doc
java
org
owasp
webgoat
controller
lessons
ClientSideFiltering
CrossSiteScripting
DBCrossSiteScripting
DBSQLInjection
GoatHillsFinancial
RoleBasedAccessControl
SQLInjection
admin
instructor
model
AbstractLesson.java
AccessControlMatrix.java
BackDoors.java
BasicAuthentication.java
BlindNumericSqlInjection.java
BlindScript.java
BlindStringSqlInjection.java
BypassHtmlFieldRestrictions.java
CSRF.java
Category.java
Challenge2Screen.java
ClientSideValidation.java
CommandInjection.java
ConcurrencyCart.java
CsrfPromptByPass.java
CsrfTokenByPass.java
DOMInjection.java
DOMXSS.java
DOS_Login.java
DangerousEval.java
Encoding.java
FailOpenAuthentication.java
ForcedBrowsing.java
ForgotPassword.java
HiddenFieldTampering.java
HowToWork.java
HtmlClues.java
HttpBasics.java
HttpOnly.java
HttpSplitting.java
InsecureLogin.java
JSONInjection.java
JavaScriptValidation.java
LessonAdapter.java
LogSpoofing.java
MaliciousFileExecution.java
MultiLevelLogin1.java
MultiLevelLogin2.java
NewLesson.java
OffByOne.java
PasswordStrength.java
PathBasedAccessControl.java
Phishing.java
RandomLessonAdapter.java
ReflectedXSS.java
RemoteAdminFlaw.java
SameOriginPolicyProtection.java
SequentialLessonAdapter.java
SessionFixation.java
SilentTransactions.java
SoapRequest.java
SqlAddData.java
SqlModifyData.java
SqlNumericInjection.java
SqlStringInjection.java
StoredXss.java
ThreadSafetyProblem.java
TomcatSetup.java
TraceXSS.java
UncheckedEmail.java
UsefulTools.java
WSDLScanning.java
WeakAuthenticationCookie.java
WeakSessionID.java
WelcomeScreen.java
WsSAXInjection.java
WsSqlInjection.java
XMLInjection.java
XPATHInjection.java
service
servlets
session
util
Catcher.java
HammerHead.java
LessonSource.java
newDesign
resources
scripts
tomcatconf
webapp
.gitignore
README.txt
build.xml
pom.xml
webgoat for SQL Server.bat
webgoat.bat
webgoat.sh
webgoat_8080.bat
webscarab.bat
6a96547ef0
git-svn-id: http://webgoat.googlecode.com/svn/branches/webgoat-6.0@485 4033779f-a91e-0410-96ef-6bf7bf53c507
317 lines
9.5 KiB
Java
317 lines
9.5 KiB
Java
/*
|
|
* Created on May 26, 2005 TODO To change the template for this generated file go to Window -
|
|
* Preferences - Java - Code Style - Code Templates
|
|
*/
|
|
|
|
package org.owasp.webgoat.lessons;
|
|
|
|
import java.rmi.RemoteException;
|
|
import java.sql.Connection;
|
|
import java.sql.PreparedStatement;
|
|
import java.sql.ResultSet;
|
|
import java.sql.SQLException;
|
|
import java.util.ArrayList;
|
|
import java.util.List;
|
|
import javax.xml.namespace.QName;
|
|
import javax.xml.rpc.ParameterMode;
|
|
import javax.xml.rpc.ServiceException;
|
|
import org.apache.axis.client.Call;
|
|
import org.apache.axis.client.Service;
|
|
import org.apache.axis.encoding.XMLType;
|
|
import org.apache.ecs.Element;
|
|
import org.apache.ecs.ElementContainer;
|
|
import org.apache.ecs.html.A;
|
|
import org.apache.ecs.html.BR;
|
|
import org.apache.ecs.html.IMG;
|
|
import org.apache.ecs.html.Input;
|
|
import org.apache.ecs.html.Option;
|
|
import org.apache.ecs.html.P;
|
|
import org.apache.ecs.html.Select;
|
|
import org.apache.ecs.html.TD;
|
|
import org.apache.ecs.html.TR;
|
|
import org.apache.ecs.html.Table;
|
|
import org.owasp.webgoat.session.DatabaseUtilities;
|
|
import org.owasp.webgoat.session.ECSFactory;
|
|
import org.owasp.webgoat.session.WebSession;
|
|
import org.owasp.webgoat.session.WebgoatContext;
|
|
|
|
|
|
/***************************************************************************************************
|
|
*
|
|
*
|
|
* This file is part of WebGoat, an Open Web Application Security Project utility. For details,
|
|
* please see http://www.owasp.org/
|
|
*
|
|
* Copyright (c) 2002 - 2007 Bruce Mayhew
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify it under the terms of the
|
|
* GNU General Public License as published by the Free Software Foundation; either version 2 of the
|
|
* License, or (at your option) any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
|
|
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
* General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License along with this program; if
|
|
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
|
|
* 02111-1307, USA.
