script type=\"text/javascript\">if ( navigator.appName.indexOf(\"Microsoft\") !=-1)" +
- " {var xmlHttp = new ActiveXObject(\"Microsoft.XMLHTTP\");xmlHttp.open(\"TRACE\", \"./\", false);" +
- " xmlHttp.send();str1=xmlHttp.responseText; while (str1.indexOf(\"\\n\") > -1) str1 = str1.replace(\"\\n\",\"<br>\"); " +
- "document.write(str1);}</script>");
- return hints;
- }
-//
- private final static Integer DEFAULT_RANKING = new Integer(130);
+ /**
+ * Gets the hints attribute of the AccessControlScreen object
+ *
+ * @return The hints value
+ */
+ protected List getHints()
+ {
+ List hints = new ArrayList();
+ hints
+ .add("Most web servers support GET/POST. Many default installations also support TRACE");
+ hints
+ .add("JavaScript has the ability to post a URL:
"
+ + "<script type=\"text/javascript\">if ( navigator.appName.indexOf(\"Microsoft\") !=-1)"
+ + " {var xmlHttp = new ActiveXObject(\"Microsoft.XMLHTTP\");xmlHttp.open(\"GET\", \"./\", false);"
+ + " xmlHttp.send();str1=xmlHttp.responseText; "
+ + "document.write(str1);</script>");
+ hints.add("Try changing the HTTP GET to a HTTP TRACE");
+ hints
+ .add("Try a cross site trace (XST) Command:
"
+ + "<script type=\"text/javascript\">if ( navigator.appName.indexOf(\"Microsoft\") !=-1)"
+ + " {var xmlHttp = new ActiveXObject(\"Microsoft.XMLHTTP\");xmlHttp.open(\"TRACE\", \"./\", false);"
+ + " xmlHttp.send();str1=xmlHttp.responseText; while (str1.indexOf(\"\\n\") > -1) str1 = str1.replace(\"\\n\",\"<br>\"); "
+ + "document.write(str1);}</script>");
+ return hints;
+ }
- protected Integer getDefaultRanking()
- {
- return DEFAULT_RANKING;
- }
+ //
- /**
- * Gets the title attribute of the AccessControlScreen object
- *
- * @return The title value
- */
- public String getTitle()
- {
- return ( "How to Perform Cross Site Trace Attacks" );
- }
+ private final static Integer DEFAULT_RANKING = new Integer(130);
+
+
+ protected Integer getDefaultRanking()
+ {
+ return DEFAULT_RANKING;
+ }
+
+
+ /**
+ * Gets the title attribute of the AccessControlScreen object
+ *
+ * @return The title value
+ */
+ public String getTitle()
+ {
+ return ("How to Perform Cross Site Trace Attacks");
+ }
}
-
-
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/UncheckedEmail.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/UncheckedEmail.java
index 241d0be38..c505031b1 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/UncheckedEmail.java
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/UncheckedEmail.java
@@ -25,11 +25,34 @@ import org.apache.ecs.html.TextArea;
import org.owasp.webgoat.session.ECSFactory;
import org.owasp.webgoat.session.WebSession;
-/**
- * Copyright (c) 2002 Free Software Foundation developed under the custody of the Open Web
- * Application Security Project (http://www.owasp.org) This software package org.owasp.webgoat.is published by OWASP
- * under the GPL. You should read and accept the LICENSE before you use, modify and/or redistribute
- * this software.
+/*******************************************************************************
+ *
+ *
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ *
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ *
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ *
+ * Getting Source ==============
+ *
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ *
+ * For details, please see http://code.google.com/p/webgoat/
*
* @author Bruce Mayhew WebGoat
* @created October 28, 2003
@@ -38,189 +61,204 @@ import org.owasp.webgoat.session.WebSession;
public class UncheckedEmail extends LessonAdapter
{
- private final static String MESSAGE = "msg";
- private final static String TO = "to";
+ private final static String MESSAGE = "msg";
+
+ private final static String TO = "to";
- /**
- * Description of the Method
- *
- * @param s Description of the Parameter
- * @return Description of the Return Value
- */
+ /**
+ * Description of the Method
+ *
+ * @param s Description of the Parameter
+ * @return Description of the Return Value
+ */
- protected Element createContent( WebSession s )
+ protected Element createContent(WebSession s)
+ {
+
+ ElementContainer ec = new ElementContainer();
+ try
{
+ String to = s.getParser().getRawParameter(TO, "");
- ElementContainer ec = new ElementContainer();
- try
- {
- String to = s.getParser().getRawParameter( TO, "" );
+ Table t = new Table().setCellSpacing(0).setCellPadding(2)
+ .setBorder(0).setWidth("90%").setAlign("center");
- Table t = new Table().setCellSpacing( 0 ).setCellPadding( 2 ).setBorder( 0 ).setWidth("90%").setAlign("center");
+ if (s.isColor())
+ {
+ t.setBorder(1);
+ }
- if ( s.isColor() )
- {
- t.setBorder( 1 );
- }
-
- TR tr = new TR();
- tr.addElement( new TH().addElement("Send OWASP your Comments
").setAlign("left").setColSpan(3));
- t.addElement( tr );
-
- tr = new TR();
- tr.addElement( new TD().addElement( " ").setColSpan(3));
- t.addElement( tr );
-
- tr = new TR();
- tr.addElement( new TH().addElement(new H1("Contact Us")).setAlign("left").setWidth("55%").setVAlign("BOTTOM"));
- tr.addElement( new TH().addElement( " "));
- tr.addElement( new TH().addElement(new H3("Contact Information:")).setAlign("left").setVAlign("BOTTOM"));
- t.addElement( tr );
-
-
- tr = new TR();
- tr.addElement( new TD().addElement("We value your comments. To send OWASP your questions or comments regarding the " +
- "WebGoat tool, please enter your comments below. The information you provide will be handled according " +
- "to our Privacy Policy."));
- tr.addElement( new TD().addElement( " "));
- tr.addElement( new TD().addElement("OWASP
" +
- "9175 Guilford Rd
Suite 300
" +
- "Columbia, MD. 21046").setVAlign("top"));
- t.addElement( tr );
-
-
+ TR tr = new TR();
+ tr.addElement(new TH().addElement("Send OWASP your Comments
")
+ .setAlign("left").setColSpan(3));
+ t.addElement(tr);
- tr = new TR();
- tr.addElement( new TD().addElement( " ").setColSpan(3));
- t.addElement( tr );
-
- Input input = new Input( Input.HIDDEN, TO, "webgoat.admin@owasp.org" );
- tr = new TR();
- tr.addElement( new TD().addElement( "Questions or Comments:"));
- tr.addElement( new TD().addElement( " "));
- tr.addElement( new TD().setAlign( "LEFT" ).addElement( input ));
- t.addElement( tr );
-
-
- tr = new TR();
- String message = s.getParser().getRawParameter( MESSAGE, "" );
- TextArea ta = new TextArea( MESSAGE, 5, 40 );
- ta.addElement( new StringElement( convertMetachars(message) ));
- tr.addElement( new TD().setAlign( "LEFT" ).addElement( ta ));
- tr.addElement( new TD().setAlign( "LEFT" ).setVAlign( "MIDDLE" ).addElement( ECSFactory.makeButton( "Send!" ) ) );
- tr.addElement( new TD().addElement( " "));
- t.addElement( tr );
- ec.addElement( t );
+ tr = new TR();
+ tr.addElement(new TD().addElement(" ").setColSpan(3));
+ t.addElement(tr);
- // Eventually we could send the actually mail, but the point should already be made
- //ec.addElement(exec( use java mail here + to));
+ tr = new TR();
+ tr.addElement(new TH().addElement(new H1("Contact Us")).setAlign(
+ "left").setWidth("55%").setVAlign("BOTTOM"));
+ tr.addElement(new TH().addElement(" "));
+ tr.addElement(new TH().addElement(new H3("Contact Information:"))
+ .setAlign("left").setVAlign("BOTTOM"));
+ t.addElement(tr);
- if ( to.length() > 0 )
- {
- Format formatter;
- // Get today's date
- Date date = new Date();
- formatter = new SimpleDateFormat("E, dd MMM yyyy HH:mm:ss Z");
- String today = formatter.format(date);
- // Tue, 09 Jan 2002 22:14:02 -0500
+ tr = new TR();
+ tr
+ .addElement(new TD()
+ .addElement("We value your comments. To send OWASP your questions or comments regarding the "
+ + "WebGoat tool, please enter your comments below. The information you provide will be handled according "
+ + "to our Privacy Policy."));
+ tr.addElement(new TD().addElement(" "));
+ tr.addElement(new TD().addElement(
+ "OWASP
" + "9175 Guilford Rd
Suite 300
"
+ + "Columbia, MD. 21046").setVAlign("top"));
+ t.addElement(tr);
- ec.addElement( new HR() );
- ec.addElement( new Center().addElement( new B().addElement( "You sent the following message to: " + to ) ) );
- ec.addElement( new BR() );
- ec.addElement( new StringElement("Return-Path: <webgoat@owasp.org>"));
- ec.addElement( new BR() );
- ec.addElement( new StringElement("Delivered-To: " + to));
- ec.addElement( new BR() );
- ec.addElement( new StringElement("Received: (qmail 614458 invoked by uid 239); " + today));
- ec.addElement( new BR() );
- ec.addElement( new StringElement("for <" + to+">; " + today ));
- ec.addElement( new BR() );
- ec.addElement( new StringElement("To: " + to));
- ec.addElement( new BR() );
- ec.addElement( new StringElement("From: Blame it on the Goat <webgoat@owasp.org>"));
- ec.addElement( new BR() );
- ec.addElement( new StringElement("Subject: OWASP security issues"));
- ec.addElement( new BR() );
- ec.addElement( new BR() );
- ec.addElement( new StringElement( message ) );
- }
-
- // only complete the lesson if they changed the "to" hidden field
- if ( to.length() > 0 && ! "webgoat.admin@owasp.org".equals( to ) )
- {
- makeSuccess( s );
- }
- }
- catch ( Exception e )
- {
- s.setMessage( "Error generating " + this.getClass().getName() );
- e.printStackTrace();
- }
- return ( ec );
+ tr = new TR();
+ tr.addElement(new TD().addElement(" ").setColSpan(3));
+ t.addElement(tr);
+
+ Input input = new Input(Input.HIDDEN, TO, "webgoat.admin@owasp.org");
+ tr = new TR();
+ tr.addElement(new TD().addElement("Questions or Comments:"));
+ tr.addElement(new TD().addElement(" "));
+ tr.addElement(new TD().setAlign("LEFT").addElement(input));
+ t.addElement(tr);
+
+ tr = new TR();
+ String message = s.getParser().getRawParameter(MESSAGE, "");
+ TextArea ta = new TextArea(MESSAGE, 5, 40);
+ ta.addElement(new StringElement(convertMetachars(message)));
+ tr.addElement(new TD().setAlign("LEFT").addElement(ta));
+ tr.addElement(new TD().setAlign("LEFT").setVAlign("MIDDLE")
+ .addElement(ECSFactory.makeButton("Send!")));
+ tr.addElement(new TD().addElement(" "));
+ t.addElement(tr);
+ ec.addElement(t);
+
+ // Eventually we could send the actually mail, but the point should already be made
+ //ec.addElement(exec( use java mail here + to));
+
+ if (to.length() > 0)
+ {
+ Format formatter;
+ // Get today's date
+ Date date = new Date();
+ formatter = new SimpleDateFormat("E, dd MMM yyyy HH:mm:ss Z");
+ String today = formatter.format(date);
+ // Tue, 09 Jan 2002 22:14:02 -0500
+
+ ec.addElement(new HR());
+ ec
+ .addElement(new Center()
+ .addElement(new B()
+ .addElement("You sent the following message to: "
+ + to)));
+ ec.addElement(new BR());
+ ec.addElement(new StringElement(
+ "Return-Path: <webgoat@owasp.org>"));
+ ec.addElement(new BR());
+ ec.addElement(new StringElement("Delivered-To: " + to));
+ ec.addElement(new BR());
+ ec.addElement(new StringElement(
+ "Received: (qmail 614458 invoked by uid 239); "
+ + today));
+ ec.addElement(new BR());
+ ec.addElement(new StringElement("for <" + to + ">; "
+ + today));
+ ec.addElement(new BR());
+ ec.addElement(new StringElement("To: " + to));
+ ec.addElement(new BR());
+ ec
+ .addElement(new StringElement(
+ "From: Blame it on the Goat <webgoat@owasp.org>"));
+ ec.addElement(new BR());
+ ec.addElement(new StringElement(
+ "Subject: OWASP security issues"));
+ ec.addElement(new BR());
+ ec.addElement(new BR());
+ ec.addElement(new StringElement(message));
+ }
+
+ // only complete the lesson if they changed the "to" hidden field
+ if (to.length() > 0 && !"webgoat.admin@owasp.org".equals(to))
+ {
+ makeSuccess(s);
+ }
}
-
-
- /**
- * DOCUMENT ME!
