dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
361 Commits 11 Branches 78 Tags
Commit Graph

55 Commits

Author SHA1 Message Date
cam.morris
85c6843ee4 This change includes two additional CSRF lessons. One for 
by-passing a prompt (showing why prompts don't work).  The second for
by-passing CSRF tokens when XSS exists. 

It also modifies the existing CSRF lesson so that the lesson
can be extended and used by the two new lessons.


git-svn-id: http://webgoat.googlecode.com/svn/trunk@386 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-10-23 21:23:17 +00:00
chuck@securityfoundry.com
72936c72b9 Three new lessons and supporting files and changes to other files. Some changes to other files may not be quite the "right" way to accomplish my goal, so they may need to be updated. I deleted the old BlindSQLInjection lesson (which was by me) since it is replaced by the two new lessons for BlindNumericSqlInjection and BlindStringSqlInjection. Other new lesson is for MaliciousFileExecution, which requires the Apache Commons fileupload library (which in turn needs the commons io library). 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@385 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-10-20 04:30:00 +00:00
mayhew64
0032ffdbfc Changed the credit card user to be the user that was logged in as. Also base64 encoded the user cookie to make finding sql injection slightly harder. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@376 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-02-03 18:16:51 +00:00
soylentmean
97571dbe90 Lots of wording changes and HTML fixes. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@373 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-01-06 21:06:42 +00:00
soylentmean
5506f1c279 Fixing wording a smidge. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@372 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-01-06 20:19:22 +00:00
mayhew64
9331ef0d9a Changes by Chris Roe to fix lesson issues with FireFox. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@371 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-12-17 13:06:29 +00:00
soylentmean
6d1158c40c fixed a typo 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@370 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-12-11 21:15:20 +00:00
mayhew64
f6e994b14e Minor syntax issue with the word prename in the instructions - reported by April King 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@368 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-12-10 23:52:04 +00:00
mayhew64
9d8c58bef3 Removed hardcoded webgoat path for URLs 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@367 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-11-21 16:57:23 +00:00
mayhew64
bab1f6aeb7 Reported by dwpoon, Yesterday (17 hours ago) 
I would like to submit the attached patch to avoid hard-coding
"/WebGoat" as the webapp's context path, at least for the HTTP splitting
lesson.  This issue has also been reported in July 2007; see
https://lists.owasp.org/pipermail/owasp-webgoat/2007-July/000432.html

Also see Issue 15 http://code.google.com/p/webgoat/issues/detail?id=15


git-svn-id: http://webgoat.googlecode.com/svn/trunk@366 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-11-21 12:57:14 +00:00
brandon.devries
5337ef31ff minor bug fixes and enhancements, including proper dollar value formatting 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@364 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-08-14 14:31:17 +00:00
brandon.devries
4c242f52dc minor changes and improving display issues 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@362 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-08-12 17:36:30 +00:00
brandon.devries
a3990f549e some cleanup, and removing unneeded ClassNotFoundExceptions 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@361 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-08-12 14:33:22 +00:00
brandon.devries
2203a1ebd2 corrected spelling and some formatting 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@360 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-08-11 14:39:09 +00:00
brandon.devries
ba6560b24a Formatting according to OWASP WebGoat Java Style 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@359 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-08-05 17:32:17 +00:00
mayhew64
d849168ce1 Smaller eclipse workspace 
Changed workspace name to reflect WebGoat 
Added the video solutions link
Update readmen to reflect contributions and new stuff

git-svn-id: http://webgoat.googlecode.com/svn/trunk@355 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-07-12 15:40:13 +00:00
sherif.fathy
c8908f6911 Actually, I think the problem was happening because the lesson was returning the lesson HTML again incase of incorrect key to eval was throwing an error trying to evaluate a whole bunch of HTML. Fixed this by catching the exception and showing an appropriate message. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@354 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-07-12 05:56:41 +00:00
mayhew64
fbf2a079c8 Added bug report 
Added message for missing solutions
Minor edits to lesson plans

git-svn-id: http://webgoat.googlecode.com/svn/trunk@353 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-07-11 00:05:05 +00:00
mayhew64
ec95ba4089 Separated DB usage for messages in CSRF and Stored XSS 
Many cosmetic english changes
Fixed IE rendering for Challenge
 