|
|
*
|
|
* Getting Source ==============
|
|
*
|
|
* Source for this application is maintained at code.google.com, a repository for free software
|
|
* projects.
|
|
*
|
|
* For details, please see http://code.google.com/p/webgoat/
|
|
*
|
|
* @author asmolen
|
|
*
|
|
* TODO To change the template for this generated type comment go to Window - Preferences -
|
|
* Java - Code Style - Code Templates
|
|
*/
|
|
public class WSDLScanning extends LessonAdapter
|
|
{
|
|
|
|
static boolean completed = false;
|
|
|
|
static boolean beenRestartedYet = false;
|
|
|
|
public final static String firstName = "getFirstName";
|
|
|
|
public final static String lastName = "getLastName";
|
|
|
|
public final static String loginCount = "getLoginCount";
|
|
|
|
public final static String ccNumber = "getCreditCard";
|
|
|
|
final static IMG CREDITS_LOGO = new IMG("images/logos/parasoft.jpg").setAlt("Parasoft").setBorder(0).setHspace(0)
|
|
.setVspace(0);
|
|
|
|
private static WebgoatContext webgoatContext;
|
|
|
|
/**
|
|
* We maintain a static reference to WebgoatContext, since this class is also automatically
|
|
* instantiated by the Axis web services module, which does not call setWebgoatContext()
|
|
* (non-Javadoc)
|
|
*
|
|
* @see org.owasp.webgoat.lessons.AbstractLesson#setWebgoatContext(org.owasp.webgoat.session.WebgoatContext)
|
|
*/
|
|
@Override
|
|
public void setWebgoatContext(WebgoatContext webgoatContext)
|
|
{
|
|
WSDLScanning.webgoatContext = webgoatContext;
|
|
}
|
|
|
|
@Override
|
|
public WebgoatContext getWebgoatContext()
|
|
{
|
|
return WSDLScanning.webgoatContext;
|
|
}
|
|
|
|
protected Category getDefaultCategory()
|
|
{
|
|
return Category.WEB_SERVICES;
|
|
}
|
|
|
|
protected List<String> getHints(WebSession s)
|
|
{
|
|
List<String> hints = new ArrayList<String>();
|
|
hints.add("Try connecting to the WSDL with a browser or Web Service tool.");
|
|
hints.add("Sometimes the WSDL will define methods that are not available through a web API. "
|
|
+ "Try to find operations that are in the WSDL, but not part of this API");
|
|
hints.add("The URL for the web service is: http://localhost/webgoat/services/WSDLScanning <br>"
|
|
+ "The WSDL can usually be viewed by adding a ?WSDL on the end of the request.");
|
|
hints.add("Look in the WSDL for the getCreditCard operation and insert the field in an intercepted request.");
|
|
return hints;
|
|
}
|
|
|
|
private final static Integer DEFAULT_RANKING = new Integer(120);
|
|
|
|
protected Integer getDefaultRanking()
|
|
{
|
|
return DEFAULT_RANKING;
|
|
}
|
|
|
|
public String getTitle()
|
|
{
|
|
return "WSDL Scanning";
|
|
}
|
|
|
|
public Object accessWGService(WebSession s, String serv, int port, String proc, String parameterName, Object parameterValue)
|
|
{
|
|
String targetNamespace = "WebGoat";
|
|
try
|
|
{
|
|
QName serviceName = new QName(targetNamespace, serv);
|
|
QName operationName = new QName(targetNamespace, proc);
|
|
Service service = new Service();
|
|
Call call = (Call) service.createCall();
|
|
call.setOperationName(operationName);
|
|
call.addParameter(parameterName, serviceName, ParameterMode.INOUT);
|
|
call.setReturnType(XMLType.XSD_STRING);
|
|
call.setUsername("guest");
|
|
call.setPassword("guest");
|
|
call.setTargetEndpointAddress("http://localhost:" + port + "/" + s.getRequest().getContextPath() + "/services/" + serv);
|
|
Object result = call.invoke(new Object[] { parameterValue });
|
|
return result;
|
|
} catch (RemoteException e)
|
|
{
|
|
e.printStackTrace();
|
|
} catch (ServiceException e)
|
|
{
|
|
e.printStackTrace();
|
|
} catch (Exception e)
|
|
{
|
|
e.printStackTrace();
|
|
}
|
|
return null;
|
|
}
|
|
|
|
protected Element createContent(WebSession s)
|
|
{
|
|
ElementContainer ec = new ElementContainer();
|
|
|
|
Table t1 = new Table().setCellSpacing(0).setCellPadding(2);