- *
- * @return DOCUMENT ME!
- */
- protected Category getDefaultCategory()
+ catch (Exception e)
{
- return AbstractLesson.A1;
+ s.setMessage("Error generating " + this.getClass().getName());
+ e.printStackTrace();
}
+ return (ec);
+ }
- /**
- * Gets the hints attribute of the EmailScreen object
- *
- * @return The hints value
- */
- protected List getHints()
- {
- List hints = new ArrayList();
- hints.add( "Try sending an anonymous message to yourself." );
- hints.add( "Try inserting some html or javascript code in the message field" );
- hints.add( "Look at the hidden fields in the HTML.");
- hints.add( "Insert <A href=\"http://www.aspectsecurity.com/webgoat.html\">Click here for Aspect</A> in the message field" );
- hints.add( "Insert <script>alert(\"Bad Stuff\");</script> in the message field" );
- return hints;
- }
+ /**
+ * DOCUMENT ME!
+ *
+ * @return DOCUMENT ME!
+ */
+ protected Category getDefaultCategory()
+ {
+ return AbstractLesson.A1;
+ }
- /**
- * Gets the instructions attribute of the UncheckedEmail object
- *
- * @return The instructions value
- */
- public String getInstructions(WebSession s)
- {
- String instructions = "This form is an example of a customer support page. Using the form below try to:
"
- + "1) Send a malicious script to the website admin.
"
- + "2) Send a malicious script to a 'friend' from OWASP.
";
- return ( instructions );
- }
+ /**
+ * Gets the hints attribute of the EmailScreen object
+ *
+ * @return The hints value
+ */
+ protected List getHints()
+ {
+ List hints = new ArrayList();
+ hints.add("Try sending an anonymous message to yourself.");
+ hints
+ .add("Try inserting some html or javascript code in the message field");
+ hints.add("Look at the hidden fields in the HTML.");
+ hints
+ .add("Insert <A href=\"http://www.aspectsecurity.com/webgoat.html\">Click here for Aspect</A> in the message field");
+ hints
+ .add("Insert <script>alert(\"Bad Stuff\");</script> in the message field");
+ return hints;
+ }
+ /**
+ * Gets the instructions attribute of the UncheckedEmail object
+ *
+ * @return The instructions value
+ */
+ public String getInstructions(WebSession s)
+ {
+ String instructions = "This form is an example of a customer support page. Using the form below try to:
"
+ + "1) Send a malicious script to the website admin.
"
+ + "2) Send a malicious script to a 'friend' from OWASP.
";
+ return (instructions);
+ }
+
+ private final static Integer DEFAULT_RANKING = new Integer(55);
- private final static Integer DEFAULT_RANKING = new Integer(55);
+ protected Integer getDefaultRanking()
+ {
+ return DEFAULT_RANKING;
+ }
- protected Integer getDefaultRanking()
- {
- return DEFAULT_RANKING;
- }
- /**
- * Gets the title attribute of the EmailScreen object
- *
- * @return The title value
- */
- public String getTitle()
- {
- return ( "How to Exploit Unchecked Email" );
- }
+ /**
+ * Gets the title attribute of the EmailScreen object
+ *
+ * @return The title value
+ */
+ public String getTitle()
+ {
+ return ("How to Exploit Unchecked Email");
+ }
}
-
-
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WSDLScanning.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WSDLScanning.java
index af19722ce..d2b5a34b8 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WSDLScanning.java
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WSDLScanning.java
@@ -38,225 +38,312 @@ import org.owasp.webgoat.session.DatabaseUtilities;
import org.owasp.webgoat.session.ECSFactory;
import org.owasp.webgoat.session.WebSession;
-/**
+/*******************************************************************************
+ *
+ *
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ *
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ *
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ *
+ * Getting Source ==============
+ *
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ *
+ * For details, please see http://code.google.com/p/webgoat/
+ *
* @author asmolen
*
* TODO To change the template for this generated type comment go to
* Window - Preferences - Java - Code Style - Code Templates
*/
-public class WSDLScanning extends LessonAdapter {
- static boolean completed = false;
- static boolean beenRestartedYet = false;
- public static Connection connection = null;
+public class WSDLScanning extends LessonAdapter
+{
+
+ static boolean completed = false;
+
+ static boolean beenRestartedYet = false;
+
+ public static Connection connection = null;
+
public final static String firstName = "getFirstName";
+
public final static String lastName = "getLastName";
+
public final static String loginCount = "getLoginCount";
+
public final static String ccNumber = "getCreditCard";
- final static IMG CREDITS_LOGO = new IMG( "images/logos/parasoft.jpg" ).setAlt( "Parasoft" ).setBorder( 0 ).setHspace( 0 ).setVspace( 0 );
+
+ final static IMG CREDITS_LOGO = new IMG("images/logos/parasoft.jpg")
+ .setAlt("Parasoft").setBorder(0).setHspace(0).setVspace(0);
+
protected Category getDefaultCategory()
- {
- return AbstractLesson.WEB_SERVICES;
- }
-
- protected List getHints()
- {
- List hints = new ArrayList();
- hints.add( "Try connecting to the WSDL with a browser or Web Service tool." );
- hints.add( "Sometimes the WSDL will define methods that are not available through a web API. " +
- "Try to find operations that are in the WSDL, but not part of this API");
- hints.add( "The URL for the web service is: http://localost/WebGoat/services/WSDLScanning
" +
- "The WSDL can usually be viewed by adding a ?WSDL on the end of the request.");
- hints.add( "Look in the WSDL for the getCreditCard operation and insert the field in an intercepted request.");
- return hints;
- }
-
- private final static Integer DEFAULT_RANKING = new Integer(120);
-
- protected Integer getDefaultRanking()
- {
- return DEFAULT_RANKING;
- }
-
- public String getTitle()
- {
- return "WSDL Scanning";
- }
- public Object accessWGService(String serv, String proc, String parameterName, Object parameterValue) {
- String targetNamespace = "WebGoat";
- try {
- QName serviceName = new QName(targetNamespace, serv);
- QName operationName = new QName(targetNamespace, proc);
- Service service = new Service();
- Call call = (Call) service.createCall();
- call.setOperationName(operationName);
- call.addParameter( parameterName, serviceName, ParameterMode.INOUT );
- call.setReturnType( XMLType.XSD_STRING );
- call.setUsername("guest");
- call.setPassword("guest");
- call.setTargetEndpointAddress(
- "http://localhost/WebGoat/services/" + serv);
- Object result = call.invoke( new Object[] { parameterValue } );
- return result;
- } catch (RemoteException e) {
- e.printStackTrace();
- } catch (ServiceException e) {
- e.printStackTrace();
- } catch (Exception e) {
- e.printStackTrace();
- }
- return null;
+ {
+ return AbstractLesson.WEB_SERVICES;
}
- protected Element createContent(WebSession s)
+
+
+ protected List getHints()
+ {
+ List hints = new ArrayList();
+ hints
+ .add("Try connecting to the WSDL with a browser or Web Service tool.");
+ hints
+ .add("Sometimes the WSDL will define methods that are not available through a web API. "
+ + "Try to find operations that are in the WSDL, but not part of this API");
+ hints
+ .add("The URL for the web service is: http://localost/WebGoat/services/WSDLScanning
"
+ + "The WSDL can usually be viewed by adding a ?WSDL on the end of the request.");
+ hints
+ .add("Look in the WSDL for the getCreditCard operation and insert the field in an intercepted request.");
+ return hints;
+ }
+
+ private final static Integer DEFAULT_RANKING = new Integer(120);
+
+
+ protected Integer getDefaultRanking()
+ {
+ return DEFAULT_RANKING;
+ }
+
+
+ public String getTitle()
+ {
+ return "WSDL Scanning";
+ }
+
+
+ public Object accessWGService(String serv, String proc,
+ String parameterName, Object parameterValue)
+ {
+ String targetNamespace = "WebGoat";
+ try
{
- ElementContainer ec = new ElementContainer();
-
-
- Table t1 = new Table().setCellSpacing( 0 ).setCellPadding( 2 );
-
- if ( s.isColor() )
- {
- t1.setBorder( 1 );
- }
- TR tr = new TR();
- tr.addElement(new TD( "Enter your account number: " ));
