Skip to content

Commit 713c786

Browse files
author
[email protected]
committed
Allowed other criteria to solve lesson and provide some feedback for acceptable solutions
git-svn-id: http://webgoat.googlecode.com/svn/trunk@464 4033779f-a91e-0410-96ef-6bf7bf53c507
1 parent 930195c commit 713c786

File tree

1 file changed

+14
-0
lines changed
  • webgoat/src/main/java/org/owasp/webgoat/lessons

1 file changed

+14
-0
lines changed

webgoat/src/main/java/org/owasp/webgoat/lessons/DOMXSS.java

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -73,6 +73,10 @@ protected Element doStage2(WebSession s) throws Exception
7373
{
7474
getLessonTracker(s).setStage(3);
7575
s.setMessage("Stage 2 completed. ");
76+
}
77+
else
78+
{
79+
s.setMessage("Only <img onerror... attacks are recognized for success criteria");
7680
}
7781

7882
return (ec);
@@ -91,6 +95,16 @@ protected Element doStage3(WebSession s) throws Exception
9195
{
9296
getLessonTracker(s).setStage(4);
9397
s.setMessage("Stage 3 completed.");
98+
} else if (attackString.toString().toLowerCase().indexOf("iframe") != -1
99+
&& attackString.toString().toLowerCase().indexOf("onload") != -1
100+
&& attackString.toString().toLowerCase().indexOf("alert") != -1)
101+
{
102+
getLessonTracker(s).setStage(3);
103+
s.setMessage("Stage 3 completed. ");
104+
}
105+
else
106+
{
107+
s.setMessage("Only <iframe javascript/onload... attacks are recognized for success criteria");
94108
}
95109
return (ec);
96110
}

0 commit comments

Comments
 (0)