From ffd141a49f3fc08b4d0e115a7de663b932373afb Mon Sep 17 00:00:00 2001 From: "mayhew64@gmail.com" Date: Mon, 23 Apr 2012 19:56:10 +0000 Subject: [PATCH] Updated cookie retrieval to decode. helps with people using firebug to solve since firecookie will encode git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@448 4033779f-a91e-0410-96ef-6bf7bf53c507 --- .../owasp/webgoat/lessons/Challenge2Screen.java | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/src/main/java/org/owasp/webgoat/lessons/Challenge2Screen.java b/src/main/java/org/owasp/webgoat/lessons/Challenge2Screen.java index 1ce70f0fc..f7e61a665 100644 --- a/src/main/java/org/owasp/webgoat/lessons/Challenge2Screen.java +++ b/src/main/java/org/owasp/webgoat/lessons/Challenge2Screen.java @@ -10,6 +10,7 @@ import java.net.DatagramPacket; import java.net.DatagramSocket; import java.net.InetAddress; import java.net.Socket; +import java.net.URLDecoder; import java.sql.Connection; import java.sql.ResultSet; import java.sql.Statement; @@ -209,7 +210,9 @@ public class Challenge2Screen extends SequentialLessonAdapter .createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY); // pull the USER_COOKIE from the cookies - String user = Encoding.base64Decode(getCookie(s)); + String cookie = URLDecoder.decode(getCookie(s),"utf-8"); + + String user = Encoding.base64Decode(cookie); String query = "SELECT * FROM user_data WHERE last_name = '" + user + "'"; Vector v = new Vector(); @@ -626,12 +629,13 @@ public class Challenge2Screen extends SequentialLessonAdapter t.setBorder(1); } - String[] colWidths = new String[] { "55", "110", "260", "70" }; + String[] colWidths = new String[] { "55", "110", "260", "70", "50" }; TR tr = new TR(); tr.addElement(new TH().addElement("Protocol").setWidth(colWidths[0])); tr.addElement(new TH().addElement("Local Address").setWidth(colWidths[1])); tr.addElement(new TH().addElement("Foreign Address").setWidth(colWidths[2])); tr.addElement(new TH().addElement("State").setWidth(colWidths[3])); + tr.addElement(new TH().addElement("Offload State").setWidth(colWidths[4])); t.addElement(tr); String protocol = s.getParser().getRawParameter(PROTOCOL, "tcp"); @@ -640,12 +644,12 @@ public class Challenge2Screen extends SequentialLessonAdapter ExecResults er = null; if (osName.indexOf("Windows") != -1) { - String cmd = "cmd.exe /c netstat -a -p " + protocol; + String cmd = "cmd.exe /c netstat -ant -p " + protocol; er = Exec.execSimple(cmd); } else { - String[] cmd = { "/bin/sh", "-c", "netstat -a -p " + protocol }; + String[] cmd = { "/bin/sh", "-c", "netstat -ant -p " + protocol }; er = Exec.execSimple(cmd); } @@ -673,7 +677,7 @@ public class Challenge2Screen extends SequentialLessonAdapter tr = new TR(); TD td; StringTokenizer tokens = new StringTokenizer(lines.nextToken(), "\t "); - while (tokens.hasMoreTokens() && columnCount < 4) + while (tokens.hasMoreTokens() && columnCount < 5) { td = new TD().setWidth(colWidths[columnCount++]); tr.addElement(td.addElement(tokens.nextToken()));