- tr.addElement(new TD( new Input( Input.TEXT, "id", "101")));
- t1.addElement(tr);
-
- tr = new TR();
- tr.addElement( new TD( "Select the fields to return: " ));
- tr.addElement(new TD( new Select("field").setMultiple(true)
- .addElement(new Option(firstName).addElement("First Name"))
- .addElement(new Option(lastName).addElement("Last Name"))
- .addElement(new Option(loginCount).addElement("Login Count"))));
- t1.addElement(tr);
-
- tr = new TR();
- Element b = ECSFactory.makeButton( "Submit" );
- tr.addElement( new TD(b).setAlign("CENTER").setColSpan(2) );
- t1.addElement(tr);
-
- ec.addElement(t1);
-
- try {
- String[] fields = s.getParser().getParameterValues( "field" );
- int id = s.getParser().getIntParameter( "id" );
- if ( connection == null )
- {
- connection = DatabaseUtilities.makeConnection( s );
- }
-
- Table t = new Table().setCellSpacing( 0 ).setCellPadding( 2 ).setBorder( 1 );
-
- if ( s.isColor() )
- {
- t.setBorder( 1 );
- }
- TR header = new TR();
- TR results = new TR();
- for (int i=0; iAspect Security
* @created October 28, 2003
*/
public class WeakAuthenticationCookie extends LessonAdapter
{
- /**
- * Description of the Field
- */
- protected final static String AUTHCOOKIE = "AuthCookie";
- /**
- * Description of the Field
- */
- protected final static String LOGOUT = "WACLogout";
- /**
- * Description of the Field
- */
- protected final static String PASSWORD = "Password";
- /**
- * Description of the Field
- */
- protected final static String USERNAME = "Username";
+
+ /**
+ * Description of the Field
+ */
+ protected final static String AUTHCOOKIE = "AuthCookie";
+
+ /**
+ * Description of the Field
+ */
+ protected final static String LOGOUT = "WACLogout";
+
+ /**
+ * Description of the Field
+ */
+ protected final static String PASSWORD = "Password";
+
+ /**
+ * Description of the Field
+ */
+ protected final static String USERNAME = "Username";
- /**
- * Description of the Method
- *
- * @param s Description of the Parameter
- * @return Description of the Return Value
- * @exception Exception Description of the Exception
- */
- protected String checkCookie( WebSession s ) throws Exception
+ /**
+ * Description of the Method
+ *
+ * @param s Description of the Parameter
+ * @return Description of the Return Value
+ * @exception Exception Description of the Exception
+ */
+ protected String checkCookie(WebSession s) throws Exception
+ {
+ String cookie = getCookie(s);
+
+ if (cookie != null)
{
- String cookie = getCookie( s );
+ if (cookie.equals(encode("webgoat12345")))
+ {
+ return ("webgoat");
+ }
- if ( cookie != null )
- {
- if ( cookie.equals( encode( "webgoat12345" ) ) )
- {
- return ( "webgoat" );
- }
+ if (cookie.equals(encode("aspect12345")))
+ {
+ return ("aspect");
+ }
- if ( cookie.equals( encode( "aspect12345" ) ) )
- {
- return ( "aspect" );
- }
-
- if ( cookie.equals( encode( "alice12345" ) ) )
- {
- makeSuccess( s );
- return ( "alice" );
- }
- else
- {
- s.setMessage( "Invalid cookie" );
- s.eatCookies();
- }
- }
-
- return ( null );
+ if (cookie.equals(encode("alice12345")))
+ {
+ makeSuccess(s);
+ return ("alice");
+ }
+ else
+ {
+ s.setMessage("Invalid cookie");
+ s.eatCookies();
+ }
}
- /**
- * Description of the Method
- *
- * @param s Description of the Parameter
- * @return Description of the Return Value
- * @exception Exception Description of the Exception
- */
- protected String checkParams( WebSession s ) throws Exception
+ return (null);
+ }
+
+
+ /**
+ * Description of the Method
+ *
+ * @param s Description of the Parameter
+ * @return Description of the Return Value
+ * @exception Exception Description of the Exception
+ */
+ protected String checkParams(WebSession s) throws Exception
+ {
+ String username = s.getParser().getStringParameter(USERNAME, "");
+ String password = s.getParser().getStringParameter(PASSWORD, "");
+
+ if ((username.length() > 0) && (password.length() > 0))
{
- String username = s.getParser().getStringParameter( USERNAME, "" );
- String password = s.getParser().getStringParameter( PASSWORD, "" );
+ String loginID = "";
- if ( ( username.length() > 0 ) && ( password.length() > 0 ) )
- {
- String loginID = "";
-
- if ( username.equals( "webgoat" ) && password.equals( "webgoat" ) )
- {
- loginID = encode( "webgoat12345" );
- }
- else if ( username.equals( "aspect" ) && password.equals( "aspect" ) )
- {
- loginID = encode( "aspect12345" );
- }
-
- if ( loginID != "" )
- {
- Cookie newCookie = new Cookie( AUTHCOOKIE, loginID );
- s.setMessage( "Your identity has been remembered" );
- s.getResponse().addCookie( newCookie );
+ if (username.equals("webgoat") && password.equals("webgoat"))
+ {
+ loginID = encode("webgoat12345");
+ }
+ else if (username.equals("aspect") && password.equals("aspect"))
+ {
+ loginID = encode("aspect12345");
+ }
- return ( username );
- }
- else
- {
- s.setMessage( "Invalid username and password entered." );
- }
- }
+ if (loginID != "")
+ {
+ Cookie newCookie = new Cookie(AUTHCOOKIE, loginID);
+ s.setMessage("Your identity has been remembered");
+ s.getResponse().addCookie(newCookie);
- return ( null );
+ return (username);
+ }
+ else
+ {
+ s.setMessage("Invalid username and password entered.");
+ }
}
+ return (null);
+ }
- /**
- * Description of the Method
- *
- * @param s Description of the Parameter
- * @return Description of the Return Value
- */
- protected Element createContent( WebSession s )
+
+ /**
+ * Description of the Method
+ *
+ * @param s Description of the Parameter
+ * @return Description of the Return Value
+ */
+ protected Element createContent(WebSession s)
+ {
+ boolean logout = s.getParser().getBooleanParameter(LOGOUT, false);
+
+ if (logout)
{
- boolean logout = s.getParser().getBooleanParameter( LOGOUT, false );
+ s.setMessage("Goodbye! Your password has been forgotten");
+ s.eatCookies();
- if ( logout )
- {
- s.setMessage( "Goodbye! Your password has been forgotten" );
- s.eatCookies();
-
- return ( makeLogin( s ) );
- }
-
- try
- {
- String user = checkCookie( s );
-
- if ( ( user != null ) && ( user.length() > 0 ) )
- {
- return ( makeUser( s, user, "COOKIE" ) );
- }
-
- user = checkParams( s );
-
- if ( ( user != null ) && ( user.length() > 0 ) )
- {
- return ( makeUser( s, user, "PARAMETERS" ) );
- }
- }
- catch ( Exception e )
- {
- s.setMessage( "Error generating " + this.getClass().getName() );
- e.printStackTrace();
- }
-
- return ( makeLogin( s ) );
+ return (makeLogin(s));
}
-
- /**
- * Description of the Method
- *
- * @param value Description of the Parameter
- * @return Description of the Return Value
- */
- private String encode( String value )
+ try
{
- //
- StringBuffer encoded = new StringBuffer();
+ String user = checkCookie(s);
- for ( int i = 0; i < value.length(); i++ )
- {
- encoded.append( String.valueOf( (char) ( value.charAt( i ) + 1 ) ) );
- }
+ if ((user != null) && (user.length() > 0))
+ {
+ return (makeUser(s, user, "COOKIE"));
+ }
- return encoded.reverse().toString();
- //
+ user = checkParams(s);
+
+ if ((user != null) && (user.length() > 0))
+ {
+ return (makeUser(s, user, "PARAMETERS"));
+ }
+ }
+ catch (Exception e)
+ {
+ s.setMessage("Error generating " + this.getClass().getName());
+ e.printStackTrace();
}
+ return (makeLogin(s));
+ }
- /**
- * Gets the category attribute of the WeakAuthenticationCookie object
- *
- * @return The category value
- */
- protected Category getDefaultCategory()
+
+ /**
+ * Description of the Method
+ *
+ * @param value Description of the Parameter
+ * @return Description of the Return Value
+ */
+ private String encode(String value)
+ {
+ //
+ StringBuffer encoded = new StringBuffer();
+
+ for (int i = 0; i < value.length(); i++)
{
- return AbstractLesson.A3;
+ encoded.append(String.valueOf((char) (value.charAt(i) + 1)));
}
+ return encoded.reverse().toString();
+ //
+ }
- /**
- * Gets the cookie attribute of the CookieScreen object
- *
- * @param s Description of the Parameter
- * @return The cookie value
- */
- protected String getCookie( WebSession s )
+
+ /**
+ * Gets the category attribute of the WeakAuthenticationCookie object
+ *
+ * @return The category value
+ */
+ protected Category getDefaultCategory()
+ {
+ return AbstractLesson.A3;
+ }
+
