From ad137ce33db8761ddbe1dabbff4da7bc75489bf9 Mon Sep 17 00:00:00 2001
From: chetanj <chetanj@chetanj-e7270.internal.synopsys.com>
Date: Thu, 11 Jul 2019 15:59:30 -0700
Subject: [PATCH 1/2] Modified to work with latest WG8M25

---
 .../webgoat/selenium/ChromeScript.java        | 30 ++++++++++++++-----
 1 file changed, 22 insertions(+), 8 deletions(-)

diff --git a/src/main/java/com/contrastsecurity/webgoat/selenium/ChromeScript.java b/src/main/java/com/contrastsecurity/webgoat/selenium/ChromeScript.java
index 8702292..8e09803 100644
--- a/src/main/java/com/contrastsecurity/webgoat/selenium/ChromeScript.java
+++ b/src/main/java/com/contrastsecurity/webgoat/selenium/ChromeScript.java
@@ -46,15 +46,26 @@ public static void run(String un, String pw, String url, boolean headless, Strin
                 driver.findElement(By.className("btn-primary")).click();
             }
 
+         // Navigate to String SQL Injection section
+/*            driver.get(url + "/start.mvc#lesson/SqlInjection.lesson/1");
+            delay(1000);
+            retryingFindSendKeys(driver, By.xpath("//*[@id=\"lesson-content-wrapper\"]/div[6]/div[4]/div[2]/form/table/tbody/tr/td[2]/input"), "select department from employees where first_name='Bob'");
+            driver.findElement(By.xpath("//*[@id=\"lesson-content-wrapper\"]/div[6]/div[4]/div[2]/form/table/tbody/tr[2]/td/button")).click();
+            
+            *///New addition
+            
             // Navigate to String SQL Injection section
-            driver.get(url + "/start.mvc#lesson/SqlInjection.lesson/6");
+            driver.get(url + "/start.mvc#lesson/SqlInjection.lesson/8");
             delay(1000);
-            retryingFindSendKeys(driver, By.xpath("//*[@id=\"lesson-content-wrapper\"]/div[6]/div[9]/div[2]/form/table/tbody/tr/td[2]/input"), "' OR '1'='1");
+            retryingFindSendKeys(driver, By.xpath("//*[@id=\"lesson-content-wrapper\"]/div[6]/div[9]/div[2]/form/table/tbody/tr/td[2]/input"), "'");
+            retryingFindSendKeys(driver, By.xpath("//*[@id=\"lesson-content-wrapper\"]/div[6]/div[9]/div[2]/form/table/tbody/tr/td[3]/input"), " OR ");
+            retryingFindSendKeys(driver, By.xpath("//*[@id=\"lesson-content-wrapper\"]/div[6]/div[9]/div[2]/form/table/tbody/tr/td[4]/input"), "'1'='1");
             // driver.findElement(By.name("account")).sendKeys("' OR '1'='1");
             driver.findElement(By.name("Get Account Info")).click();
 
             // Navigate to Numeric SQL Injection section
-            driver.get(url + "/start.mvc#lesson/SqlInjection.lesson/7");
+            driver.get(url + "/start.mvc#lesson/SqlInjection.lesson/9");
+            driver.findElement(By.name("login_count")).sendKeys("1");
             driver.findElement(By.name("userid")).sendKeys("1 OR 1=1");
             driver.findElement(By.xpath("/html/body/section/section/section/div[1]/div[1]/div/div/div/div[6]/div[10]/div[2]/form/table/tbody/tr/td[3]/input")).click();
 
@@ -62,7 +73,7 @@ public static void run(String un, String pw, String url, boolean headless, Strin
             driver.get(url + "/start.mvc#lesson/SqlInjectionAdvanced.lesson/2");
             driver.findElement(By.name("userid_6a")).sendKeys("Smith'; SELECT * FROM user_system_data WHERE '1'='1");
             driver.findElement(By.name("Get Account Info")).click();
-            driver.findElement(By.name("userid_6b")).sendKeys("dave");
+            driver.findElement(By.name("userid_6b")).sendKeys("passW0rD");
             driver.findElement(By.xpath("/html/body/section/section/section/div[1]/div[1]/div/div/div/div[6]/div[5]/div[3]/form/table/tbody/tr/td[3]/input")).click();
 
             driver.get(url + "/start.mvc#lesson/SqlInjectionAdvanced.lesson/4");
@@ -71,10 +82,13 @@ public static void run(String un, String pw, String url, boolean headless, Strin
             driver.findElement(By.id("login-submit")).click();
 