git-svn-id: http://webgoat.googlecode.com/svn/trunk@350 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-07-09 00:17:20 +00:00
mayhew64
b0ade9782e Minor 5.2 changes. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@349 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-05-13 03:44:40 +00:00
mayhew64
429fd7b0a9 Alphabetized categories 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@347 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-05-12 13:10:17 +00:00
mayhew64
9071b86a59 Reorder categories to be alphabetized 
Changed unvalidated input to parameter tampering

git-svn-id: http://webgoat.googlecode.com/svn/trunk@346 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-22 16:45:29 +00:00
mayhew64
243f8ca360 Minor fixes 
removed many System.out.printlns
delete extra solutions directory - wrong location
added 5.2 credits

git-svn-id: http://webgoat.googlecode.com/svn/trunk@344 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-22 15:34:54 +00:00
wirth.marcel
314c350079 Minor changes... Tan gets now only updatet after it was correct 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@341 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-18 08:38:51 +00:00
wirth.marcel
2649bcb086 Session Fixation instructions altered 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@340 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-15 09:43:34 +00:00
wirth.marcel
e2ca7f9a33 Minor Bugfixes 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@338 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-14 13:28:25 +00:00
wirth.marcel
80d07fb62c Minor fixes 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@337 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-14 12:03:55 +00:00
wirth.marcel
8182db6dc4 InsecureLogin Credits added. Instructions changed 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@335 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-14 08:35:33 +00:00
wirth.marcel
40a997f6be SessionFixation and TomcatSetup edited 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@333 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-14 07:50:12 +00:00
wirth.marcel
55b36e911b InsecureLogin finished 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@327 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-13 22:17:07 +00:00
wirth.marcel
b24d805e93 Minor changes 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@326 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-13 22:16:35 +00:00
wirth.marcel
67f2783430 CreateDB altered for insecure_communication altered 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@325 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-13 17:18:36 +00:00
wirth.marcel
053112e7e0 Insecure Communication added 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@324 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-13 17:05:51 +00:00
wirth.marcel
1fca79e494 Warnings fixed: 
Unneded imports deleted
Never read variables deleted

git-svn-id: http://webgoat.googlecode.com/svn/trunk@323 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-13 15:15:09 +00:00
wirth.marcel
265475391e Tomcat Setup instructions added 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@318 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-13 09:26:15 +00:00
wirth.marcel
dc9daba1c0 SessionFixation completed 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@317 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-12 08:28:54 +00:00
wirth.marcel
acaccaa9b9 Minor fixes 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@316 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-12 08:20:46 +00:00
wirth.marcel
789d72e589 Session Fixation bugfix 
MultiLevelLogin2 bugfix

git-svn-id: http://webgoat.googlecode.com/svn/trunk@315 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-10 08:52:11 +00:00
wirth.marcel
7a0f43ca56 Session Fixation 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@311 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-09 14:09:31 +00:00
wirth.marcel
361e142442 MultiLevelLogin2 database 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@310 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-09 12:05:28 +00:00
wirth.marcel
fa0c7eff8a MultiLevelLogin1 database changes 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@309 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-09 12:02:15 +00:00
wirth.marcel
aa23f8169b Hint 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@308 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-09 11:54:02 +00:00
wirth.marcel
6119e33ccc Hint 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@307 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-09 11:52:03 +00:00
wirth.marcel
c4092d2669 Session Fixation 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@306 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-09 11:51:04 +00:00
wirth.marcel
ee6d8ad2d5 MultiLevel Login1 fix 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@305 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-09 11:49:56 +00:00
wirth.marcel
db7994052f Hints are declared now 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@304 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-08 11:40:36 +00:00
wirth.marcel
eabdc53709 MultiLevelLogin 2 data stored now in session 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@303 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-08 07:51:47 +00:00
wirth.marcel
aec76a30e4 MultiLevel Login 1 user name and so on now saved in the session 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@302 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-08 07:25:14 +00:00
wirth.marcel
82e32acb77 * Hints added 
* Solutions added
* Bugfixes
* Introduction added (including how to start with webgoat and useful tools)
* New lesson: Password strength
* New lessons: Multi Level Login
* Not yet working new lesson: Session fixation (inital release)

git-svn-id: http://webgoat.googlecode.com/svn/trunk@301 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-07 14:28:38 +00:00
mayhew64
ce703bc67d Fix for Issue 5. Removed single ticks on hint for order by clause. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@295 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-04 12:54:36 +00:00