dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,120 Commits 11 Branches 78 Tags
Commit Graph

2120 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
malikashish8
6699456ee1 Bug fix in sample code 2018-11-19 08:15:41 +01:00
Joubin Jabbari
ecbbb5258e encapsulated the WEBGOAT_HOME in quotes 
Encapsulating the `WEBGOAT_HOME` variable in quotes allows for spaces to exist in the path
 2018-11-19 08:14:29 +01:00
Josh Cummings
1520c7571f HTML Tampering Mitigation Description Typo 2018-11-19 08:13:17 +01:00
Omniscimus
5921a06747 Fix SQL injection mitigation answer (fixes #505) 
You need to submit the IP of the webgoat-prd server, not just any of the IPs.
 2018-11-19 08:12:17 +01:00
Chirag Jariwala
b6e4995d11 Fixed Vagrant file 
- Added correct wget urls for .jar files
- changed server address to 0.0.0.0(pointing to all interfaces) because by default it listens for connections on VM's localhost only but we want to access webgoat on NAT adapter via port forwarding
 2018-11-19 08:10:11 +01:00
donkrasnov
a2f28460c0 Update password_reset.html 
Without this attribute it is impossible to pass the lesson "password-reset" `Email functionality with WebWolf`.
 2018-11-19 08:08:41 +01:00
misfir3
0797c3e2bf
Merge pull request #519 from pingiun/patch-1 
Fix typo
 2018-09-13 08:16:11 -07:00
Jelle Besseling
f9a4061604
Fix typo 2018-09-12 09:54:44 +02:00
Nanne Baars
580e50f558 Same form post is used and with autocomplete this does not work because all fields will be posted. The endpoint could no long distinguish between the different actions (sending e-mail and checking password) 2018-08-10 13:15:40 +02:00
Nanne Baars
3d58049af6 docker-compose-local.yml now extends docker-compose.yml 
WebWolf waits for 8 seconds after WebGoat starts so the database connection can be established
 2018-08-08 18:26:12 +02:00
Nanne Baars
bca8b3c650 Fix buildscripts to wait for Docker and build snapshots 2018-08-08 18:23:27 +02:00
Nanne Baars
1252e3dc21 Update instructions to use docker-compose only 2018-07-17 20:17:35 +02:00
Nanne Baars
63a50df7a1 Add hint to lesson users no longer have guess the complete ip address 2018-07-06 18:22:29 +02:00
Nanne Baars
f9e552f1cd Add instructions how to run WebGoat on Java 9 or higher 2018-07-04 19:15:54 +02:00
Nanne Baars
2233550fe1 Adding more solutions for SQL order by lesson 2018-06-22 14:12:37 +02:00
Nanne Baars
cb18295f9f Update hint 2018-06-21 07:53:21 +02:00
Nanne Baars
651698d96c Add different solution for XXE attack 2018-06-21 07:17:27 +02:00
Nanne Baars
4d7d0058c3 Update how to create a release document 2018-06-20 18:38:16 +02:00
Nanne Baars
e3fba396de Merge tag 'v8.0.0.M21' into develop 2018-06-20 18:24:06 +02:00
Nanne Baars
3536fd0b6d Merge branch 'release/v8.0.0.M21' v8.0.0.M21 2018-06-20 18:23:59 +02:00
Nanne Baars
bc84e8f207 Build release when tag is set 2018-06-20 18:22:35 +02:00
Nanne Baars
14dbd47675 Merge tag 'v8.0.0.M20' into develop 
New release M20
 2018-06-20 18:06:26 +02:00
Nanne Baars
898dd90c6f Merge branch 'release/v8.0.0.M20' v8.0.0.M20 2018-06-20 18:06:17 +02:00
Nanne Baars
ac12a009e4 New release v8.0.0.M20 2018-06-20 18:05:59 +02:00
Nanne Baars
699b1bfd89 Only do releases and Docker updates when building master 2018-06-20 18:05:06 +02:00
Nanne Baars
ad77a7ab24 Merge tag 'v8.0.0.M19' into develop 
New release M19
 2018-06-20 16:40:44 +02:00
Nanne Baars
b7278590f5 Merge branch 'release/v8.0.0.M19' v8.0.0.M19 2018-06-20 16:40:33 +02:00
Nanne Baars
9dd93d88d9 New release v8.0.0.M19 2018-06-20 16:40:28 +02:00
Nanne Baars
4c767cb977 Merge tag 'v8.0.0.M18' into develop 
New release
 2018-06-20 16:32:44 +02:00
Nanne Baars
12123ef13b Merge branch 'release/v8.0.0.M18' v8.0.0.M18 2018-06-20 16:32:31 +02:00
Matthias Grundmann
c7da546249 Improve text for lesson about CSRF login 2018-06-16 17:52:18 +02:00
misfir3
a41ff0083c
Merge pull request #479 from misfir3/develop 
Recent updates, including Missing Function AC content & patch for Vuln Components Lesson
 2018-06-13 18:44:09 -06:00
misfir3
701a99cf8f
Merge pull request #487 from matthias-g/xssFixes 
Small lesson improvements
 2018-06-13 18:42:14 -06:00
misfir3
844808bfa7
Merge pull request #485 from matthias-g/fixSQLInjection 
Fix sql injection
 2018-06-13 18:41:05 -06:00
Matthias Grundmann
81aac93dfe
Usage base64 encoded password as expected by JJWT 2018-06-13 17:58:52 +02:00
Matthias Grundmann
e5ec2c1ee0
Fix html attribute 2018-06-13 17:56:57 +02:00
Matthias Grundmann
b0fbeaff2c
This improves the text of the lesson about XSS 2018-06-13 17:56:23 +02:00
Matthias Grundmann
b47bb96534
Update changed password in tests 2018-06-13 16:11:28 +02:00
Matthias Grundmann
3b9b695ef1 Check host header instead of origin which might not be present #475 2018-06-13 11:38:33 +02:00
Matthias Grundmann
1d2575a211 Allow - in usernames because CSRF lesson requires username starting with prefix crsf- #476 2018-06-13 11:38:33 +02:00
Matthias Grundmann
56fc983414
Update database layout so that proposed solution works 2018-06-12 17:40:28 +02:00
Matthias Grundmann
268adbcf7e
Move assignments to correct package so that hints are shown 2018-06-12 17:40:28 +02:00
Matthias Grundmann
f383454440 Fix spelling in JWT lesson 2018-06-12 11:02:51 +02:00
Matthias Grundmann
bae3e75ae2 Fix minor issues in hint view 2018-06-12 11:02:16 +02:00
Matthias Grundmann
a7b82985d4 Fix usage of JJWT API which expects base64 encoded strings as key 2018-06-12 11:01:23 +02:00
Matthias Grundmann
3d282e163c Show newest comments first 
This prevents new comments from not being displayed after a comment containing invalid html has been posted.
 2018-06-12 10:54:13 +02:00
Matthias Grundmann
7068c84c6a Fix parameter in url and some spelling 2018-06-12 10:54:13 +02:00
misfir3
0030c7bdfb
Merge pull request #480 from matthias-g/fixPageNum 
Fix next page button when url doesn't end with page number
 2018-06-07 11:27:29 -06:00
Matthias Grundmann
89f6a73275
Fix next page button when url doesn't end with page number 2018-06-07 19:07:58 +02:00
Jason White
cf0e4e40cf clean up 2018-06-05 14:36:40 -06:00