+
+ /**
+ * Gets the cookie attribute of the CookieScreen object
+ *
+ * @param s Description of the Parameter
+ * @return The cookie value
+ */
+ protected String getCookie(WebSession s)
+ {
+ Cookie[] cookies = s.getRequest().getCookies();
+
+ for (int i = 0; i < cookies.length; i++)
{
- Cookie[] cookies = s.getRequest().getCookies();
-
- for ( int i = 0; i < cookies.length; i++ )
- {
- if ( cookies[i].getName().equalsIgnoreCase( AUTHCOOKIE ) )
- {
- return ( cookies[i].getValue() );
- }
- }
-
- return ( null );
+ if (cookies[i].getName().equalsIgnoreCase(AUTHCOOKIE))
+ {
+ return (cookies[i].getValue());
+ }
}
+ return (null);
+ }
- /**
- * Gets the hints attribute of the CookieScreen object
- *
- * @return The hints value
- */
- protected List getHints()
+
+ /**
+ * Gets the hints attribute of the CookieScreen object
+ *
+ * @return The hints value
+ */
+ protected List getHints()
+ {
+ List hints = new ArrayList();
+ hints
+ .add("The server skips authentication if you send the right cookie.");
+ hints
+ .add("Is the AuthCookie value guessable knowing the username and password?");
+ hints
+ .add("Add 'AuthCookie=********;' to the Cookie: header using WebScarab.");
+
+ return hints;
+ }
+
+
+ /**
+ * Gets the instructions attribute of the WeakAuthenticationCookie object
+ *
+ * @return The instructions value
+ */
+ public String getInstructions(WebSession s)
+ {
+ String instructions = "Login using the webgoat/webgoat account to see what happens. You may also try aspect/aspect. When you understand the authentication cookie, try changing your identity to alice.";
+
+ return (instructions);
+ }
+
+ private final static Integer DEFAULT_RANKING = new Integer(90);
+
+
+ protected Integer getDefaultRanking()
+ {
+ return DEFAULT_RANKING;
+ }
+
+
+ /**
+ * Gets the title attribute of the CookieScreen object
+ *
+ * @return The title value
+ */
+ public String getTitle()
+ {
+ return ("How to Spoof an Authentication Cookie");
+ }
+
+
+ /**
+ * Description of the Method
+ *
+ * @param s Description of the Parameter
+ * @return Description of the Return Value
+ */
+ protected Element makeLogin(WebSession s)
+ {
+ ElementContainer ec = new ElementContainer();
+
+ ec.addElement(new H1().addElement("Sign In "));
+ Table t = new Table().setCellSpacing(0).setCellPadding(2).setBorder(0)
+ .setWidth("90%").setAlign("center");
+
+ if (s.isColor())
{
- List hints = new ArrayList();
- hints.add( "The server skips authentication if you send the right cookie." );
- hints.add( "Is the AuthCookie value guessable knowing the username and password?" );
- hints.add( "Add 'AuthCookie=********;' to the Cookie: header using WebScarab." );
-
- return hints;
+ t.setBorder(1);
}
+ TR tr = new TR();
+ tr
+ .addElement(new TH()
+ .addElement(
+ "Please sign in to your account. See the OWASP admin if you do not have an account.")
+ .setColSpan(2).setAlign("left"));
+ t.addElement(tr);
- /**
- * Gets the instructions attribute of the WeakAuthenticationCookie object
- *
- * @return The instructions value
- */
- public String getInstructions(WebSession s)
- {
- String instructions = "Login using the webgoat/webgoat account to see what happens. You may also try aspect/aspect. When you understand the authentication cookie, try changing your identity to alice.";
+ tr = new TR();
+ tr.addElement(new TD().addElement("*Required Fields").setWidth("30%"));
+ t.addElement(tr);
- return ( instructions );
- }
+ tr = new TR();
+ tr.addElement(new TD().addElement(" ").setColSpan(2));
+ t.addElement(tr);
+
+ TR row1 = new TR();
+ TR row2 = new TR();
+ row1.addElement(new TD(new B(new StringElement("*User Name: "))));
+ row2.addElement(new TD(new B(new StringElement("*Password: "))));
+
+ Input input1 = new Input(Input.TEXT, USERNAME, "");
+ Input input2 = new Input(Input.PASSWORD, PASSWORD, "");
+ row1.addElement(new TD(input1));
+ row2.addElement(new TD(input2));
+ t.addElement(row1);
+ t.addElement(row2);
+
+ Element b = ECSFactory.makeButton("Login");
+ t.addElement(new TR(new TD(b)));
+ ec.addElement(t);
+
+ return (ec);
+ }
+ /**
+ * Description of the Method
+ *
+ * @param s Description of the Parameter
+ * @param user Description of the Parameter
+ * @param method Description of the Parameter
+ * @return Description of the Return Value
+ * @exception Exception Description of the Exception
+ */
+ protected Element makeUser(WebSession s, String user, String method)
+ throws Exception
+ {
+ ElementContainer ec = new ElementContainer();
+ ec.addElement(new P().addElement("Welcome, " + user));
+ ec.addElement(new P().addElement("You have been authenticated with "
+ + method));
+ ec.addElement(new P().addElement(ECSFactory.makeLink("Logout", LOGOUT,
+ true)));
+ ec.addElement(new P()
+ .addElement(ECSFactory.makeLink("Refresh", "", "")));
-
- private final static Integer DEFAULT_RANKING = new Integer(90);
-
- protected Integer getDefaultRanking()
- {
- return DEFAULT_RANKING;
- }
-
- /**
- * Gets the title attribute of the CookieScreen object
- *
- * @return The title value
- */
- public String getTitle()
- {
- return ( "How to Spoof an Authentication Cookie" );
- }
-
-
- /**
- * Description of the Method
- *
- * @param s Description of the Parameter
- * @return Description of the Return Value
- */
- protected Element makeLogin( WebSession s )
- {
- ElementContainer ec = new ElementContainer();
-
- ec.addElement( new H1().addElement( "Sign In " ));
- Table t = new Table().setCellSpacing( 0 ).setCellPadding( 2 ).setBorder( 0 ).setWidth("90%").setAlign("center");
-
- if ( s.isColor() )
- {
- t.setBorder( 1 );
- }
-
- TR tr = new TR();
- tr.addElement( new TH().addElement("Please sign in to your account. See the OWASP admin if you do not have an account.")
- .setColSpan(2).setAlign("left"));
- t.addElement( tr );
-
- tr = new TR();
- tr.addElement( new TD().addElement("*Required Fields").setWidth("30%"));
- t.addElement( tr );
-
- tr = new TR();
- tr.addElement( new TD().addElement(" ").setColSpan(2));
- t.addElement( tr );
-
- TR row1 = new TR();
- TR row2 = new TR();
- row1.addElement( new TD( new B( new StringElement( "*User Name: " ) ) ));
- row2.addElement( new TD( new B(new StringElement( "*Password: " ) ) ));
-
- Input input1 = new Input( Input.TEXT, USERNAME, "" );
- Input input2 = new Input( Input.PASSWORD, PASSWORD, "" );
- row1.addElement( new TD( input1 ) );
- row2.addElement( new TD( input2 ) );
- t.addElement( row1 );
- t.addElement( row2 );
-
- Element b = ECSFactory.makeButton( "Login" );
- t.addElement( new TR( new TD( b ) ) );
- ec.addElement( t );
-
- return ( ec );
- }
-
-
- /**
- * Description of the Method
- *
- * @param s Description of the Parameter
- * @param user Description of the Parameter
- * @param method Description of the Parameter
- * @return Description of the Return Value
- * @exception Exception Description of the Exception
- */
- protected Element makeUser( WebSession s, String user, String method ) throws Exception
- {
- ElementContainer ec = new ElementContainer();
- ec.addElement( new P().addElement( "Welcome, " + user ) );
- ec.addElement( new P().addElement( "You have been authenticated with " + method ) );
- ec.addElement( new P().addElement( ECSFactory.makeLink( "Logout", LOGOUT, true ) ) );
- ec.addElement( new P().addElement( ECSFactory.makeLink( "Refresh", "", "" ) ) );
-
- return ( ec );
- }
+ return (ec);
+ }
}
-
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WeakSessionID.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WeakSessionID.java
index 90a5c4ba6..1d673b985 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WeakSessionID.java
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WeakSessionID.java
@@ -20,199 +20,254 @@ import org.owasp.webgoat.session.ECSFactory;
import org.owasp.webgoat.session.ParameterNotFoundException;
import org.owasp.webgoat.session.WebSession;
-
-/**
- * Copyright (c) 2002 Free Software Foundation developed under the custody of the Open Web
- * Application Security Project (http://www.owasp.org) This software package org.owasp.webgoat.is published by OWASP
- * under the GPL. You should read and accept the LICENSE before you use, modify and/or redistribute
- * this software.