|
|
|
|
if (s.isColor())
|
|
{
|
|
t1.setBorder(1);
|
|
}
|
|
TR tr = new TR();
|
|
tr.addElement(new TD("Enter your account number: "));
|
|
tr.addElement(new TD(new Input(Input.TEXT, "id", "101")));
|
|
t1.addElement(tr);
|
|
|
|
tr = new TR();
|
|
tr.addElement(new TD("Select the fields to return: "));
|
|
tr.addElement(new TD(new Select("field").setMultiple(true).addElement(
|
|
new Option(firstName)
|
|
.addElement("First Name"))
|
|
.addElement(new Option(lastName).addElement("Last Name"))
|
|
.addElement(new Option(loginCount).addElement("Login Count"))));
|
|
t1.addElement(tr);
|
|
|
|
tr = new TR();
|
|
Element b = ECSFactory.makeButton("Submit");
|
|
tr.addElement(new TD(b).setAlign("CENTER").setColSpan(2));
|
|
t1.addElement(tr);
|
|
|
|
ec.addElement(t1);
|
|
|
|
try
|
|
{
|
|
String[] fields = s.getParser().getParameterValues("field");
|
|
int id = s.getParser().getIntParameter("id");
|
|
|
|
Table t = new Table().setCellSpacing(0).setCellPadding(2).setBorder(1);
|
|
|
|
if (s.isColor())
|
|
{
|
|
t.setBorder(1);
|
|
}
|
|
TR header = new TR();
|
|
TR results = new TR();
|
|
int port = s.getRequest().getServerPort();
|
|
for (int i = 0; i < fields.length; i++)
|
|
{
|
|
header.addElement(new TD().addElement(fields[i]));
|
|
results.addElement(new TD().addElement((String) accessWGService(s, "WSDLScanning", port, fields[i],
|
|
"acct_num", new Integer(id))));
|
|
}
|
|
if (fields.length == 0)
|
|
{
|
|
s.setMessage("Please select a value to return.");
|
|
}
|
|
t.addElement(header);
|
|
t.addElement(results);
|
|
ec.addElement(new P().addElement(t));
|
|
} catch (Exception e)
|
|
{
|
|
|
|
}
|
|
try
|
|
{
|
|
A a = new A("services/WSDLScanning?WSDL", "WebGoat WSDL File");
|
|
ec.addElement(new P()
|
|
.addElement("View the web services definition language (WSDL) to see the complete API:"));
|
|
ec.addElement(new BR());
|
|
ec.addElement(a);
|
|
// getLessonTracker( s ).setCompleted( completed );
|
|
|
|
if (completed && !getLessonTracker(s).getCompleted() && !beenRestartedYet)
|
|
{
|
|
makeSuccess(s);
|
|
beenRestartedYet = true;
|
|
}
|
|
else if (completed && !getLessonTracker(s).getCompleted() && beenRestartedYet)
|
|
{
|
|
completed = false;
|
|
beenRestartedYet = false;
|
|
}
|
|
|
|
// accessWGService("WSDLScanning", "getCreditCard", "acct_num", new Integer(101));
|
|
} catch (Exception e)
|
|
{
|
|
s.setMessage("Error generating " + this.getClass().getName());
|
|
e.printStackTrace();
|
|
}
|
|
return (ec);
|
|
}
|
|
|
|
public String getResults(int id, String field)
|
|
{
|
|
try
|
|
{
|
|
Connection connection = DatabaseUtilities.getConnection("guest", getWebgoatContext());
|
|
PreparedStatement ps = connection.prepareStatement("SELECT * FROM user_data WHERE userid = ?");
|
|
ps.setInt(1, id);
|
|
try
|
|
{
|
|
ResultSet results = ps.executeQuery();
|
|
if ((results != null) && (results.next() == true)) { return results.getString(field); }
|
|
} catch (SQLException sqle)
|
|
{
|
|
}
|
|
} catch (Exception e)
|
|
{
|
|
}
|
|
return null;
|
|
}
|
|
|
|
public String getCreditCard(int id)
|
|
{
|
|
String result = getResults(id, "cc_number");
|
|
if (result != null)
|
|
{
|
|
completed = true;
|
|
return result;
|
|
}
|
|
return null;
|
|
}
|
|
|
|
public String getFirstName(int id)
|
|
{
|
|
String result = getResults(id, "first_name");
|
|
if (result != null) { return result; }
|
|
return null;
|
|
}
|
|
|
|
public String getLastName(int id)
|
|
{
|
|
String result = getResults(id, "last_name");
|
|
if (result != null) { return result; }
|
|
return null;
|
|
}
|
|
|
|
public String getLoginCount(int id)
|
|
{
|
|
String result = getResults(id, "login_count");
|
|
if (result != null) { return result; }
|
|
return null;
|
|
}
|
|
|
|
public Element getCredits()
|
|
{
|
|
return super.getCustomCredits("By Alex Smolen", CREDITS_LOGO);
|
|
}
|
|
|
|
} |