dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
95 Commits 11 Branches 78 Tags
Commit Graph

54 Commits

Author SHA1 Message Date
cam.morris
d2a6a2b272 This change includes two additional CSRF lessons. One for 
by-passing a prompt (showing why prompts don't work).  The second for
by-passing CSRF tokens when XSS exists. 

It also modifies the existing CSRF lesson so that the lesson
can be extended and used by the two new lessons.


git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@386 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-10-23 21:23:17 +00:00
chuck@securityfoundry.com
b4af6471b1 Three new lessons and supporting files and changes to other files. Some changes to other files may not be quite the "right" way to accomplish my goal, so they may need to be updated. I deleted the old BlindSQLInjection lesson (which was by me) since it is replaced by the two new lessons for BlindNumericSqlInjection and BlindStringSqlInjection. Other new lesson is for MaliciousFileExecution, which requires the Apache Commons fileupload library (which in turn needs the commons io library). 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@385 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-10-20 04:30:00 +00:00
mayhew64
976671949e Changed the credit card user to be the user that was logged in as. Also base64 encoded the user cookie to make finding sql injection slightly harder. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@376 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-02-03 18:16:51 +00:00
soylentmean
b8c1d13e50 Lots of wording changes and HTML fixes. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@373 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-01-06 21:06:42 +00:00
soylentmean
8a372baa01 Fixing wording a smidge. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@372 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-01-06 20:19:22 +00:00
mayhew64
01b845beb9 Changes by Chris Roe to fix lesson issues with FireFox. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@371 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-12-17 13:06:29 +00:00
soylentmean
7a55b7e02f fixed a typo 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@370 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-12-11 21:15:20 +00:00
mayhew64
696550ccb0 Minor syntax issue with the word prename in the instructions - reported by April King 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@368 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-12-10 23:52:04 +00:00
mayhew64
7998e60f29 Removed hardcoded webgoat path for URLs 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@367 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-11-21 16:57:23 +00:00
mayhew64
c0d2d13e5a Reported by dwpoon, Yesterday (17 hours ago) 
I would like to submit the attached patch to avoid hard-coding
"/WebGoat" as the webapp's context path, at least for the HTTP splitting
lesson.  This issue has also been reported in July 2007; see
https://lists.owasp.org/pipermail/owasp-webgoat/2007-July/000432.html

Also see Issue 15 http://code.google.com/p/webgoat/issues/detail?id=15


git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@366 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-11-21 12:57:14 +00:00
brandon.devries
5854b66614 minor bug fixes and enhancements, including proper dollar value formatting 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@364 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-08-14 14:31:17 +00:00
brandon.devries
a185de3fa0 minor changes and improving display issues 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@362 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-08-12 17:36:30 +00:00
brandon.devries
775fdad7c4 some cleanup, and removing unneeded ClassNotFoundExceptions 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@361 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-08-12 14:33:22 +00:00
brandon.devries
9c84df3d6c corrected spelling and some formatting 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@360 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-08-11 14:39:09 +00:00
brandon.devries
17af39e428 Formatting according to OWASP WebGoat Java Style 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@359 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-08-05 17:32:17 +00:00
mayhew64
8f06b0197b Smaller eclipse workspace 
Changed workspace name to reflect WebGoat 
Added the video solutions link
Update readmen to reflect contributions and new stuff

git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@355 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-07-12 15:40:13 +00:00
sherif.fathy
581151f166 Actually, I think the problem was happening because the lesson was returning the lesson HTML again incase of incorrect key to eval was throwing an error trying to evaluate a whole bunch of HTML. Fixed this by catching the exception and showing an appropriate message. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@354 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-07-12 05:56:41 +00:00
mayhew64
084c43381b Added bug report 
Added message for missing solutions
Minor edits to lesson plans

git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@353 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-07-11 00:05:05 +00:00
mayhew64
71460125b6 Separated DB usage for messages in CSRF and Stored XSS 
Many cosmetic english changes
Fixed IE rendering for Challenge
 

