diff --git a/README b/README
index a5ce616c..b328fb3e 100644
--- a/README
+++ b/README
@@ -47,18 +47,16 @@ How To Build And Run under Mac OS X and Linux:
9. Click on 'Test Configuration', followed by 'Rebuild Database' and
hopefully you should be good go! Enjoy your hackathon!
-How to build and run under Windows:
- 1. Prerequisites:
+How to build and run under Windows with MySql:
+ 1. Prerequisites:
a. Visual Studio 2010 and above.
- b. Mysql database that's up and running with at least one user
- aleady setup with full permissions.
+ b. Create a Mysql database with empty database and at least one user with full permissions.
2. Open WebGoat.sln file via Visual Studio, and click on debug.
3. You should see the WebGoat.NET page at which point click on
'Set Up Database'.
- 3. You should see a form with a bunch of setup information for the
- database. For 'Data Provider' choose MySql. You'll need to fill in
- the respective data entries for your mysql db. 'Client Executable'
- and 'Data File Path' are not necessary for MySql so you can leave
- them empty.
- 4. Click on 'Test Configuration', followed by 'Rebuild Database' and
+ 4. You should see a form with a bunch of setup information for the
+ database. Some placeholder text is already entered for you.
+ Edit it to match your configuration.
+ 'Data File Path' is not necessary for MySql so you can leave it empty.
+ 5. Click on 'Test Configuration', followed by 'Rebuild Database' and
hopefully you should be good go! Enjoy your hackathon!
diff --git a/UpgradeLog.htm b/UpgradeLog.htm
new file mode 100644
index 00000000..2c289d6d
Binary files /dev/null and b/UpgradeLog.htm differ
diff --git a/WebGoat.NET.sln b/WebGoat.NET.sln
index 89f8133c..9758d3de 100644
--- a/WebGoat.NET.sln
+++ b/WebGoat.NET.sln
@@ -1,6 +1,8 @@
-Microsoft Visual Studio Solution File, Format Version 11.00
-# Visual Studio 2010
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio 14
+VisualStudioVersion = 14.0.24720.0
+MinimumVisualStudioVersion = 10.0.40219.1
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "WebGoat.NET", "WebGoat\WebGoat.NET.csproj", "{83B04441-0F79-4424-AAD0-46E0C3CDDAA1}"
EndProject
Global
@@ -14,6 +16,9 @@ Global
{83B04441-0F79-4424-AAD0-46E0C3CDDAA1}.Release|Any CPU.ActiveCfg = Release|Any CPU
{83B04441-0F79-4424-AAD0-46E0C3CDDAA1}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
+ GlobalSection(SolutionProperties) = preSolution
+ HideSolutionNode = FALSE
+ EndGlobalSection
GlobalSection(MonoDevelopProperties) = preSolution
StartupItem = WebGoat\WebGoat.NET.csproj
Policies = $0
@@ -23,7 +28,7 @@ Global
$0.StandardHeader = $2
$2.Text =
$2.IncludeInNewFiles = True
- $0.TextStylePolicy = $3
+ $0.TextStylePolicy = $34
$3.inheritsSet = null
$3.scope = text/x-csharp
$0.CSharpFormattingPolicy = $4
@@ -46,28 +51,25 @@ Global
$4.inheritsSet = Mono
$4.inheritsScope = text/x-csharp
$4.scope = text/x-csharp
- $0.TextStylePolicy = $5
$5.FileWidth = 120
$5.inheritsSet = VisualStudio
$5.inheritsScope = text/plain
$5.scope = text/plain
$0.NameConventionPolicy = $6
$6.Rules = $7
- $7.NamingRule = $8
+ $7.NamingRule = $32
$8.Name = Namespaces
$8.AffectedEntity = Namespace
