dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
WebGoat/ webgoat/main/project/WebContent/lessons/CrossSiteScripting/ViewProfile.jsp
mayhew64 98949c00d8 Moved remotely 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@15 4033779f-a91e-0410-96ef-6bf7bf53c507
2006-09-30 13:41:26 +00:00

174 lines
4.8 KiB
Plaintext
Raw Blame History

<!--
STAGE 4 FIXES Look for the <-- STAGE 4 - FIX
-->
<%@ page contentType="text/html; charset=ISO-8859-1" language="java"
import="org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.CrossSiteScripting.*" errorPage="" %>
<%
WebSession webSession = ((WebSession)session.getAttribute("websession"));
Employee employee = (Employee) session.getAttribute("CrossSiteScripting." + CrossSiteScripting.EMPLOYEE_ATTRIBUTE_KEY);
// int myUserId = getIntSessionAttribute(webSession, "CrossSiteScripting." + CrossSiteScripting.USER_ID);
%>
<div class="lesson_title_box"><strong>Welcome Back </strong><span class="lesson_text_db"><%=webSession.getUserNameInLesson()%></span></div>
<div class="lesson_text">
<Table>
<TR><TD>
First Name:
</TD>
<TD>
<%=employee.getFirstName()%>
</TD>
<TD>
Last Name:
</TD>
<TD>
<%=employee.getLastName()%>
</TD>
</TR>
<TR><TD>
Street:
</TD>
<TD>
<!-- STAGE 4 - FIX Note that the description value below gets encoded and address1 here is not -->
<%=employee.getAddress1()%>
</TD>
<TD>
City/State:
<TD>
<%=employee.getAddress2()%>
</TD>
</TR>
<TR><TD>
Phone:
</TD>
<TD>
<%=employee.getPhoneNumber()%>
</TD>
<TD>
Start Date:
</TD>
<TD>
<%=employee.getStartDate()%>
</TD>
</TR>
<TR><TD>
SSN:
</TD>
<TD>
<%=employee.getSsn()%>
</TD>
<TD>
Salary:
</TD>
<TD>
<%=employee.getSalary()%>
</TD>
</TR>
<TR><TD>
Credit Card:
</TD>
<TD>
<%=employee.getCcn()%>
</TD>
<TD>
Credit Card Limit:
</TD>
<TD>
<%=employee.getCcnLimit()%>
</TD>
</TR>
<TR><TD>
Comments:
</TD>
<TD>
<!-- Encode data that might contain HTML content to protect against XSS -->
<%=webSession.htmlEncode(employee.getPersonalDescription())%>
</TD>
<TD>
Manager:
</TD>
<TD>
<%=employee.getManager()%>
</TD>
</TR>
<TR><TD>
Disciplinary Explanation:
</TD>
<TD>
<%=employee.getDisciplinaryActionNotes()%>
</TD>
<TD>
Disciplinary Action Dates:
</TD>
<TD>
<%=employee.getDisciplinaryActionDate()%>
</TD>
</TR>
</Table>
</div>
<div class="lesson_buttons_bottom">
<table width="460" height="20" border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="50">
<%
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), CrossSiteScripting.EDITPROFILE_ACTION))
{
%>
<form method="POST" action="attack?menu=<%=webSession.getCurrentMenu()%>">
<input type="hidden" name="<%=CrossSiteScripting.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
<input type="submit" name="action" value="<%=CrossSiteScripting.LISTSTAFF_ACTION%>"/>
</form></td>
<%
}
%>
<td width="50">
<%
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), CrossSiteScripting.EDITPROFILE_ACTION))
{
%>
<form method="POST" action="attack?menu=<%=webSession.getCurrentMenu()%>">
<input type="hidden" name="<%=CrossSiteScripting.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
<input type="submit" name="action" value="<%=CrossSiteScripting.EDITPROFILE_ACTION%>"/>
</form>
<%
}
%>
</td>
<td width="60">
<%
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), CrossSiteScripting.DELETEPROFILE_ACTION))
{
%>
<form method="POST" action="attack?menu=<%=webSession.getCurrentMenu()%>">
<input type="hidden" name="<%=CrossSiteScripting.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
<input type="submit" name="action" value="<%=CrossSiteScripting.DELETEPROFILE_ACTION%>"/>
</form>
<%
}
%>
</td>
<td width="190">&nbsp;</td>
<td width="76">
<form method="POST">
<input type="submit" name="action" value="<%=CrossSiteScripting.LOGOUT_ACTION%>"/>
</form>
</td>
</tr>
</table>
</div>
<%
if (webSession.getCurrentLesson().getStage(webSession) == 1005)
{
webSession.getCurrentLesson().setStage(webSession, 5);
//System.out.println("Reloading ViewProfile.jsp for stage 5 transition");
String thisPage = webSession.getCurrentLink();
//System.out.println("Redirecting to " + thisPage);
%>
<script language="javascript">location.href="<%=thisPage%>"</script>
<%
}
%>
Reference in New Issue View Git Blame Copy Permalink