git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@350 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-07-09 00:17:20 +00:00
mayhew64
29f0222258 Minor 5.2 changes. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@349 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-05-13 03:44:40 +00:00
mayhew64
40ee15bcaa Alphabetized categories 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@347 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-05-12 13:10:17 +00:00
mayhew64
ba26dd3a84 Reorder categories to be alphabetized 
Changed unvalidated input to parameter tampering

git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@346 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-22 16:45:29 +00:00
mayhew64
2dd882a9a8 Minor fixes 
removed many System.out.printlns
delete extra solutions directory - wrong location
added 5.2 credits

git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@344 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-22 15:34:54 +00:00
wirth.marcel
decc426267 Minor changes... Tan gets now only updatet after it was correct 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@341 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-18 08:38:51 +00:00
wirth.marcel
1493631f02 Session Fixation instructions altered 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@340 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-15 09:43:34 +00:00
wirth.marcel
c001a67b95 Minor Bugfixes 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@338 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-14 13:28:25 +00:00
wirth.marcel
15d80a3006 Minor fixes 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@337 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-14 12:03:55 +00:00
wirth.marcel
42d4fd322d InsecureLogin Credits added. Instructions changed 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@335 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-14 08:35:33 +00:00
wirth.marcel
5b8d96453b SessionFixation and TomcatSetup edited 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@333 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-14 07:50:12 +00:00
wirth.marcel
5bcf14ba75 InsecureLogin finished 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@327 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-13 22:17:07 +00:00
wirth.marcel
7005c4a202 Minor changes 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@326 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-13 22:16:35 +00:00
wirth.marcel
6085432f2a CreateDB altered for insecure_communication altered 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@325 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-13 17:18:36 +00:00
wirth.marcel
fcdd08861d Insecure Communication added 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@324 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-13 17:05:51 +00:00
wirth.marcel
2b4043d4bd Warnings fixed: 
Unneded imports deleted
Never read variables deleted

git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@323 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-13 15:15:09 +00:00
wirth.marcel
df1a586ae8 Tomcat Setup instructions added 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@318 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-13 09:26:15 +00:00
wirth.marcel
32f9c3e7d4 SessionFixation completed 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@317 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-12 08:28:54 +00:00
wirth.marcel
6f3d94dff4 Minor fixes 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@316 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-12 08:20:46 +00:00
wirth.marcel
478b6defc8 Session Fixation bugfix 
MultiLevelLogin2 bugfix

git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@315 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-10 08:52:11 +00:00
wirth.marcel
7e7936e43c Session Fixation 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@311 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-09 14:09:31 +00:00
wirth.marcel
13eb970062 MultiLevelLogin2 database 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@310 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-09 12:05:28 +00:00
wirth.marcel
18bc8b5d3d MultiLevelLogin1 database changes 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@309 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-09 12:02:15 +00:00
wirth.marcel
ed4a365b64 Hint 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@308 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-09 11:54:02 +00:00
wirth.marcel
bebafc835f Hint 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@307 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-09 11:52:03 +00:00
wirth.marcel
57270c8643 Session Fixation 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@306 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-09 11:51:04 +00:00
wirth.marcel
45a3477809 MultiLevel Login1 fix 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@305 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-09 11:49:56 +00:00
wirth.marcel
ff380181cd Hints are declared now 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@304 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-08 11:40:36 +00:00
wirth.marcel
9130ab3e22 MultiLevelLogin 2 data stored now in session 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@303 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-08 07:51:47 +00:00
wirth.marcel
0fa1e39fbe MultiLevel Login 1 user name and so on now saved in the session 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@302 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-08 07:25:14 +00:00
wirth.marcel
5d930ec235 * Hints added 
* Solutions added
* Bugfixes
* Introduction added (including how to start with webgoat and useful tools)
* New lesson: Password strength
* New lessons: Multi Level Login
* Not yet working new lesson: Session fixation (inital release)

git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@301 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-07 14:28:38 +00:00
mayhew64
84f01ba70a Fix for Issue 5. Removed single ticks on hint for order by clause. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@295 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-04 12:54:36 +00:00