+/*******************************************************************************
+ *
+ *
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ *
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ *
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ *
+ * Getting Source ==============
+ *
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ *
+ * For details, please see http://code.google.com/p/webgoat/
*
* @author Rogan Dawes Rogan Dawes
* @created March 30, 2005
*/
-public class WeakSessionID extends LessonAdapter {
+public class WeakSessionID extends LessonAdapter
+{
+
/**
* Description of the Field
*/
protected final static String SESSIONID = "WEAKID";
-
+
/**
* Description of the Field
*/
protected final static String PASSWORD = "Password";
-
+
/**
* Description of the Field
*/
protected final static String USERNAME = "Username";
-
+
protected static List sessionList = new ArrayList();
+
protected static long seq = Math.round(Math.random() * 10240) + 10000;
+
protected static long lastTime = System.currentTimeMillis();
-
+
+
/**
* Gets the credits attribute of the AbstractLesson object
*
* @return The credits value
*/
- public Element getCredits() {
- return new StringElement("By Rogan Dawes");
+ public Element getCredits()
+ {
+ return new StringElement("By Rogan Dawes");
}
-
- protected String newCookie() {
- long now = System.currentTimeMillis();
- seq ++;
- if (seq % 29 == 0) {
- String target = encode(seq++, lastTime + (now - lastTime)/2);
- sessionList.add(target);
- if (sessionList.size()>100)
- sessionList.remove(0);
- }
- lastTime = now;
- return encode(seq, now);
+
+
+ protected String newCookie()
+ {
+ long now = System.currentTimeMillis();
+ seq++;
+ if (seq % 29 == 0)
+ {
+ String target = encode(seq++, lastTime + (now - lastTime) / 2);
+ sessionList.add(target);
+ if (sessionList.size() > 100)
+ sessionList.remove(0);
+ }
+ lastTime = now;
+ return encode(seq, now);
}
-
- private String encode(long seq, long time) {
- return new String( Long.toString(seq) + "-" + Long.toString(time) );
+
+
+ private String encode(long seq, long time)
+ {
+ return new String(Long.toString(seq) + "-" + Long.toString(time));
}
-
+
+
/**
* Description of the Method
*
* @param s Description of the Parameter
* @return Description of the Return Value
*/
- protected Element createContent( WebSession s ) {
- try {
- String sessionid = s.getCookie( SESSIONID );
- if ( sessionid != null && sessionList.indexOf(sessionid) > -1) {
- return makeSuccess( s );
- }
- else {
- return makeLogin( s );
- }
- }
- catch ( Exception e ) {
- s.setMessage( "Error generating " + this.getClass().getName() );
- e.printStackTrace();
- }
-
- return ( null );
+ protected Element createContent(WebSession s)
+ {
+ try
+ {
+ String sessionid = s.getCookie(SESSIONID);
+ if (sessionid != null && sessionList.indexOf(sessionid) > -1)
+ {
+ return makeSuccess(s);
+ }
+ else
+ {
+ return makeLogin(s);
+ }
+ }
+ catch (Exception e)
+ {
+ s.setMessage("Error generating " + this.getClass().getName());
+ e.printStackTrace();
+ }
+
+ return (null);
}
-
-
+
+
/**
* Gets the category attribute of the WeakAuthenticationCookie object
*
* @return The category value
*/
- protected Category getDefaultCategory() {
- return AbstractLesson.A3;
+ protected Category getDefaultCategory()
+ {
+ return AbstractLesson.A3;
}
-
-
-
+
+
/**
* Gets the hints attribute of the CookieScreen object
*
* @return The hints value
*/
- protected List getHints() {
- List hints = new ArrayList();
- hints.add( "The server skips authentication if you send the right cookie." );
- hints.add( "Is the cookie value predictable? Can you see gaps where someone else has acquired a cookie?" );
- hints.add( "Try harder, you brute!" );
-
- return hints;
- }
-
- private final static Integer DEFAULT_RANKING = new Integer(90);
+ protected List getHints()
+ {
+ List hints = new ArrayList();
+ hints
+ .add("The server skips authentication if you send the right cookie.");
+ hints
+ .add("Is the cookie value predictable? Can you see gaps where someone else has acquired a cookie?");
+ hints.add("Try harder, you brute!");
+
+ return hints;
+ }
+
+ private final static Integer DEFAULT_RANKING = new Integer(90);
+
+
+ protected Integer getDefaultRanking()
+ {
+ return DEFAULT_RANKING;
+ }
+
- protected Integer getDefaultRanking()
- {
- return DEFAULT_RANKING;
- }
-
/**
* Gets the title attribute of the CookieScreen object
*
* @return The title value
*/
- public String getTitle() {
- return ( "How to hijack a session" );
+ public String getTitle()
+ {
+ return ("How to hijack a session");
}
-
-
+
+
/**
* Description of the Method
*
* @param s Description of the Parameter
* @return Description of the Return Value
*/
- protected Element makeLogin( WebSession s ) {
- ElementContainer ec = new ElementContainer();
-
- String weakid = s.getCookie(SESSIONID);
-
- if (weakid == null) {
- weakid = newCookie();
- Cookie cookie = new Cookie( SESSIONID, weakid );
- s.getResponse().addCookie(cookie);
- }
-
- ec.addElement( new H1().addElement( "Sign In " ));
- Table t = new Table().setCellSpacing( 0 ).setCellPadding( 2 ).setBorder( 0 ).setWidth("90%").setAlign("center");
-
- if ( s.isColor() ) {
- t.setBorder( 1 );
- }
-
- String username = null;
- String password = null;
-
- try {
- username = s.getParser().getStringParameter( USERNAME );
- } catch (ParameterNotFoundException pnfe) {}
- try {
- password = s.getParser().getStringParameter( PASSWORD );
- } catch (ParameterNotFoundException pnfe) {}
-
- if (username != null || password != null) {
- s.setMessage("Invalid username or password.");
- }
-
- TR tr = new TR();
- tr.addElement( new TH().addElement("Please sign in to your account.")
- .setColSpan(2).setAlign("left"));
- t.addElement( tr );
-
- tr = new TR();
- tr.addElement( new TD().addElement("*Required Fields").setWidth("30%"));
- t.addElement( tr );
-
- tr = new TR();
- tr.addElement( new TD().addElement(" ").setColSpan(2));
- t.addElement( tr );
-
- TR row1 = new TR();
- TR row2 = new TR();
- row1.addElement( new TD( new B( new StringElement( "*User Name: " ) ) ));
- row2.addElement( new TD( new B(new StringElement( "*Password: " ) ) ));
-
- Input input1 = new Input( Input.TEXT, USERNAME, "" );
- Input input2 = new Input( Input.PASSWORD, PASSWORD, "" );
- Input input3 = new Input( Input.HIDDEN, SESSIONID, weakid );
- row1.addElement( new TD( input1 ) );
- row2.addElement( new TD( input2 ) );
- t.addElement( row1 );
- t.addElement( row2 );
- t.addElement( input3 );
-
- Element b = ECSFactory.makeButton( "Login" );
- t.addElement( new TR( new TD( b ) ) );
- ec.addElement( t );
-
- return ( ec );
+ protected Element makeLogin(WebSession s)
+ {
+ ElementContainer ec = new ElementContainer();
+
+ String weakid = s.getCookie(SESSIONID);
+
+ if (weakid == null)
+ {
+ weakid = newCookie();
+ Cookie cookie = new Cookie(SESSIONID, weakid);
+ s.getResponse().addCookie(cookie);
+ }
+
+ ec.addElement(new H1().addElement("Sign In "));
+ Table t = new Table().setCellSpacing(0).setCellPadding(2).setBorder(0)
+ .setWidth("90%").setAlign("center");
+
+ if (s.isColor())
+ {
+ t.setBorder(1);
+ }
+
+ String username = null;
+ String password = null;
+
+ try
+ {
+ username = s.getParser().getStringParameter(USERNAME);
+ }
+ catch (ParameterNotFoundException pnfe)
+ {}
+ try
+ {
+ password = s.getParser().getStringParameter(PASSWORD);
+ }
+ catch (ParameterNotFoundException pnfe)
+ {}
+
+ if (username != null || password != null)
+ {
+ s.setMessage("Invalid username or password.");
+ }
+
+ TR tr = new TR();
+ tr.addElement(new TH().addElement("Please sign in to your account.")
+ .setColSpan(2).setAlign("left"));
+ t.addElement(tr);
+
+ tr = new TR();
+ tr.addElement(new TD().addElement("*Required Fields").setWidth("30%"));
+ t.addElement(tr);
+
+ tr = new TR();
+ tr.addElement(new TD().addElement(" ").setColSpan(2));
+ t.addElement(tr);
+
+ TR row1 = new TR();
+ TR row2 = new TR();
+ row1.addElement(new TD(new B(new StringElement("*User Name: "))));
+ row2.addElement(new TD(new B(new StringElement("*Password: "))));
+
+ Input input1 = new Input(Input.TEXT, USERNAME, "");
+ Input input2 = new Input(Input.PASSWORD, PASSWORD, "");
+ Input input3 = new Input(Input.HIDDEN, SESSIONID, weakid);
+ row1.addElement(new TD(input1));
+ row2.addElement(new TD(input2));
+ t.addElement(row1);
+ t.addElement(row2);
+ t.addElement(input3);
+
+ Element b = ECSFactory.makeButton("Login");
+ t.addElement(new TR(new TD(b)));
+ ec.addElement(t);
+
+ return (ec);
}
}
-
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WelcomeScreen.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WelcomeScreen.java
index f87db8ff1..4885c029e 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WelcomeScreen.java
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WelcomeScreen.java
@@ -11,118 +11,153 @@ import org.apache.ecs.html.TR;
import org.apache.ecs.html.Table;
import org.owasp.webgoat.session.*;
-
-/**
- * Copyright (c) 2002 Free Software Foundation developed under the custody of the Open Web
- * Application Security Project (http://www.owasp.org) This software package org.owasp.webgoat.is published by OWASP
- * under the GPL. You should read and accept the LICENSE before you use, modify and/or redistribute
- * this software.
