dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
274 Commits 11 Branches 78 Tags
Commit Graph

274 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
mayhew64
99ec50f096 Issue 6 Fix - Change netstat protocols to lower case to support unix. Some windows protocols will not work on unix. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@294 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-04 12:33:17 +00:00
mayhew64
ed10cb41b3 Minor FAQ change 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@288 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-02-27 00:58:37 +00:00
mayhew64
841c995be7 Reformat of Java source. Added JavaStyle format definitions. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@287 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-02-27 00:29:19 +00:00
mayhew64
a2bc152f80 Added webgoat.sh to all builds 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@277 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-02-06 13:33:36 +00:00
mayhew64
80c1b16f3e Changed ExecuteQuery to executeUpdate to remove empty result set error which stopped the lesson from working for HSQLDB 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@276 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-02-05 21:24:20 +00:00
mayhew64
5e8f7c7096 Obsolete file 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@275 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-02-05 21:19:09 +00:00
rogan.dawes
dbfabf44b3 fixing typo / bug 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@274 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-14 14:02:21 +00:00
rogan.dawes
f7a19f534c Miscellaneous bug fixes 
divide by zero, inaccurate discount and totals, reflection of user input


git-svn-id: http://webgoat.googlecode.com/svn/trunk@273 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-14 14:02:11 +00:00
mayhew64
72c18c5426 Removed space from " webgoat" directory name 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@272 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-12 17:42:01 +00:00
rogan.dawes
280b46029b Make stage completion messages appear in a logical order 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@270 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 20:43:48 +00:00
rogan.dawes
45d7b763d4 Remove an unnecessary printStackTrace() 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@269 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 20:21:10 +00:00
mayhew64
cbb5358485 Changes for OWASP Developer build for 5.1 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@268 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 17:44:49 +00:00
mayhew64
b7156e12da Added hint about extra "." in http://localhost./ 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@267 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 17:39:07 +00:00
mayhew64
36ca8e5598 Challenge jsp is supposed to be a clone of the webgoat.jsp 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@266 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 13:48:42 +00:00
mayhew64
ef79edca0a Changes for OWASP Standard build for 5.1 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@265 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 13:43:46 +00:00
mayhew64
aa62ffbb71 No longer delivering standalone war 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@264 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 13:36:06 +00:00
mayhew64
6834cac8fa Commented out console debugging output 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@263 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 12:57:39 +00:00
mayhew64
8e83229be8 Show solution button graphics 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@262 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 12:52:37 +00:00
mayhew64
97a1291648 Java mail APIs for unchecked email lesson 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@261 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 12:50:27 +00:00
rogan.dawes
d8f7ce2a4f Add a link to the WSDL file in the 3rd stage of SOAPRequest 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@260 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:52:02 +00:00
rogan.dawes
1b6789304c Fix a hint to refer to the right field 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@259 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:51:43 +00:00
rogan.dawes
8d85b2da23 Change UpdateProfile to always use a PreparedStatement, to avoid SQL Injection attacks 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@258 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:49:12 +00:00
rogan.dawes
f78d70a8e7 Only mark Stage 1 complete when someone else views the exploit 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@257 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:48:30 +00:00
rogan.dawes
dd6a893f28 minor changes 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@256 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:48:01 +00:00
rogan.dawes
489bff08f8 cleaning up a bit 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@255 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:47:33 +00:00
rogan.dawes
457a868113 adding XHR lesson 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@254 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:46:57 +00:00
rogan.dawes
4066296d30 changing name of lesson 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@253 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:46:18 +00:00
rogan.dawes
b3591580a9 clarifying instructions and importing a .js 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@252 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:45:44 +00:00
rogan.dawes
dc3ad6453d adding backup files 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@251 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:45:23 +00:00
rogan.dawes
f27dae0773 changing location of RegexMatch.dll 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@250 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:45:07 +00:00
rogan.dawes
8e1fb2caa3 added console debugging line 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@249 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:44:56 +00:00
rogan.dawes
2bb4df8ef1 added console debugging line 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@248 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:44:43 +00:00
rogan.dawes
ebfcd02a9f updating AJAX lesson plans 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@247 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:44:27 +00:00
rogan.dawes
a84d0e951d making ajax impovements 
Also convert SQL server file from Unix to DOS line endings


