786cabd251
Make webjar dependencies version agnostic
2023-08-24 16:43:28 +02:00
4ba818533c
fix: WebWolf JWT jquery webjar
2023-08-09 01:32:03 +02:00
a9b1fd66b8
feat: implement JWT jku example ( #1552 )
...
Closes #1539
2023-08-08 17:18:22 +02:00
25f49537e7
bug: Fix IDOR lesson
2023-07-16 17:14:27 +02:00
1df7ca61a3
Text content improvement
2023-06-15 19:26:33 +02:00
75398feca0
Add hints
2023-06-15 19:26:33 +02:00
ca886b4818
feat: upgrade to Spring Boot version 3 ( #1477 )
2023-06-04 11:19:47 +02:00
ac6de9d788
Fix typo of HijackSession_content0.adoc
2023-04-17 09:04:15 +02:00
ecfc321f14
feature: Add extra feedback once someone solves JWT refresh lesson differently
...
One can solve this lesson by using `alg:none` instead of using the refresh token flow. Instead of adding a check to force using the refresh token we opt for giving the user extra feedback.
2023-02-16 20:32:27 +00:00
075b1ab30a
Fix WebWolf JWT tool
2023-02-15 22:40:24 +00:00
3901814363
Fix documentation link for XXE mitigation.
2023-01-05 19:00:12 +01:00
dca415099f
Remove unused JavaScript function
2023-01-05 11:33:00 +01:00
54e115aff0
Update the solution with WebWolf URLs
...
The new solution uses WebWolf paths as these will change automatically when a user start WebGoat on a different port. It no longer depends on the hardcoded port `8080`.
2023-01-05 11:02:45 +01:00
fcaa2d8589
Fix zip slip lesson.
...
The lesson did not work properly as the directory is reused across several path traversal lessons. First thing before uploading the zip file we now clean the directory.
The html had a reference to a location of the profile picture, this was part of a hint but this only causes confusion as this is not indicating to where you need to upload the picture with the Zip Slip vulnerability.
The assignment now contains a direct hint as where the image needs to be saved. The assignment is about creating a vulnerable zip file and NOT about guessing where the image should be saved inside WebGoat.
2023-01-05 11:02:45 +01:00
9666597164
- Add reference to the WebWolf icon in the top right corner.
...
- Format all text of the lesson
2023-01-04 08:07:51 +01:00
32468ff90b
Add sql lesson ( #1370 )
2023-01-04 07:42:29 +01:00
71ec36102f
Fix typo
2022-12-01 21:34:19 +01:00
b51be74cab
typofix
2022-11-28 17:10:14 +01:00
96c2595ad0
Update interface name to exploit
...
The name is
org.owasp.webgoat.lessons.vulnerablecomponents.Contact
not
org.owasp.webgoat.vulnerablecomponents.Contact
2022-09-21 22:32:16 +02:00
f5e4d4717a
FixTypo - Fix typo in various lesson documentations
2022-08-30 22:21:22 +02:00
50f932b02e
Renamed to webwolfintroduction
2022-07-31 22:39:21 +02:00
251167c6b0
Renamed to webgoatintroduction
2022-07-31 22:39:21 +02:00
256c1dd3aa
Renamed to vulnerablecomponents
2022-07-31 22:39:21 +02:00
b93c935d6c
Renamed to sqlinjection
2022-07-31 22:39:21 +02:00
827a9d3467
Renamed to securepasswords
2022-07-31 22:39:21 +02:00
91470b93ea
Renamed to pathtraversal
2022-07-31 22:39:21 +02:00
37d684fdd3
Renamed to passwordreset
2022-07-31 22:39:21 +02:00
4f911c64a1
Renamed to missingac
2022-07-31 22:39:21 +02:00
e0a0a80ad9
Renamed to lessontemplate
2022-07-31 22:39:21 +02:00
26c289d7d4
Renamed to insecurelogin
2022-07-31 22:39:21 +02:00
1eff81718b
Renamed to httpproxies
2022-07-31 22:39:21 +02:00
08ce1add01
Renamed to httpbasics
2022-07-31 22:39:21 +02:00
25948306bd
Renamed to htmltampering
2022-07-31 22:39:21 +02:00
1c86f465dc
Renamed to clientsidefiltering
2022-07-31 22:39:21 +02:00
3b330fb328
Renamed to chromedevtools
2022-07-31 22:39:21 +02:00
8a35316985
Rename to bypassrestrictions
2022-07-31 22:39:21 +02:00
c63345e4ee
Rename authbypass
2022-07-31 22:39:21 +02:00
005b9f03a4
search the menu using input box ( #1317 )
...
* working version
* change onchange to oninput with minimum of three chars
* working version with delay and fix for category click
2022-07-31 20:45:09 +02:00
4d48bd3d4c
fix in style sheet that now shows normal dropdown behaviour ( #1315 )
2022-07-27 13:44:23 +02:00
242fdf39a1
Fixes #1233 - Path traversal seems to contain wrong description
2022-07-24 22:09:16 +02:00
20dd3ffb95
Lang switch ( #1297 )
...
* language selector first steps
* language german intro added
* ascii doc lang attribute as additional option
* removed some commented code
* changed adoc resource loader to take into account the selected language
* added readme
* added lang test cases
2022-07-20 10:52:48 +02:00
24fcc8f321
Use starting instead of using.
2022-07-19 21:17:09 +02:00
ff965c83be
Adjust year
2022-07-19 21:17:09 +02:00
2aa3609461
Fix typo
2022-07-19 21:17:09 +02:00
fe7774bb6f
Update documentation regarding WebWolf
...
WebWolf no longer runs as a separate application we can simplify the description.
2022-07-19 21:17:09 +02:00
9e3eb39069
removed one duplicate label key and made all login and register fields multi language ( #1296 )
2022-07-16 06:53:39 +02:00
4fc03381a8
Label hint tests ( #1293 )
...
* label test
* adjusted it test filter
* label test added
2022-07-15 08:17:11 +02:00
e4eb5d783a
Some updates and code improvements ( #1288 )
...
* try with resources
* StringBuilder
* removed ant and updated spring boot
2022-07-10 17:13:26 +02:00
3c0b243797
Added new active developer ( #1249 )
...
Fix footer
2022-05-06 07:34:49 +02:00
dfa31e0a28
JWT doc code typo fix ( #1247 )
2022-04-20 08:16:21 +02:00