+/*******************************************************************************
+ *
+ *
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ *
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ *
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ *
+ * Getting Source ==============
+ *
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ *
+ * For details, please see http://code.google.com/p/webgoat/
*
* @author Jeff Williams Aspect Security
* @created October 28, 2003
*/
public class WelcomeScreen extends Screen
{
- /**
- * Constructor for the WelcomeScreen object
- *
- * @param s Description of the Parameter
- */
- public WelcomeScreen( WebSession s )
+
+ /**
+ * Constructor for the WelcomeScreen object
+ *
+ * @param s Description of the Parameter
+ */
+ public WelcomeScreen(WebSession s)
+ {
+ setup(s);
+ }
+
+
+ /**
+ * Constructor for the WelcomeScreen object
+ */
+ public WelcomeScreen()
+ {}
+
+
+ public void setup(WebSession s)
+ {
+ // call createContent first so messages will go somewhere
+
+ Form form = new Form("attack", Form.POST).setName("form")
+ .setEncType("");
+
+ form.addElement(wrapForm(s));
+
+ TD lowerright = new TD().setHeight("100%").setVAlign("top").setAlign(
+ "left").addElement(form);
+ TR row = new TR().addElement(lowerright);
+ Table layout = new Table().setBgColor(HtmlColor.WHITE)
+ .setCellSpacing(0).setCellPadding(0).setBorder(0);
+
+ layout.addElement(row);
+
+ setContent(layout);
+ }
+
+
+ protected Element wrapForm(WebSession s)
+ {
+ if (s == null)
{
- setup( s );
+ return new StringElement("Invalid Session");
}
- /**
- * Constructor for the WelcomeScreen object
- */
- public WelcomeScreen() { }
+ Table container = new Table().setWidth("100%").setCellSpacing(10)
+ .setCellPadding(0).setBorder(0);
+
+ // CreateContent can generate error messages so you MUST call it before makeMessages()
+ Element content = createContent(s);
+ container.addElement(new TR().addElement(new TD().setColSpan(2)
+ .setVAlign("TOP").addElement(makeMessages(s))));
+ container.addElement(new TR().addElement(new TD().setColSpan(2)
+ .addElement(content)));
+ container.addElement(new TR());
+
+ return (container);
+ }
- public void setup( WebSession s )
- {
- // call createContent first so messages will go somewhere
+ /**
+ * Description of the Method
+ *
+ * @param s Description of the Parameter
+ * @return Description of the Return Value
+ */
+ protected Element createContent(WebSession s)
+ {
+ ElementContainer ec = new ElementContainer();
+ Element b = ECSFactory.makeButton("Start the Course!");
+ ec.addElement(new Center(b));
- Form form = new Form( "attack", Form.POST ).setName( "form" ).setEncType( "" );
-
- form.addElement( wrapForm( s ) );
-
- TD lowerright = new TD().setHeight( "100%" ).setVAlign( "top" ).setAlign( "left" ).addElement( form );
- TR row = new TR().addElement( lowerright );
- Table layout = new Table().setBgColor( HtmlColor.WHITE ).setCellSpacing( 0 ).setCellPadding( 0 ).setBorder( 0 );
-
- layout.addElement( row );
-
- setContent(layout);
- }
-
- protected Element wrapForm( WebSession s )
- {
- if ( s == null )
- {
- return new StringElement( "Invalid Session" );
- }
-
- Table container = new Table().setWidth( "100%" ).setCellSpacing( 10 ).setCellPadding( 0 ).setBorder( 0 );
-
- // CreateContent can generate error messages so you MUST call it before makeMessages()
- Element content = createContent( s );
- container.addElement( new TR().addElement( new TD().setColSpan( 2 ).setVAlign( "TOP" ).addElement(
- makeMessages( s ) ) ) );
- container.addElement( new TR().addElement( new TD().setColSpan( 2 ).addElement( content ) ) );
- container.addElement( new TR() );
-
- return ( container );
- }
-
- /**
- * Description of the Method
- *
- * @param s Description of the Parameter
- * @return Description of the Return Value
- */
- protected Element createContent( WebSession s )
- {
- ElementContainer ec = new ElementContainer();
- Element b = ECSFactory.makeButton( "Start the Course!" );
- ec.addElement( new Center( b ) );
-
- return ( ec );
- }
-
- public Element getCredits()
- {
- return new ElementContainer();
- }
-
- /**
- * Gets the instructions attribute of the WelcomeScreen object
- *
- * @return The instructions value
- */
- protected String getInstructions()
- {
- String instructions = "Enter your name and learn how HTTP really works!";
-
- return ( instructions );
- }
+ return (ec);
+ }
- /**
- * Gets the title attribute of the WelcomeScreen object
- *
- * @return The title value
- */
- public String getTitle()
- {
- return ( "Welcome to the Penetration Testing Course" );
- }
+ public Element getCredits()
+ {
+ return new ElementContainer();
+ }
- /* (non-Javadoc)
- * @see session.Screen#getRole()
- */
- public String getRole() {
- return AbstractLesson.USER_ROLE;
- }
+
+ /**
+ * Gets the instructions attribute of the WelcomeScreen object
+ *
+ * @return The instructions value
+ */
+ protected String getInstructions()
+ {
+ String instructions = "Enter your name and learn how HTTP really works!";
+
+ return (instructions);
+ }
+
+
+ /**
+ * Gets the title attribute of the WelcomeScreen object
+ *
+ * @return The title value
+ */
+ public String getTitle()
+ {
+ return ("Welcome to the Penetration Testing Course");
+ }
+
+
+ /* (non-Javadoc)
+ * @see session.Screen#getRole()
+ */
+ public String getRole()
+ {
+ return AbstractLesson.USER_ROLE;
+ }
}
-
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WsSAXInjection.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WsSAXInjection.java
index bc4b7be2e..2171ad56b 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WsSAXInjection.java
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WsSAXInjection.java
@@ -29,152 +29,235 @@ import org.xml.sax.XMLReader;
import org.xml.sax.helpers.DefaultHandler;
import org.xml.sax.helpers.XMLReaderFactory;
-/**
+/*******************************************************************************
+ *
+ *
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ *
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ *
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ *
+ * Getting Source ==============
+ *
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ *
+ * For details, please see http://code.google.com/p/webgoat/
+ *
* @author rdawes
*
* TODO To change the template for this generated type comment go to Window -
* Preferences - Java - Code Style - Code Templates
*/
-public class WsSAXInjection extends LessonAdapter {
- private final static String PASSWORD = "password";
+public class WsSAXInjection extends LessonAdapter
+{
- private String password;
+ private final static String PASSWORD = "password";
- private static String template1 = "\n"
- + "\n"
- + " \n"
- + " \n"
- + " 101\n"
- + " ";
+ private String password;
- private static String template2 = "\n"
- + " \n" + " \n"
- + "";
+ private static String template1 = "\n"
+ + "\n"
+ + " \n"
+ + " \n"
+ + " 101\n"
+ + " ";
- static boolean completed;
+ private static String template2 = "\n"
+ + " \n" + " \n"
+ + "";
- protected Category getDefaultCategory() {
- return AbstractLesson.WEB_SERVICES;
+ static boolean completed;
+
+
+ protected Category getDefaultCategory()
+ {
+ return AbstractLesson.WEB_SERVICES;
+ }
+
+
+ protected List getHints()
+ {
+ List hints = new ArrayList();
+
+ hints.add("The backend parses the XML received using a SAX parser.");
+ hints.add("SAX parsers often don't care if an element is repeated.");
+ hints
+ .add("If there are repeated elements, the last one is the one that is effective");
+ hints
+ .add("Try injecting matching 'close' tags, and creating your own XML elements");
+
+ return hints;
+ }
+
+ private final static Integer DEFAULT_RANKING = new Integer(150);
+
+
+ protected Integer getDefaultRanking()
+ {
+ return DEFAULT_RANKING;
+ }
+
+
+ public String getTitle()
+ {
+ return "Web Service SAX Injection";
+ }
+
+
+ protected Element makeInputLine(WebSession s)
+ {
+ ElementContainer ec = new ElementContainer();
+
+ ec.addElement(new P().addElement("Please change your password: "));
+
+ Input input = new Input(Input.TEXT, PASSWORD);
+ ec.addElement(input);
+
+ Element b = ECSFactory.makeButton("Go!");
+ ec.addElement(b);
+
+ return ec;
+ }
+
+
+ protected Element createContent(WebSession s)
+ {
+ ElementContainer ec = new ElementContainer();
+ try
+ {
+ ec.addElement(makeInputLine(s));
+
+ password = s.getParser().getRawParameter(PASSWORD, null);
+
+ PRE pre = new PRE();
+ String xml = template1;
+ xml = xml + (password == null ? "[password]" : password);
+ xml = xml + template2;
+ pre.addElement(HtmlEncoder.encode(xml));
+ ec.addElement(pre);
+
+ if (password != null)
+ {
+ ec.addElement(checkXML(s, xml));
+ }
+ }
+ catch (Exception e)
+ {
+ s.setMessage("Error generating " + this.getClass().getName());
+ e.printStackTrace();
+ }
+ return (ec);
+ }
+
+
+ private Element checkXML(WebSession s, String xml)
+ {
+ try
+ {
+ XMLReader reader = XMLReaderFactory.createXMLReader();
+ PasswordChanger changer = new PasswordChanger();
+ reader.setContentHandler(changer);
+ reader.parse(new InputSource(new StringReader(xml)));
+ if (!"101".equals(changer.getId()))
+ {
+ makeSuccess(s);
+ return new B(HtmlEncoder
+ .encode("You have changed the passsword for userid "
+ + changer.getId() + " to '"
+ + changer.getPassword() + "'"));
+ }
+ else
+ {
+ return new StringElement(
+ "You changed the password for userid 101. Try again.");
+ }
+ }
+ catch (SAXException saxe)
+ {
+ return new StringElement("The XML was not well formed: "
+ + saxe.getLocalizedMessage());
+ }
+ catch (IOException ioe)
+ {
+ return new StringElement(ioe.getLocalizedMessage());
+ }
+ }
+
+ private static class PasswordChanger extends DefaultHandler
+ {
+
+ private static String PASSWORD_TAG = "password";
+
