dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,459 Commits 11 Branches 78 Tags
Commit Graph

629 Commits

Author SHA1 Message Date
Maxim Masiutin
ad5ab4ca2e
Fixes #321 (#935) 
Copyright year was "20014", replaced to "2014"
Fixed the old github.io URL which no longer exist
See https://github.com/WebGoat/WebGoat/issues/321
 2021-02-18 19:06:11 +01:00
strollingHeifer
522f6b5fff
Fixed a typo (#936) 
Fixed a typo in the documentation and added a colon for better readability
 2021-02-18 19:04:00 +01:00
avivmu
215b3b4e78
Remove redundant escaping in regex (#929) 2021-02-11 15:13:38 +01:00
NatasG
00c4be63f0
Fix sql injection line comments issue. (#925) 2021-01-19 10:47:04 +01:00
Kelly Marchewa
2e581d6bdb
docs: update SQLi lesson text (#928) 
- corrected typos/grammar issues
  - restructured sentences for clarity
 2021-01-19 10:29:16 +01:00
avivmu
b20f6492a3
Simplify regex (#927) 2021-01-15 14:36:04 +01:00
avivmu
74b218b2a7
Use try with resources instead of try (#921) 
* Use try with resources instead of try

* Remove unused lesson

* Remove unused fields
 2021-01-13 18:21:04 +01:00
René Zubcevic
b219854f81
fix in case external site is down (#919) 2021-01-11 20:15:23 +01:00
avivmu
dea4a9d2a9
Small improvements (#918) 
* Typo fix

* No need to use thread-safe object

* Use String case in-sensitive equals
 2021-01-11 16:38:14 +01:00
René Zubcevic
60c7fdd0db activation button tested 2020-12-09 19:40:16 +01:00
René Zubcevic
bce4c775bf initial idea for explanation on static code analysis and experience of the fix 2020-12-09 19:40:16 +01:00
Gabriel M. Schuyler
b1495a8cd5
Fix typo (#909) 2020-12-03 14:23:23 +01:00
René Zubcevic
574039902d changed version to snapshot version and introduced revision parameter 
for it
 2020-11-27 12:15:19 +01:00
Eskil Andréen
74cca6d185
Add missing trailing double quote in sql query (#897) 2020-11-19 07:45:07 +01:00
Nanne Baars
488a8e934a #843: Add readonly field and update the layout of the assignment 2020-11-04 20:35:05 +01:00
Nanne Baars
753a2db958 #846: add extra test to verify whether the solution is solved for the original user as well 2020-11-04 20:35:05 +01:00
Nanne Baars
37e9359c9e #841: Clarify the lesson based on the comments 
- Output messages more clear
- Replace success to failure (otherwise lesson is marked complete immediately)
- Fix the layout of the lesson (remove whitespace update buttons)
 2020-11-04 20:35:05 +01:00
Nanne Baars
7b8523dcab #839: fix the SQL statement as this one does not express that the orderBy clause input is user input 2020-11-04 20:35:05 +01:00
Nanne Baars
dac011db78 fix failing test (order) 2020-10-21 08:05:53 +02:00
Nanne Baars
41879c4603 Blind XXE lesson blocks including the file in the comment directly 2020-10-20 22:09:49 +02:00
Nanne Baars
641d75e734 Link to the original lesson for the goal 2020-10-20 22:09:49 +02:00
Kelly Marchewa
e4ec90db8a chore: update CIA grammar and content 
- misc. grammatical edits
  - add a few more examples
 2020-10-15 08:39:28 +02:00
René Zubcevic
d5f78351a2
lesson pages updated based on comments for #834 and #836 (#864) 2020-08-23 15:36:01 +02:00
René Zubcevic
ef6993c636 improving lesson due to issue #845 2020-07-09 19:21:42 +02:00
René Zubcevic
db9e1c4c4f first step 2020-07-09 19:21:42 +02:00
René Zubcevic
317573c897
Small fixes june 2020 (#857) 
* issue 849