$8.VisibilityMask = VisibilityMask
$8.NamingStyle = PascalCase
$8.IncludeInstanceMembers = True
$8.IncludeStaticEntities = True
- $7.NamingRule = $9
$9.Name = Types
$9.AffectedEntity = Class, Struct, Enum, Delegate
$9.VisibilityMask = VisibilityMask
$9.NamingStyle = PascalCase
$9.IncludeInstanceMembers = True
$9.IncludeStaticEntities = True
- $7.NamingRule = $10
$10.Name = Interfaces
$10.RequiredPrefixes = $11
$11.String = I
@@ -76,7 +78,6 @@ Global
$10.NamingStyle = PascalCase
$10.IncludeInstanceMembers = True
$10.IncludeStaticEntities = True
- $7.NamingRule = $12
$12.Name = Attributes
$12.RequiredSuffixes = $13
$13.String = Attribute
@@ -85,7 +86,6 @@ Global
$12.NamingStyle = PascalCase
$12.IncludeInstanceMembers = True
$12.IncludeStaticEntities = True
- $7.NamingRule = $14
$14.Name = Event Arguments
$14.RequiredSuffixes = $15
$15.String = EventArgs
@@ -94,7 +94,6 @@ Global
$14.NamingStyle = PascalCase
$14.IncludeInstanceMembers = True
$14.IncludeStaticEntities = True
- $7.NamingRule = $16
$16.Name = Exceptions
$16.RequiredSuffixes = $17
$17.String = Exception
@@ -103,97 +102,82 @@ Global
$16.NamingStyle = PascalCase
$16.IncludeInstanceMembers = True
$16.IncludeStaticEntities = True
- $7.NamingRule = $18
$18.Name = Methods
$18.AffectedEntity = Methods
$18.VisibilityMask = VisibilityMask
$18.NamingStyle = PascalCase
$18.IncludeInstanceMembers = True
$18.IncludeStaticEntities = True
- $7.NamingRule = $19
$19.Name = Static Readonly Fields
$19.AffectedEntity = ReadonlyField
$19.VisibilityMask = Internal, Protected, Public
$19.NamingStyle = PascalCase
$19.IncludeInstanceMembers = False
$19.IncludeStaticEntities = True
- $7.NamingRule = $20
$20.Name = Fields (Non Private)
$20.AffectedEntity = Field
$20.VisibilityMask = Internal, Protected, Public
$20.NamingStyle = PascalCase
$20.IncludeInstanceMembers = True
$20.IncludeStaticEntities = True
- $7.NamingRule = $21
$21.Name = ReadOnly Fields (Non Private)
$21.AffectedEntity = ReadonlyField
$21.VisibilityMask = Internal, Protected, Public
$21.NamingStyle = PascalCase
$21.IncludeInstanceMembers = True
$21.IncludeStaticEntities = False
- $7.NamingRule = $22
$22.Name = Fields (Private)
$22.AllowedPrefixes = $23
- $23.String = _
$23.String = m_
$22.AffectedEntity = Field, ReadonlyField
$22.VisibilityMask = Private
$22.NamingStyle = CamelCase
$22.IncludeInstanceMembers = True
$22.IncludeStaticEntities = False
- $7.NamingRule = $24
$24.Name = Static Fields (Private)
$24.AffectedEntity = Field
$24.VisibilityMask = Private
$24.NamingStyle = CamelCase
$24.IncludeInstanceMembers = False
$24.IncludeStaticEntities = True
- $7.NamingRule = $25
$25.Name = ReadOnly Fields (Private)
$25.AllowedPrefixes = $26
- $26.String = _
$26.String = m_
$25.AffectedEntity = ReadonlyField
$25.VisibilityMask = Private
$25.NamingStyle = CamelCase
$25.IncludeInstanceMembers = True
$25.IncludeStaticEntities = False
- $7.NamingRule = $27
$27.Name = Constant Fields
$27.AffectedEntity = ConstantField
$27.VisibilityMask = VisibilityMask
$27.NamingStyle = PascalCase
$27.IncludeInstanceMembers = True
$27.IncludeStaticEntities = True
- $7.NamingRule = $28
$28.Name = Properties
$28.AffectedEntity = Property
$28.VisibilityMask = VisibilityMask
