Exemplo n.º 1
0
  /**
   * Adds a feature to the Message attribute of the MessageBoardScreen object
   *
   * @param s The feature to be added to the Message attribute
   */
  protected void addMessage(WebSession s) {
    try {
      String title = HtmlEncoder.encode(s.getParser().getRawParameter(TITLE, ""));
      String message = s.getParser().getRawParameter(MESSAGE, "");

      Connection connection = DatabaseUtilities.getConnection(s);

      String query = "INSERT INTO messages VALUES (?, ?, ?, ?, ? )";

      PreparedStatement statement =
          connection.prepareStatement(
              query, ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY);
      statement.setInt(1, count++);
      statement.setString(2, title);
      statement.setString(3, message);
      statement.setString(4, s.getUserName());
      statement.setString(5, this.getClass().getName());
      statement.execute();
    } catch (Exception e) {
      // ignore the empty resultset on the insert. There are a few more SQL Injection errors
      // that could be trapped here but we will let them try. One error would be something
      // like "Characters found after end of SQL statement."
      if (e.getMessage().indexOf("No ResultSet was produced") == -1) {
        s.setMessage(WebGoatI18N.get("CouldNotAddMessage"));
      }
      e.printStackTrace();
    }
  }
 public String getResults(int id, String field) {
   try {
     Connection connection = DatabaseUtilities.getConnection("guest", getWebgoatContext());
     PreparedStatement ps =
         connection.prepareStatement("SELECT * FROM user_data WHERE userid = ?");
     ps.setInt(1, id);
     try {
       ResultSet results = ps.executeQuery();
       if ((results != null) && (results.next() == true)) {
         return results.getString(field);
       }
     } catch (SQLException sqle) {
     }
   } catch (Exception e) {
   }
   return null;
 }
Exemplo n.º 3
0
  /**
   * Description of the Method
   *
   * @param s Description of the Parameter
   * @return Description of the Return Value
   */
  public Element makeList(WebSession s) {
    Table t = new Table(0).setCellSpacing(0).setCellPadding(0).setBorder(0);

    try {
      Connection connection = DatabaseUtilities.getConnection(s);

      // edit by Chuck Willis - Added logic to associate similar usernames
      // The idea is that users chuck-1, chuck-2, etc will see each other's messages
      // but not anyone elses. This allows users to try out XSS to grab another user's
      // cookies, but not get confused by other users scripts

      String query = "SELECT * FROM messages WHERE user_name LIKE ? and lesson_type = ?";
      PreparedStatement statement =
          connection.prepareStatement(
              query, ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY);
      statement.setString(1, getNameroot(s.getUserName()) + "%");
      statement.setString(2, getClass().getName());
      ResultSet results = statement.executeQuery();

      if ((results != null) && (results.first() == true)) {
        results.beforeFirst();

        for (int i = 0; results.next(); i++) {
          A a = ECSFactory.makeLink(results.getString(TITLE_COL), NUMBER, results.getInt(NUM_COL));
          TD td = new TD().addElement(a);
          TR tr = new TR().addElement(td);
          t.addElement(tr);
        }
      }
    } catch (Exception e) {
      s.setMessage(WebGoatI18N.get("ErrorGeneratingMessageList"));
    }

    ElementContainer ec = new ElementContainer();
    ec.addElement(new H1(WebGoatI18N.get("MessageList")));
    ec.addElement(t);

    return (ec);
  }
Exemplo n.º 4
0
  /**
   * Description of the Method
   *
   * @param s Description of the Parameter
   * @return Description of the Return Value
   */
  protected Element makeCurrent(WebSession s) {
    ElementContainer ec = new ElementContainer();

    try {
      int messageNum = s.getParser().getIntParameter(NUMBER, 0);

      Connection connection = DatabaseUtilities.getConnection(s);

      // edit by Chuck Willis - Added logic to associate similar usernames
      // The idea is that users chuck-1, chuck-2, etc will see each other's messages
      // but not anyone elses. This allows users to try out XSS to grab another user's
      // cookies, but not get confused by other users scripts

      String query =
          "SELECT * FROM messages WHERE user_name LIKE ? and num = ? and lesson_type = ?";
      PreparedStatement statement =
          connection.prepareStatement(
              query, ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY);
      statement.setString(1, getNameroot(s.getUserName()) + "%");
      statement.setInt(2, messageNum);
      statement.setString(3, this.getClass().getName());
      ResultSet results = statement.executeQuery();

      if ((results != null) && results.first()) {
        ec.addElement(
            new H1(WebGoatI18N.get("MessageContentsFor") + ": " + results.getString(TITLE_COL)));
        Table t = new Table(0).setCellSpacing(0).setCellPadding(0).setBorder(0);
        TR row1 = new TR(new TD(new B(new StringElement(WebGoatI18N.get("Title") + ":"))));
        row1.addElement(new TD(new StringElement(results.getString(TITLE_COL))));
        t.addElement(row1);

        String messageData = results.getString(MESSAGE_COL);
        TR row2 = new TR(new TD(new B(new StringElement(WebGoatI18N.get("Message") + ":"))));
        row2.addElement(new TD(new StringElement(messageData)));
        t.addElement(row2);

        // Edited by Chuck Willis - added display of the user who posted the message, so
        // that
        // if users use a cross site request forgery or XSS to make another user post a
        // message,
        // they can see that the message is attributed to that user

        TR row3 = new TR(new TD(new StringElement(WebGoatI18N.get("PostedBy") + ":")));
        row3.addElement(new TD(new StringElement(results.getString(USER_COL))));
        t.addElement(row3);

        ec.addElement(t);

        // Some sanity checks that the script may be correct
        if (messageData.toLowerCase().indexOf("<script>") != -1
            && messageData.toLowerCase().indexOf("</script>") != -1
            && messageData.toLowerCase().indexOf("alert") != -1) {
          makeSuccess(s);
        }

      } else {
        if (messageNum != 0) {
          ec.addElement(new P().addElement(WebGoatI18N.get("CouldNotFindMessage") + messageNum));
        }
      }
    } catch (Exception e) {
      s.setMessage(WebGoatI18N.get("ErrorGenerating") + this.getClass().getName());
      e.printStackTrace();
    }

    return (ec);
  }