git-svn-id: http://webgoat.googlecode.com/svn/trunk@246 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:44:09 +00:00
rogan.dawes
a8c87e0704 Move the SQL Server instructions into a single file 
Previously, the solution to this lesson involved a complex
set of operations, loading assemblies, creating functions, etc

Now that that is all done during the set up phase, and is not
expected of the student, the solution is easy to fit into
the instructor file.


git-svn-id: http://webgoat.googlecode.com/svn/trunk@245 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:14:46 +00:00
rogan.dawes
1621a39e35 Provide an example of how to override the default setting using environment variables 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@244 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:14:30 +00:00
rogan.dawes
12554493cd Change the default Oracle password back to webgoat (no _) 
No good reason to change it actually.


git-svn-id: http://webgoat.googlecode.com/svn/trunk@243 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:14:27 +00:00
rogan.dawes
71330946f4 Make it possible to override WebGoat context settings via environment variables 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@242 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:14:17 +00:00
rogan.dawes
c31ef90a3d Allow overriding of the WebGoat context setting via environment variables 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@241 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:14:06 +00:00
rogan.dawes
36b32849df Add support for MS SQL Server in the DB Labs 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@240 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:13:52 +00:00
rogan.dawes
900a222316 Change the default webgoat password 
Add an underscore to the password to allow us to keep the same
password across multiple platforms, including those that enforce
password quality (e.g. SQL Server)


git-svn-id: http://webgoat.googlecode.com/svn/trunk@239 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:13:21 +00:00
rogan.dawes
cb2a3784b6 Change DBSQLInjection lesson to count the matched rows 
This is an improvement over expecting the stored proc
to throw an exception, and is more portable


git-svn-id: http://webgoat.googlecode.com/svn/trunk@238 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:13:13 +00:00
rogan.dawes
0149a699a3 minor bug fixes. 
Minor updates to concurrency cart


git-svn-id: http://webgoat.googlecode.com/svn/trunk@237 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:12:44 +00:00
rogan.dawes
1ce614f733 Merge with major changes made by Aspect 
Several new lessons added


git-svn-id: http://webgoat.googlecode.com/svn/trunk@236 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:12:31 +00:00
rogan.dawes
137b7c813c several minor bug fixes. 
UpdateProfile uses prepared statements.
ReflectedXSS "code" input field vulnerable to XSS.
Minor updates to concurrency cart


git-svn-id: http://webgoat.googlecode.com/svn/trunk@235 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:11:50 +00:00
rogan.dawes
6c9c53b938 Remove some unused imports 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@234 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:11:27 +00:00
rogan.dawes
c3cee22113 Fix database connetion handling. 
Oracle requires us to close our connections after each
request (or else implement a connection pool), otherwise
we will end up running out of available connections.

While the mechanism for doing this was added in a previous
change, actually using it correctly was omitted somehow.
Fix that now.


git-svn-id: http://webgoat.googlecode.com/svn/trunk@233 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:11:12 +00:00
rogan.dawes
aab0125c50 Synchronize access to the DatabaseUtilities core methods 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@232 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:10:39 +00:00
rogan.dawes
531991f26d Replace the "Stage n" text in the instructions 
Since we now use a link in the menu to choose a stage, rather than the
drop down, we need the Stage number to be visible


git-svn-id: http://webgoat.googlecode.com/svn/trunk@231 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:10:29 +00:00
rogan.dawes
8b21a7785e Update the DB lessons 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@230 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:10:10 +00:00