+ private static String ID_TAG = "id";
+
+ private String id = null;
+
+ private String password = null;
+
+ private StringBuffer text = new StringBuffer();
+
+
+ public void startElement(String uri, String localName, String qName,
+ Attributes atts) throws SAXException
+ {
+ text.delete(0, text.length());
}
- protected List getHints() {
- List hints = new ArrayList();
-
- hints.add("The backend parses the XML received using a SAX parser.");
- hints.add("SAX parsers often don't care if an element is repeated.");
- hints.add("If there are repeated elements, the last one is the one that is effective");
- hints.add("Try injecting matching 'close' tags, and creating your own XML elements");
-
- return hints;
+
+ public void characters(char[] ch, int start, int length)
+ throws SAXException
+ {
+ text.append(ch, start, length);
}
- private final static Integer DEFAULT_RANKING = new Integer(150);
- protected Integer getDefaultRanking() {
- return DEFAULT_RANKING;
+ public void endElement(String uri, String localName, String qName)
+ throws SAXException
+ {
+ if (localName.equals(ID_TAG))
+ id = text.toString();
+ if (localName.equals(PASSWORD_TAG))
+ password = text.toString();
+ text.delete(0, text.length());
}
- public String getTitle() {
- return "Web Service SAX Injection";
+
+ public void ignorableWhitespace(char[] ch, int start, int length)
+ throws SAXException
+ {
+ text.append(ch, start, length);
}
- protected Element makeInputLine(WebSession s) {
- ElementContainer ec = new ElementContainer();
- ec.addElement(new P().addElement("Please change your password: "));
-
- Input input = new Input(Input.TEXT, PASSWORD);
- ec.addElement(input);
-
- Element b = ECSFactory.makeButton("Go!");
- ec.addElement(b);
-
- return ec;
+ public String getId()
+ {
+ return id;
}
- protected Element createContent(WebSession s) {
- ElementContainer ec = new ElementContainer();
- try {
- ec.addElement(makeInputLine(s));
- password = s.getParser().getRawParameter(PASSWORD, null);
-
- PRE pre = new PRE();
- String xml = template1;
- xml = xml + (password == null ? "[password]" : password);
- xml = xml + template2;
- pre.addElement(HtmlEncoder.encode(xml));
- ec.addElement(pre);
-
- if (password != null) {
- ec.addElement(checkXML(s, xml));
- }
- } catch (Exception e) {
- s.setMessage("Error generating " + this.getClass().getName());
- e.printStackTrace();
- }
- return (ec);
+ public String getPassword()
+ {
+ return password;
}
-
- private Element checkXML(WebSession s, String xml) {
- try {
- XMLReader reader = XMLReaderFactory.createXMLReader();
- PasswordChanger changer = new PasswordChanger();
- reader.setContentHandler(changer);
- reader.parse(new InputSource(new StringReader(xml)));
- if (!"101".equals(changer.getId())) {
- makeSuccess(s);
- return new B(HtmlEncoder.encode("You have changed the passsword for userid " + changer.getId() + " to '" + changer.getPassword() + "'"));
- } else {
- return new StringElement("You changed the password for userid 101. Try again.");
- }
- } catch (SAXException saxe) {
- return new StringElement("The XML was not well formed: " + saxe.getLocalizedMessage());
- } catch (IOException ioe) {
- return new StringElement(ioe.getLocalizedMessage());
- }
- }
-
- private static class PasswordChanger extends DefaultHandler {
- private static String PASSWORD_TAG = "password";
- private static String ID_TAG = "id";
-
- private String id = null;
- private String password = null;
-
- private StringBuffer text = new StringBuffer();
-
- public void startElement(String uri, String localName, String qName, Attributes atts) throws SAXException {
- text.delete(0, text.length());
- }
-
- public void characters(char[] ch, int start, int length) throws SAXException {
- text.append(ch, start, length);
- }
- public void endElement(String uri, String localName, String qName) throws SAXException {
- if (localName.equals(ID_TAG))
- id = text.toString();
- if (localName.equals(PASSWORD_TAG))
- password = text.toString();
- text.delete(0, text.length());
- }
-
- public void ignorableWhitespace(char[] ch, int start, int length) throws SAXException {
- text.append(ch, start, length);
- }
-
- public String getId() {
- return id;
- }
-
- public String getPassword() {
- return password;
- }
-
- }
+ }
}
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WsSqlInjection.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WsSqlInjection.java
index ed9c93a85..e42e051df 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WsSqlInjection.java
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WsSqlInjection.java
@@ -27,191 +27,258 @@ import org.owasp.webgoat.session.DatabaseUtilities;
import org.owasp.webgoat.session.ECSFactory;
import org.owasp.webgoat.session.WebSession;
-/**
+/*******************************************************************************
+ *
+ *
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ *
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ *
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ *
+ * Getting Source ==============
+ *
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ *
+ * For details, please see http://code.google.com/p/webgoat/
+ *
* @author asmolen
*
* TODO To change the template for this generated type comment go to
* Window - Preferences - Java - Code Style - Code Templates
*/
-public class WsSqlInjection extends LessonAdapter {
- public final static String ccNumber = "cc_number";
- private final static String ACCT_NUM = "account_number";
- private String accountNumber;
- final static IMG CREDITS_LOGO = new IMG( "images/logos/parasoft.jpg" ).setAlt( "Parasoft" ).setBorder( 0 ).setHspace( 0 ).setVspace( 0 );
- private static Connection connection = null;
- /* (non-Javadoc)
- * @see lessons.AbstractLesson#getMenuItem()
- */
- static boolean completed;
-
- protected Category getDefaultCategory()
- {
- return AbstractLesson.WEB_SERVICES;
- }
-
- protected List getHints()
- {
- List hints = new ArrayList();
- hints.add( "Try connecting to the WSDL with a browser or Web Service tool." );
- hints.add( "Sometimes the server side code will perform input validation before issuing " +
- "the request to the web service operation. Try to bypass this check by " +
- "accessing the web service directly");
- hints.add( "The URL for the web service is: http://localhost/WebGoat/services/WsSqlInjection?WSDL
" +
- "The WSDL can usually be viewed by adding a ?WSDL on the end of the request.");
- hints.add( "Create a new soap request for the getCreditCard(String id) operation.");
- hints.add("A soap request uses the following HTTP header:
" +
- "SOAPAction: some action header, can be ""
" +
- "The soap message body has the following format:
" +
- "<?xml version='1.0' encoding='UTF-8'?>
" +
- " <SOAP-ENV:Envelope xmlns:SOAP-ENV='http://schemas.xmlsoap.org/soap/envelope/' xmlns:xsd='http://www.w3.org/2001/XMLSchema' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'>
" +
- " <SOAP-ENV:Body>
" +
- " <ns1:getCreditCard SOAP-ENV:encodingStyle='http://schemas.xmlsoap.org/soap/encoding/' xmlns:ns1='http://lessons'>
" +
- " <id xsi:type='xsd:string'>101</id>
" +
- " </ns1:getCreditCard>
" +
- " </SOAP-ENV:Body>
" +
- " </SOAP-ENV:Envelope>
" +
- "");
-/* "<?xml version=\"1.0\" encoding=\"UTF-8\"?>
" +
- " <SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\"
" +
- " xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\"
" +
- " xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\">
" +
- " <SOAP-ENV:Body>
" +
- " <ns1:getCreditCard SOAP-ENV:encodingStyle=\"http://schemas.xmlsoap.org/soap/encoding/\" xmlns:ns1=\"http://lessons\">
" +
- " <id xsi:type=\"xsd:string\">101</id>
"+
- " </ns1:getCreditCard>
" +
- " </SOAP-ENV:Body>
" +
- " </SOAP-ENV:Envelope>
" +
- "Intercept the HTTP request and try to create a soap request."); */
- return hints;
- }
+public class WsSqlInjection extends LessonAdapter
+{
- private final static Integer DEFAULT_RANKING = new Integer(150);
+ public final static String ccNumber = "cc_number";
- protected Integer getDefaultRanking()
+ private final static String ACCT_NUM = "account_number";
+
+ private String accountNumber;
+
+ final static IMG CREDITS_LOGO = new IMG("images/logos/parasoft.jpg")
+ .setAlt("Parasoft").setBorder(0).setHspace(0).setVspace(0);
+
+ private static Connection connection = null;
+
+ /* (non-Javadoc)
+ * @see lessons.AbstractLesson#getMenuItem()
+ */
+ static boolean completed;
+
+
+ protected Category getDefaultCategory()
+ {
+ return AbstractLesson.WEB_SERVICES;
+ }
+
+
+ protected List getHints()
+ {
+ List hints = new ArrayList();
+ hints
+ .add("Try connecting to the WSDL with a browser or Web Service tool.");
+ hints
+ .add("Sometimes the server side code will perform input validation before issuing "
+ + "the request to the web service operation. Try to bypass this check by "
+ + "accessing the web service directly");
+ hints
+ .add("The URL for the web service is: http://localhost/WebGoat/services/WsSqlInjection?WSDL
"
+ + "The WSDL can usually be viewed by adding a ?WSDL on the end of the request.");
+ hints
+ .add("Create a new soap request for the getCreditCard(String id) operation.");
+ hints
+ .add("A soap request uses the following HTTP header:
"
+ + "SOAPAction: some action header, can be ""
"
+ + "The soap message body has the following format:
"
+ + "<?xml version='1.0' encoding='UTF-8'?>
"
+ + " <SOAP-ENV:Envelope xmlns:SOAP-ENV='http://schemas.xmlsoap.org/soap/envelope/' xmlns:xsd='http://www.w3.org/2001/XMLSchema' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'>
"
+ + " <SOAP-ENV:Body>
"
+ + " <ns1:getCreditCard SOAP-ENV:encodingStyle='http://schemas.xmlsoap.org/soap/encoding/' xmlns:ns1='http://lessons'>
"
+ + " <id xsi:type='xsd:string'>101</id>
"
+ + " </ns1:getCreditCard>
"
