dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
WebGoat/webgoat-lessons/password-reset/src/main/resources/html/PasswordReset.html
Tobias-Melzer bbb0b607b2 Added Assignment for Security Questions.
2019-03-26 08:43:38 +01:00

270 lines
14 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<html xmlns:th="http://www.thymeleaf.org">
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:PasswordReset_plan.adoc"></div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:PasswordReset_simple.adoc"></div>
<link rel="stylesheet" type="text/css" th:href="@{/lesson_css/password.css}"/>
<script th:src="@{/lesson_js/bootstrap.min.js}" language="JavaScript"></script>
<script th:src="@{/lesson_js/password-reset-simple.js}" language="JavaScript"></script>
<div class="attack-container">
<img th:src="@{/images/wolf-enabled.png}" class="webwolf-enabled"/>
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<div class="container-fluid">
<div class="row">
<div class="col-md-4">
<form class="attack-form" accept-charset="UNKNOWN" novalidate="novalidate"
method="POST"
action="/WebGoat/PasswordReset/simple-mail"
enctype="application/json;charset=UTF-8">
<div style="padding: 20px;" id="password-login-2">
<h4 style="border-bottom: 1px solid #c5c5c5;"><i class="glyphicon glyphicon-user"></i>
Account
Access</h4>
<fieldset>
<div class="form-group input-group">
<span class="input-group-addon">@</span>
<input class="form-control" placeholder="Email" name="email" type="email"
autofocus=""></input>
</div>
<div class="form-group input-group">
<span class="input-group-addon"><i class="glyphicon glyphicon-lock"></i></span>
<input class="form-control" placeholder="Password" name="password"
type="password" value=""/>
</div>
<div class="form-group">
<button type="submit" class="btn btn-primary btn-block">
Access
</button>
<p class="help-block">
<a class="pull-right text-muted" href="#" id="olvidado"
onclick="showPasswordReset()">
<small>Forgot your password?</small>
</a>
</p>
</div>
</fieldset>
</div>
</form>
<form class="attack-form" accept-charset="UNKNOWN" novalidate="novalidate"
method="POST"
action="/WebGoat/PasswordReset/simple-mail/reset"
enctype="application/json;charset=UTF-8">
<div style="display: none;" id="password-reset-2">
<h4 class="">Forgot your password?</h4>
<fieldset>
<span class="help-block">Please type your e-mail address</span>
<div class="form-group input-group">
<span class="input-group-addon">@</span>
<input class="form-control" placeholder="test1233@webgoat.org" name="emailReset"
type="email"/>
</div>
<button type="submit" class="btn btn-primary btn-block" id="btn-olvidado">Continue
</button>
<p class="help-block">
<a class="text-muted" href="#" id="acceso" onclick="showPassword()">
<small>Account Access</small>
</a>
</p>
</fieldset>
</div>
</form>
</div>
</div>
</div>
<br/>
<br/>
<div class="attack-feedback"></div>
<div class="attack-output"></div>
</div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:PasswordReset_wrong_message.adoc"></div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:PasswordReset_known_questions.adoc"></div>
<link rel="stylesheet" type="text/css" th:href="@{/lesson_css/password.css}"/>
<script th:src="@{/lesson_js/bootstrap.min.js}" language="JavaScript"></script>
<script th:src="@{/lesson_js/password-reset-simple.js}" language="JavaScript"></script>
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<form class="attack-form" accept-charset="UNKNOWN"
method="POST"
action="/WebGoat/PasswordReset/questions"
enctype="application/json;charset=UTF-8">
<div class="container-fluid">
<div class="col-md-4">
<article class="card-body">
<a href="" class="float-right btn btn-outline-primary">Sign up</a>
<a href="" class="float-right btn btn-outline-primary">Login</a>
<h4 class="card-title mb-4 mt-1">WebGoat Password Recovery</h4>
<form>
<div class="form-group">
<label>Your username</label>
<input name="username" class="form-control" placeholder="Username" type="text"/>
</div>
<div class="form-group">
<label>What is your favorite color?</label>
<input class="form-control" placeholder="Answer security question" type="text"
name="securityQuestion"/>
</div>
<div class="form-group">