             // SQL Injection (mitigations)
-            driver.navigate().to(url + "/start.mvc#lesson/SqlInjectionMitigations.lesson/7");
-            delay(1000);
-            driver.findElement(By.xpath("/html/body/section/section/section/div[1]/div[1]/div/div/div/div[6]/div[10]/div[3]/form[1]/div/div/div/table/thead/tr/th[4]/span")).click();
-
+			/*
+			 * driver.navigate().to(url +
+			 * "/start.mvc#lesson/SqlInjectionMitigations.lesson/7"); delay(1000);
+			 * driver.findElement(By.xpath(
+			 * "/html/body/section/section/section/div[1]/div[1]/div/div/div/div[6]/div[10]/div[3]/form[1]/div/div/div/table/thead/tr/th[4]/span"
+			 * )).click();
+			 */
             // XXE (page 3)
             driver.navigate().to(url + "/start.mvc#lesson/XXE.lesson/2");
             driver.findElement(By.id("commentInputSimple")).sendKeys("Test comment");

From 6972b8d05f817ef3de59af1f51fcf6ed23b14a12 Mon Sep 17 00:00:00 2001
From: chetanj <chetanj@chetanj-e7270.internal.synopsys.com>
Date: Fri, 12 Jul 2019 15:38:59 -0700
Subject: [PATCH 2/2] Fixed issue for WebGoat 8.25

---
 .../webgoat/selenium/ChromeScript.java        | 43 +++++++++----------
 1 file changed, 21 insertions(+), 22 deletions(-)

diff --git a/src/main/java/com/contrastsecurity/webgoat/selenium/ChromeScript.java b/src/main/java/com/contrastsecurity/webgoat/selenium/ChromeScript.java
index 8e09803..366cb52 100644
--- a/src/main/java/com/contrastsecurity/webgoat/selenium/ChromeScript.java
+++ b/src/main/java/com/contrastsecurity/webgoat/selenium/ChromeScript.java
@@ -46,82 +46,80 @@ public static void run(String un, String pw, String url, boolean headless, Strin
                 driver.findElement(By.className("btn-primary")).click();
             }
 
-         // Navigate to String SQL Injection section
-/*            driver.get(url + "/start.mvc#lesson/SqlInjection.lesson/1");
-            delay(1000);
-            retryingFindSendKeys(driver, By.xpath("//*[@id=\"lesson-content-wrapper\"]/div[6]/div[4]/div[2]/form/table/tbody/tr/td[2]/input"), "select department from employees where first_name='Bob'");
-            driver.findElement(By.xpath("//*[@id=\"lesson-content-wrapper\"]/div[6]/div[4]/div[2]/form/table/tbody/tr[2]/td/button")).click();
-            
-            *///New addition
-            
-            // Navigate to String SQL Injection section
+             // Navigate to String SQL Injection section
             driver.get(url + "/start.mvc#lesson/SqlInjection.lesson/8");
             delay(1000);
-            retryingFindSendKeys(driver, By.xpath("//*[@id=\"lesson-content-wrapper\"]/div[6]/div[9]/div[2]/form/table/tbody/tr/td[2]/input"), "'");
-            retryingFindSendKeys(driver, By.xpath("//*[@id=\"lesson-content-wrapper\"]/div[6]/div[9]/div[2]/form/table/tbody/tr/td[3]/input"), " OR ");
-            retryingFindSendKeys(driver, By.xpath("//*[@id=\"lesson-content-wrapper\"]/div[6]/div[9]/div[2]/form/table/tbody/tr/td[4]/input"), "'1'='1");
-            // driver.findElement(By.name("account")).sendKeys("' OR '1'='1");
-            driver.findElement(By.name("Get Account Info")).click();
+            driver.findElement(By.name("account")).sendKeys("'");
+            driver.findElement(By.name("operator")).sendKeys(" OR ");
+            driver.findElement(By.name("injection")).sendKeys("'1'='1");
+            driver.findElement(By.xpath("/html/body/section/section/section/div[1]/div[1]/div/div/div/div[6]/div[11]/div[2]/form/table/tbody/tr/td[5]/input")).click();
 
             // Navigate to Numeric SQL Injection section
             driver.get(url + "/start.mvc#lesson/SqlInjection.lesson/9");
+            delay(1000);
             driver.findElement(By.name("login_count")).sendKeys("1");
             driver.findElement(By.name("userid")).sendKeys("1 OR 1=1");
-            driver.findElement(By.xpath("/html/body/section/section/section/div[1]/div[1]/div/div/div/div[6]/div[10]/div[2]/form/table/tbody/tr/td[3]/input")).click();
+            driver.findElement(By.xpath("/html/body/section/section/section/div[1]/div[1]/div/div/div/div[6]/div[12]/div[2]/form/table/tbody/tr[3]/td[2]/input")).click();
 