* another integration test for a challenge

* fixing issue 848

* updated link for issue 833

* fix for 847
 2020-07-08 19:26:09 +02:00
Roy Stultiens
ba8444dd85
Update 1proxysetupsteps.adoc (#854) 
thanks for the fix
 2020-07-04 08:00:32 +02:00
Mike Robinson
219aad0bbc
Correcting incorrect information (#835) 
Thanks for the improvement. Hope you liked the lesson.
 2020-06-19 17:00:43 +02:00
Elie De Brauwer
98d17433f1 HTML Tampering mitigation: Typo fixes 2020-05-25 09:09:26 +02:00
Elie De Brauwer
11a7814626 Dinis Cruz Blog 
This was discussed in ticket https://github.com/WebGoat/WebGoat/issues/724 however the Dinis Cruz Blog remains available through a blogspot.com URL which might be more interesting to reference than an web.archive.org link.
 2020-05-25 09:08:55 +02:00
Elie De Brauwer
5311db8564 XSS Quiz: Fix 404 
The original URL was malformed because it contained a closing ) which did not end up in the link. However the corrected link performs a redirect to the link provided in this patch.
 2020-05-25 09:08:09 +02:00
Elie De Brauwer
ae156a4a0f Function AC User: Spelling and grammar fixes. 2020-05-25 09:07:31 +02:00
Elie De Brauwer
9576c6b9da Function AC Lesson 1: Spelling and grammar fixes. 2020-05-25 09:07:31 +02:00
Elie De Brauwer
6c83457231 Function ac intro: Spelling and grammar update 2020-05-25 09:07:31 +02:00
Elie De Brauwer
060851a4a2 IDOR_intro.adoc: Fix 404 
The closing ')' in the URL was not taken up in the link causing a 404 when clicking the URL.
 2020-05-24 09:57:29 +02:00
Elie De Brauwer
671691a5ed XXE_changing_content_type.adoc: Typo fixes 2020-05-24 09:56:43 +02:00
Elie De Brauwer
f326755190 XXE_intro.adoc: Typo fixes 2020-05-24 09:56:43 +02:00
Elie De Brauwer
99edda6029 XXE_plan.adoc: Typo fixes 2020-05-24 09:56:43 +02:00
Elie De Brauwer
717f852680 InsecureLogin_intro.adoc: Typo fix 2020-05-24 09:56:43 +02:00
Elie De Brauwer
c42d6b15c3 SecurePasswordsAssignment: Fix output formatting 
- When solving the solution (entering a correct password) then the 'Score: 4/4' does not start on a new line, instead it is glue to the Estimated cracking time line. As a solution the </br> is added as a suffix on that line (and successive lines).
- Maximum score is 4, not 5 (see also the assignment, and https://github.com/nulab/zxcvbn4j/blob/master/src/main/java/com/nulabinc/zxcvbn/TimeEstimates.java#L23 which is the origin of getScore() )
 2020-05-24 09:56:01 +02:00
Elie De Brauwer
dfa3242aeb Delete unused PasswordReset_password_reset_link.adoc 
Not referenced in webgoat-lessons/password-reset/src/main/resources/html/PasswordReset.html, looks like a placeholder/dead code.
 2020-05-24 09:39:18 +02:00
Elie De Brauwer
23762885fa PasswordReset_host_header.adoc: Typo fixes 2020-05-24 09:39:18 +02:00
Elie De Brauwer
60087e441d PasswordReset_SecurityQuestions.adoc: Typo fix. 2020-05-24 09:39:18 +02:00
Elie De Brauwer
2e8d0dd9b5 PasswordReset_plan.adoc: Spelling fixes 2020-05-24 09:38:25 +02:00
Elie De Brauwer
966d7a7aed JWT_refresh.adoc: Fix spelling issues 2020-05-24 09:37:47 +02:00
Nanne Baars
39740e069e New release 2020-05-22 14:10:31 +02:00
Nanne Baars
5739705d8a Process review comments 2020-05-22 10:10:42 +02:00
Nanne Baars
9b72610510 Extend XXE lesson with more content and add solution description 
Remove obsolete images
Add stylesheet items specific for asciidoctor so we can for icons and source numbering
 2020-05-22 10:10:42 +02:00
René Zubcevic
c4a046bd12
Ch1 less default (#814) 
* random pincode in challenge1

* unit test fix
 2020-05-12 08:49:48 +02:00
René Zubcevic
f520c3589c
flag submission fixed (#812) 2020-05-07 11:04:00 +02:00