<button type="submit" class="btn btn-primary btn-block"> Submit</button>
</div>
</form>
</article>
</div>
</div>
</form>
<br/>
<br/>
<div class="attack-feedback"></div>
<div class="attack-output"></div>
</div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:PasswordReset_host_header.adoc"></div>
<div class="attack-container">
<img th:src="@{/images/wolf-enabled.png}" class="webwolf-enabled"/>
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<form class="attack-form" accept-charset="UNKNOWN"
method="POST"
action="/WebGoat/PasswordReset/reset/login"
enctype="application/json;charset=UTF-8">
<div class="container-fluid">
<div class="row">
<div class="col-md-4">
<h4 style="border-bottom: 1px solid #c5c5c5;">
<i class="glyphicon glyphicon-user"></i>
Account Access
</h4>
<div style="padding: 20px;" id="password-login">
<form id="login-form" class="attack-form" accept-charset="UNKNOWN"
method="POST" name="form"
action="/WebGoat/PasswordReset/reset/login"
enctype="application/json;charset=UTF-8" role="form">
<fieldset>
<div class="form-group input-group">
<span class="input-group-addon"> @ </span>
<input class="form-control" placeholder="Email" name="email" type="email"
required="" autofocus=""/>
</div>
<div class="form-group input-group">
<span class="input-group-addon">
<i class="glyphicon glyphicon-lock">
</i>
</span>
<input class="form-control" placeholder="Password" name="password"
type="password"
value="" required=""/>
</div>
<div class="form-group">
<button type="submit" class="btn btn-primary btn-block">
Access
</button>
<p class="help-block">
<a class="pull-right text-muted" href="#" onclick="showPasswordReset()">
<small>Forgot your password?</small>
</a>
</p>
</div>
</fieldset>
</form>
</div>
<div style="display: none;" id="password-reset">
<h4 class="">
Forgot your password?
</h4>
<form class="attack-form" accept-charset="UNKNOWN"
method="POST" name="form"
action="/WebGoat/PasswordReset/reset/create-password-reset-link"
enctype="application/json;charset=UTF-8" role="form">
<fieldset>
<span class="help-block">
Email address you use to log in to your account
<br/>
We'll send you an email with instructions to choose a new password.
</span>
<div class="form-group input-group">
<span class="input-group-addon">
@
</span>
<input class="form-control" placeholder="Email" name="email" type="email"
required=""/>
</div>
<button type="submit" class="btn btn-primary btn-block" id="btn-login">
Continue
</button>
<p class="help-block">
<a class="text-muted" href="#" onclick="showPassword()">
<small>Account Access</small>
</a>
</p>
</fieldset>
</form>
</div>
</div>
</div>
</div>
</form>
<br/>
<div class="attack-feedback"></div>
<div class="attack-output"></div>
</div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:PasswordReset_mitigation.adoc"></div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:PasswordReset_SecurityQuestions.adoc"></div>
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<form class="attack-form" accept-charset="UNKNOWN"
method="POST" name="form"
action="/WebGoat/PasswordReset/SecurityQuestions"
enctype="application/json;charset=UTF-8">
<select name="question">
<option>What is your favorite animal?</option>
<option>In what year was your mother born?</option>
<option>What was the time you were born?</option>
<option>What is the name of the person you first kissed?</option>
<option>What was the house number and street name you lived in as a child?</option>
<option>In what town or city was your first full time job?</option>
<option>In what city were you born?</option>
<option>On which wrist do you were your watch?</option>
<option>What was the last name of your favorite teacher in grade three?</option>
<option>What is the name of a college/job you applied to but didn't attend?</option>
<option>What are the last 5 digits of your drivers license?</option>
<option>What was your childhood nickname?</option>
<option>Who was your childhood hero?</option>
<option>What is your favorite color?</option>
</select>
<input name="Check Question" value="check" type="SUBMIT"/>
</form>
<br/>
<div class="attack-feedback"></div>
<div class="attack-output"></div>
</div>
</div>
</html>
Reference in New Issue View Git Blame Copy Permalink