dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
2,900 Commits 11 Branches 78 Tags
49862f6b909abd97755ea24a51d4e146f2ef5442
Commit Graph

51 Commits

Author SHA1 Message Date
Àngel Ollé Blázquez
49862f6b90 fix: fixes the default change in trailing slash matching and address the affected assignments 2023-08-27 14:14:27 +02:00
Àngel Ollé Blázquez
4009785bb8 fix: crypto basics broken links 2023-08-27 13:16:08 +02:00
Àngel Ollé Blázquez
d8341c86a1 bug: fix hint that was breaking the template, causing hints from different assignments to mix (#1424) 2023-08-27 02:08:52 +02:00
Àngel Ollé Blázquez
055578893d feat: improve MFAC lesson hint texts for a better user experience (#1424) 2023-08-27 02:08:52 +02:00
Àngel Ollé Blázquez
7b81247dd1 fix: HijackSession lesson template deprecated Tymeleaf attribute 2023-08-26 02:57:50 +02:00
Àngel Ollé Blázquez
a67fbf5a5a fix: XSS mitigation 2023-08-26 01:30:17 +02:00
Àngel Ollé Blázquez
3365c8d447 Remove wrong files 2023-08-25 22:50:40 +02:00
Àngel Ollé Blázquez
368c046779 fix: Stored Cross-Site Scripting Lesson 2023-08-25 20:55:26 +02:00
Nanne Baars
a9b1fd66b8 feat: implement JWT jku example (#1552) 
Closes #1539
 2023-08-08 17:18:22 +02:00
Àngel Ollé Blázquez
25f49537e7 bug: Fix IDOR lesson 2023-07-16 17:14:27 +02:00
Àngel Ollé Blázquez
1df7ca61a3 Text content improvement 2023-06-15 19:26:33 +02:00
Àngel Ollé Blázquez
75398feca0 Add hints 2023-06-15 19:26:33 +02:00
Nanne Baars
ca886b4818 feat: upgrade to Spring Boot version 3 (#1477) 2023-06-04 11:19:47 +02:00
caputdraconis
ac6de9d788 Fix typo of HijackSession_content0.adoc 2023-04-17 09:04:15 +02:00
Nanne Baars
ecfc321f14 feature: Add extra feedback once someone solves JWT refresh lesson differently 
One can solve this lesson by using `alg:none` instead of using the refresh token flow. Instead of adding a check to force using the refresh token we opt for giving the user extra feedback.
 2023-02-16 20:32:27 +00:00
Nanne Baars
3901814363 Fix documentation link for XXE mitigation. 2023-01-05 19:00:12 +01:00
Nanne Baars
dca415099f Remove unused JavaScript function 2023-01-05 11:33:00 +01:00
Nanne Baars
54e115aff0 Update the solution with WebWolf URLs 
The new solution uses WebWolf paths as these will change automatically when a user start WebGoat on a different port. It no longer depends on the hardcoded port `8080`.
 2023-01-05 11:02:45 +01:00
Nanne Baars
fcaa2d8589 Fix zip slip lesson. 
The lesson did not work properly as the directory is reused across several path traversal lessons. First thing before uploading the zip file we now clean the directory.

The html had a reference to a location of the profile picture, this was part of a hint but this only causes confusion as this is not indicating to where you need to upload the picture with the Zip Slip vulnerability.