+ + " </SOAP-ENV:Body>
"
+ + " </SOAP-ENV:Envelope>
" + "");
+ /* "<?xml version=\"1.0\" encoding=\"UTF-8\"?>
" +
+ " <SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\"
" +
+ " xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\"
" +
+ " xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\">
" +
+ " <SOAP-ENV:Body>
" +
+ " <ns1:getCreditCard SOAP-ENV:encodingStyle=\"http://schemas.xmlsoap.org/soap/encoding/\" xmlns:ns1=\"http://lessons\">
" +
+ " <id xsi:type=\"xsd:string\">101</id>
"+
+ " </ns1:getCreditCard>
" +
+ " </SOAP-ENV:Body>
" +
+ " </SOAP-ENV:Envelope>
" +
+ "Intercept the HTTP request and try to create a soap request."); */
+ return hints;
+ }
+
+ private final static Integer DEFAULT_RANKING = new Integer(150);
+
+
+ protected Integer getDefaultRanking()
+ {
+ return DEFAULT_RANKING;
+ }
+
+
+ public String getTitle()
+ {
+ return "Web Service SQL Injection";
+ }
+
+
+ protected Element makeAccountLine(WebSession s)
+ {
+ ElementContainer ec = new ElementContainer();
+
+ ec.addElement(new P().addElement("Enter your Account Number: "));
+
+ accountNumber = s.getParser().getRawParameter(ACCT_NUM, "101");
+ Input input = new Input(Input.TEXT, ACCT_NUM, accountNumber.toString());
+ ec.addElement(input);
+
+ Element b = ECSFactory.makeButton("Go!");
+ ec.addElement(b);
+
+ return ec;
+ }
+
+
+ protected Element createContent(WebSession s)
+ {
+ ElementContainer ec = new ElementContainer();
+ try
{
- return DEFAULT_RANKING;
- }
+ if (connection == null)
+ {
+ connection = DatabaseUtilities.makeConnection(s);
+ }
+ ec.addElement(makeAccountLine(s));
- public String getTitle()
- {
- return "Web Service SQL Injection";
- }
- protected Element makeAccountLine( WebSession s )
- {
- ElementContainer ec = new ElementContainer();
-
- ec.addElement( new P().addElement( "Enter your Account Number: " ) );
-
- accountNumber = s.getParser().getRawParameter( ACCT_NUM, "101" );
- Input input = new Input( Input.TEXT, ACCT_NUM, accountNumber.toString() );
- ec.addElement( input );
-
- Element b = ECSFactory.makeButton( "Go!" );
- ec.addElement( b );
-
- return ec;
- }
- protected Element createContent(WebSession s)
- {
- ElementContainer ec = new ElementContainer();
- try
+ String query = "SELECT * FROM user_data WHERE userid = "
+ + accountNumber;
+ ec.addElement(new PRE(query));
+ for (int i = 0; i < accountNumber.length(); i++)
+ {
+ char c = accountNumber.charAt(i);
+ if (c < '0' || c > '9')
{
- if ( connection == null )
- {
- connection = DatabaseUtilities.makeConnection( s );
- }
- ec.addElement( makeAccountLine(s) );
-
- String query = "SELECT * FROM user_data WHERE userid = " + accountNumber ;
- ec.addElement( new PRE( query ) );
- for (int i=0; i '9') {
- ec.addElement("Invalid account number. ");
- accountNumber = "0";
- }
- }
- try
- {
- ResultSet results = getResults(accountNumber);
- if ( ( results != null ) && ( results.first() == true ) )
- {
- ResultSetMetaData resultsMetaData = results.getMetaData();
- ec.addElement( DatabaseUtilities.writeTable( results, resultsMetaData ) );
- results.last();
- if ( results.getRow() >= 6 )
- {
- //this should never happen
- }
- }
- else
- {
- ec.addElement( "No results matched. Try Again." );
- }
- }
- catch ( SQLException sqle )
- {
- ec.addElement( new P().addElement( sqle.getMessage() ) );
- }
- A a = new A("services/WsSqlInjection?WSDL","WebGoat WSDL");
- ec.addElement(new P().addElement("Exploit the following WSDL to access sensitive data:"));
- ec.addElement(new BR());
- ec.addElement(a);
- getLessonTracker( s ).setCompleted( completed );
+ ec.addElement("Invalid account number. ");
+ accountNumber = "0";
}
- catch (Exception e)
+ }
+ try
+ {
+ ResultSet results = getResults(accountNumber);
+ if ((results != null) && (results.first() == true))
{
- s.setMessage("Error generating " + this.getClass().getName());
- e.printStackTrace();
+ ResultSetMetaData resultsMetaData = results.getMetaData();
+ ec.addElement(DatabaseUtilities.writeTable(results,
+ resultsMetaData));
+ results.last();
+ if (results.getRow() >= 6)
+ {
+ //this should never happen
+ }
}
- return (ec);
- }
- public ResultSet getResults (String id) {
- try
- {
- Connection connection = DatabaseUtilities.makeConnection();
- if (connection == null) {
- return null;
- }
- String query = "SELECT * FROM user_data WHERE userid = " + id ;
- try
- {
- Statement statement = connection.createStatement( ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY );
- ResultSet results = statement.executeQuery( query );
- return results;
- }
- catch ( SQLException sqle )
- {
- }
- }
- catch ( Exception e )
+ else
{
+ ec.addElement("No results matched. Try Again.");
}
- return null;
+ }
+ catch (SQLException sqle)
+ {
+ ec.addElement(new P().addElement(sqle.getMessage()));
+ }
+ A a = new A("services/WsSqlInjection?WSDL", "WebGoat WSDL");
+ ec
+ .addElement(new P()
+ .addElement("Exploit the following WSDL to access sensitive data:"));
+ ec.addElement(new BR());
+ ec.addElement(a);
+ getLessonTracker(s).setCompleted(completed);
}
- public String[] getCreditCard(String id) {
- ResultSet results = getResults(id);
- if ((results != null)) {
- try {
- results.last();
- String[] users = new String[results.getRow()];
- if (users.length > 4) {
- completed = true;
- }
- results.beforeFirst();
- while (results.next() == true) {
- int i = results.getRow();
- users[i-1] = results.getString(ccNumber);
- }
- return users;
- } catch (SQLException sqle) {
- }
- }
+ catch (Exception e)
+ {
+ s.setMessage("Error generating " + this.getClass().getName());
+ e.printStackTrace();
+ }
+ return (ec);
+ }
+
+
+ public ResultSet getResults(String id)
+ {
+ try
+ {
+ Connection connection = DatabaseUtilities.makeConnection();
+ if (connection == null)
+ {
return null;
+ }
+ String query = "SELECT * FROM user_data WHERE userid = " + id;
+ try
+ {
+ Statement statement = connection.createStatement(
+ ResultSet.TYPE_SCROLL_INSENSITIVE,
+ ResultSet.CONCUR_READ_ONLY);
+ ResultSet results = statement.executeQuery(query);
+ return results;
+ }
+ catch (SQLException sqle)
+ {}
}
-
+ catch (Exception e)
+ {}
+ return null;
+ }
+
+
+ public String[] getCreditCard(String id)
+ {
+ ResultSet results = getResults(id);
+ if ((results != null))
+ {
+ try
+ {
+ results.last();
+ String[] users = new String[results.getRow()];
+ if (users.length > 4)
+ {
+ completed = true;
+ }
+ results.beforeFirst();
+ while (results.next() == true)
+ {
+ int i = results.getRow();
+ users[i - 1] = results.getString(ccNumber);
+ }
+ return users;
+ }
+ catch (SQLException sqle)
+ {}
+ }
+ return null;
+ }
+
+
public Element getCredits()
{
- return super.getCustomCredits("By Alex Smolen", CREDITS_LOGO);
+ return super.getCustomCredits("By Alex Smolen", CREDITS_LOGO);
}
}
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/XMLInjection.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/XMLInjection.java
index 5a6baa2db..173972f2b 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/XMLInjection.java
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/XMLInjection.java
@@ -21,263 +21,370 @@ import org.apache.ecs.html.Div;
import org.apache.ecs.vxml.Initial;
import org.apache.ecs.StringElement;
-
import org.owasp.webgoat.session.WebSession;
-public class XMLInjection extends LessonAdapter {
+/*******************************************************************************
+ *
+ *
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ *
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ *
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ *
+ * Getting Source ==============
+ *
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ *
+ * For details, please see http://code.google.com/p/webgoat/
+ */
+public class XMLInjection extends LessonAdapter
+{
- private final static Integer DEFAULT_RANKING = new Integer(20);
- private final static String ACCOUNTID = "accountID";
+ private final static Integer DEFAULT_RANKING = new Integer(20);
- public static HashMap rewardsMap = new HashMap();
-
- protected static HashMap init()
+ private final static String ACCOUNTID = "accountID";
+
+ public static HashMap rewardsMap = new HashMap();
+
+
+ protected static HashMap init()
+ {
+ Reward r = new Reward();
+
+ r.setName("WebGoat t-shirt");
+ r.setPoints(50);
+ rewardsMap.put(1001, r);
+
+ r = new Reward();
+ r.setName("WebGoat Secure Kettle");
+ r.setPoints(30);
+ rewardsMap.put(1002, r);
+
+ r = new Reward();
+ r.setName("WebGoat Mug");
+ r.setPoints(20);
+ rewardsMap.put(1003, r);
+
+ r = new Reward();
+ r.setName("WebGoat Core Duo Laptop");
+ r.setPoints(2000);
+ rewardsMap.put(1004, r);
+
+ r = new Reward();
+ r.setName("WebGoat Hawaii Cruise");
+ r.setPoints(3000);
+ rewardsMap.put(1005, r);
+
+ return rewardsMap;
+ }
+
+
+ public void handleRequest(WebSession s)
+ {
+
+ try
{
- Reward r = new Reward();
-
- r.setName("WebGoat t-shirt");
- r.setPoints(50);
- rewardsMap.put( 1001 , r);
-
- r = new Reward();
- r.setName("WebGoat Secure Kettle");
- r.setPoints(30);
- rewardsMap.put( 1002 , r);
-
- r = new Reward();
- r.setName("WebGoat Mug");
- r.setPoints(20);
- rewardsMap.put( 1003 , r);
-
- r = new Reward();
- r.setName("WebGoat Core Duo Laptop");
- r.setPoints(2000);
- rewardsMap.put( 1004 , r);
-
- r = new Reward();
- r.setName("WebGoat Hawaii Cruise");
- r.setPoints(3000);
- rewardsMap.put( 1005 , r);
-
- return rewardsMap;
-}
-
- public void handleRequest(WebSession s) {
-
- try
+ if (s.getParser().getRawParameter("from", "").equals("ajax"))
+ {
+ if (s.getParser().getRawParameter(ACCOUNTID, "").equals(
+ "836239"))
{
- if(s.getParser().getRawParameter("from", "").equals("ajax"))
- {
- if(s.getParser().getRawParameter(ACCOUNTID, "").equals("836239"))
- {
- String lineSep = System.getProperty("line.separator");
- String xmlStr = "" + lineSep +
- "