Challenge cannot be completed - URL for Show Java wrong

Question

Challenge cannot be completed - URL for Show Java wrong

Closed this issue 9 years ago · 1 comments

GoogleCodeExporter commented 9 years ago

What steps will reproduce the problem?
1. Spider the entire WebGoat app using WebScarab. There are no examples of 
/source?
source=true anywhere, only /source
2. Go to the Challenge. I dare you to get in now with the URL that students can 
find. 

What is the expected output? What do you see instead?

To get into the Java source without knowing a magic string hidden away. Can't 
get into the Java 
Source to get the password.

What version of the product are you using? On what operating system?

Latest from SVN. MacOS X 10.5 (same result on XP SP 2 with IE 6.0)

Please provide any additional information below.

Original issue reported on code.google.com by vande...@gmail.com on 4 Apr 2008 at 3:35

Answer 1 · 2016-02-17T22:52:55.000Z

By clicking on the "show java" button, the following HTTP Request is generated.

Notice the "source=true"

GET http://localhost/WebGoat/source?source=true HTTP/1.0
Accept: */*
Accept-Language: en-us
Cookie: JSESSIONID=87A2DF9D2A9689611234B71E3F8FCAC8
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR
1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648) 
Paros/3.2.13
Host: localhost
Proxy-Connection: Keep-Alive
Authorization: Basic Z3Vlc3Q6Z3Vlc3Q=

Original comment by mayhe...@gmail.com on 4 Apr 2008 at 12:37

Changed state: WontFix