             // Navigate to SQL Injection (advanced)
             driver.get(url + "/start.mvc#lesson/SqlInjectionAdvanced.lesson/2");
+            delay(1000);
             driver.findElement(By.name("userid_6a")).sendKeys("Smith'; SELECT * FROM user_system_data WHERE '1'='1");
             driver.findElement(By.name("Get Account Info")).click();
             driver.findElement(By.name("userid_6b")).sendKeys("passW0rD");
             driver.findElement(By.xpath("/html/body/section/section/section/div[1]/div[1]/div/div/div/div[6]/div[5]/div[3]/form/table/tbody/tr/td[3]/input")).click();
 
             driver.get(url + "/start.mvc#lesson/SqlInjectionAdvanced.lesson/4");
+            delay(1000);
             driver.findElement(By.id("username4")).sendKeys("username");
             driver.findElement(By.id("password4")).sendKeys("password");
             driver.findElement(By.id("login-submit")).click();
 
             // SQL Injection (mitigations)
-			/*
-			 * driver.navigate().to(url +
-			 * "/start.mvc#lesson/SqlInjectionMitigations.lesson/7"); delay(1000);
-			 * driver.findElement(By.xpath(
-			 * "/html/body/section/section/section/div[1]/div[1]/div/div/div/div[6]/div[10]/div[3]/form[1]/div/div/div/table/thead/tr/th[4]/span"
-			 * )).click();
-			 */
+            driver.navigate().to(url + "/start.mvc#lesson/SqlInjectionMitigations.lesson/9");
+            delay(1000);
+            driver.findElement(By.xpath("/html/body/section/section/section/div[1]/div[1]/div/div/div/div[6]/div[12]/div[3]/form[1]/div/div/div/table/thead/tr/th[4]/span")).click();
+
             // XXE (page 3)
             driver.navigate().to(url + "/start.mvc#lesson/XXE.lesson/2");
+            delay(1000);
             driver.findElement(By.id("commentInputSimple")).sendKeys("Test comment");
             driver.findElement(By.id("postCommentSimple")).submit();
 
             // XXE (page 4)
             driver.navigate().to(url + "/start.mvc#lesson/XXE.lesson/3");
+            delay(1000);
             retryingFindSendKeys(driver, By.id("commentInputContentType"), "Test comment 2");
             // driver.findElement(By.id("commentInputContentType")).sendKeys("Test comment 2");
             driver.findElement(By.id("postCommentContentType")).submit();
 
             //XXE (page 7)
             driver.navigate().to(url + "/start.mvc#lesson/XXE.lesson/6");
+            delay(1000);
             driver.findElement(By.id("commentInputBlind")).sendKeys("Test comment 3");
             driver.findElement(By.id("postCommentBlind")).submit();
 
             // XSS (page 2)
             driver.navigate().to(url + "/start.mvc#lesson/CrossSiteScripting.lesson/1");
+            delay(1000);
             driver.findElement(By.xpath("/html/body/section/section/section/div[1]/div[1]/div/div/div/div[6]/div[4]/div[3]/div[1]/form/table/tbody/tr/td[2]/input")).sendKeys("Yes");
             driver.findElement(By.xpath("/html/body/section/section/section/div[1]/div[1]/div/div/div/div[6]/div[4]/div[3]/div[1]/form/table/tbody/tr/td[3]/input")).submit();
 
             // XSS (page 7)
             driver.navigate().to(url + "/start.mvc#lesson/CrossSiteScripting.lesson/6");
+            delay(1000);
             driver.findElement(By.xpath("/html/body/section/section/section/div[1]/div[1]/div/div/div/div[6]/div[9]/div[2]/div[1]/form/table[2]/tbody/tr[1]/td[3]/input")).submit();
             driver.findElement(By.xpath("/html/body/section/section/section/div[1]/div[1]/div/div/div/div[6]/div[9]/div[2]/div[1]/form/table[2]/tbody/tr[5]/td/input")).submit();
 
             // XSS (page 10)
             driver.navigate().to(url + "/start.mvc#lesson/CrossSiteScripting.lesson/9");
+            delay(1000);
             driver.findElement(By.xpath("/html/body/section/section/section/div[1]/div[1]/div/div/div/div[6]/div[12]/div[2]/form/input[1]")).sendKeys("Test");
             driver.findElement(By.name("SubmitTestRoute")).submit();
 
             // XSS (page 11)
             driver.navigate().to(url + "/start.mvc#lesson/CrossSiteScripting.lesson/10");
+            delay(1000);
             driver.findElement(By.name("successMessage")).sendKeys("Test");
             driver.findElement(By.name("submitMessage")).submit();
 
@@ -134,6 +132,7 @@ public static void run(String un, String pw, String url, boolean headless, Strin
 
             // Insecure Direct Object References (page 3)
             driver.navigate().to(url + "/start.mvc#lesson/IDOR.lesson/2");
+            delay(1000);
             driver.findElement(By.xpath("/html/body/section/section/section/div[1]/div[1]/div/div/div/div[6]/div[5]/div[2]/form/input")).submit();
             driver.findElement(By.name("attributes")).sendKeys("role,userId");
             driver.findElement(By.name("Submit Diffs")).submit();