The assignment now contains a direct hint as where the image needs to be saved. The assignment is about creating a vulnerable zip file and NOT about guessing where the image should be saved inside WebGoat.
 2023-01-05 11:02:45 +01:00
Nanne Baars
9666597164 - Add reference to the WebWolf icon in the top right corner. 
- Format all text of the lesson
 2023-01-04 08:07:51 +01:00
Nanne Baars
32468ff90b Add sql lesson (#1370) 2023-01-04 07:42:29 +01:00
Adam Szatyin
71ec36102f Fix typo 2022-12-01 21:34:19 +01:00
András Veres-Szentkirályi
b51be74cab typofix 2022-11-28 17:10:14 +01:00
Jesper Hallborg
96c2595ad0 Update interface name to exploit 
The name is
org.owasp.webgoat.lessons.vulnerablecomponents.Contact
not
org.owasp.webgoat.vulnerablecomponents.Contact
 2022-09-21 22:32:16 +02:00
Thanh Tran
f5e4d4717a FixTypo - Fix typo in various lesson documentations 2022-08-30 22:21:22 +02:00
Àngel Ollé Blázquez
50f932b02e Renamed to webwolfintroduction 2022-07-31 22:39:21 +02:00
Àngel Ollé Blázquez
251167c6b0 Renamed to webgoatintroduction 2022-07-31 22:39:21 +02:00
Àngel Ollé Blázquez
256c1dd3aa Renamed to vulnerablecomponents 2022-07-31 22:39:21 +02:00
Àngel Ollé Blázquez
b93c935d6c Renamed to sqlinjection 2022-07-31 22:39:21 +02:00
Àngel Ollé Blázquez
827a9d3467 Renamed to securepasswords 2022-07-31 22:39:21 +02:00
Àngel Ollé Blázquez
91470b93ea Renamed to pathtraversal 2022-07-31 22:39:21 +02:00
Àngel Ollé Blázquez
37d684fdd3 Renamed to passwordreset 2022-07-31 22:39:21 +02:00
Àngel Ollé Blázquez
4f911c64a1 Renamed to missingac 2022-07-31 22:39:21 +02:00
Àngel Ollé Blázquez
e0a0a80ad9 Renamed to lessontemplate 2022-07-31 22:39:21 +02:00
Àngel Ollé Blázquez
26c289d7d4 Renamed to insecurelogin 2022-07-31 22:39:21 +02:00
Àngel Ollé Blázquez
1eff81718b Renamed to httpproxies 2022-07-31 22:39:21 +02:00
Àngel Ollé Blázquez
08ce1add01 Renamed to httpbasics 2022-07-31 22:39:21 +02:00
Àngel Ollé Blázquez
25948306bd Renamed to htmltampering 2022-07-31 22:39:21 +02:00
Àngel Ollé Blázquez
1c86f465dc Renamed to clientsidefiltering 2022-07-31 22:39:21 +02:00
Àngel Ollé Blázquez
3b330fb328 Renamed to chromedevtools 2022-07-31 22:39:21 +02:00
Àngel Ollé Blázquez
8a35316985 Rename to bypassrestrictions 2022-07-31 22:39:21 +02:00
Àngel Ollé Blázquez
c63345e4ee Rename authbypass 2022-07-31 22:39:21 +02:00
René Zubcevic
4d48bd3d4c fix in style sheet that now shows normal dropdown behaviour (#1315) 2022-07-27 13:44:23 +02:00
Àngel Ollé Blázquez
242fdf39a1 Fixes #1233 - Path traversal seems to contain wrong description 2022-07-24 22:09:16 +02:00
René Zubcevic
20dd3ffb95 Lang switch (#1297) 
* language selector first steps

* language german intro added

* ascii doc lang attribute as additional option

* removed some commented code

* changed adoc resource loader to take into account the selected language

* added readme

* added lang test cases
 2022-07-20 10:52:48 +02:00
Nanne Baars
24fcc8f321 Use starting instead of using. 2022-07-19 21:17:09 +02:00
Nanne Baars
fe7774bb6f Update documentation regarding WebWolf 
WebWolf no longer runs as a separate application we can simplify the description.
 2022-07-19 21:17:09 +02:00
René Zubcevic
9e3eb39069 removed one duplicate label key and made all login and register fields multi language (#1296) 2022-07-16 06:53:39 +02:00
René Zubcevic
e4eb5d783a Some updates and code improvements (#1288) 
* try with resources

* StringBuilder

* removed ant and updated spring boot
 2022-07-10 17:13:26 +02:00
Àngel Ollé Blázquez
dfa31e0a28 JWT doc code typo fix (#1247) 2022-04-20 08:16:21 +02:00