$28.NamingStyle = PascalCase
$28.IncludeInstanceMembers = True
$28.IncludeStaticEntities = True
- $7.NamingRule = $29
$29.Name = Events
$29.AffectedEntity = Event
$29.VisibilityMask = VisibilityMask
$29.NamingStyle = PascalCase
$29.IncludeInstanceMembers = True
$29.IncludeStaticEntities = True
- $7.NamingRule = $30
$30.Name = Enum Members
$30.AffectedEntity = EnumMember
$30.VisibilityMask = VisibilityMask
$30.NamingStyle = PascalCase
$30.IncludeInstanceMembers = True
$30.IncludeStaticEntities = True
- $7.NamingRule = $31
$31.Name = Parameters
$31.AffectedEntity = Parameter
$31.VisibilityMask = VisibilityMask
$31.NamingStyle = CamelCase
$31.IncludeInstanceMembers = True
$31.IncludeStaticEntities = True
- $7.NamingRule = $32
$32.Name = Type Parameters
$32.RequiredPrefixes = $33
$33.String = T
@@ -202,11 +186,7 @@ Global
$32.NamingStyle = PascalCase
$32.IncludeInstanceMembers = True
$32.IncludeStaticEntities = True
- $0.TextStylePolicy = $34
$34.inheritsSet = null
$34.scope = application/x-ashx
EndGlobalSection
- GlobalSection(SolutionProperties) = preSolution
- HideSolutionNode = FALSE
- EndGlobalSection
EndGlobal
diff --git a/WebGoat/App_Code/DB/MySqlDbProvider.cs b/WebGoat/App_Code/DB/MySqlDbProvider.cs
index 0bc79812..56651bbc 100644
--- a/WebGoat/App_Code/DB/MySqlDbProvider.cs
+++ b/WebGoat/App_Code/DB/MySqlDbProvider.cs
@@ -6,7 +6,8 @@
using System.Diagnostics;
using System.IO;
using System.Threading;
-
+using System.Web;
+
namespace OWASP.WebGoat.NET.App_Code.DB
{
public class MySqlDbProvider : IDbProvider
@@ -18,6 +19,7 @@ public class MySqlDbProvider : IDbProvider
private readonly string _uid;
private readonly string _database;
private readonly string _clientExec;
+
private readonly ILog log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType);
@@ -103,8 +105,12 @@ public bool RecreateGoatDb()
log.Info("Running recreate");
- int retVal1 = Math.Abs(Util.RunProcessWithInput(_clientExec, args, DbConstants.DB_CREATE_MYSQL_SCRIPT));
- int retVal2 = Math.Abs(Util.RunProcessWithInput(_clientExec, args, DbConstants.DB_LOAD_MYSQL_SCRIPT));
+ string createScript = HttpContext.Current.Server.MapPath(DbConstants.DB_CREATE_MYSQL_SCRIPT.Replace("\\", "/"));
+ string loadScript = HttpContext.Current.Server.MapPath(DbConstants.DB_LOAD_MYSQL_SCRIPT.Replace("\\", "/"));
+
+
+ int retVal1 = Math.Abs(Util.RunProcessWithInput(_clientExec, args, createScript));
+ int retVal2 = Math.Abs(Util.RunProcessWithInput(_clientExec, args, loadScript));
return Math.Abs(retVal1) + Math.Abs(retVal2) == 0;
}
diff --git a/WebGoat/Configuration/Default.config b/WebGoat/Configuration/Default.config
index 3ed7cdc3..43370932 100644
--- a/WebGoat/Configuration/Default.config
+++ b/WebGoat/Configuration/Default.config
@@ -1 +1,7 @@
-dbtype=MySql
\ No newline at end of file
+dbtype=MySql
+host=localhost
+port=3306
+client=C:\Program Files\MySQL\MySQL Server 5.7\bin\mysql.exe
+database=webgoat
+uid=user
+pwd=password
diff --git a/WebGoat/ProxySetup.aspx b/WebGoat/ProxySetup.aspx
index 55d276ba..fec8c396 100644
--- a/WebGoat/ProxySetup.aspx
+++ b/WebGoat/ProxySetup.aspx
@@ -17,7 +17,7 @@
ErrorMessage="Name is Required" ControlToValidate="txtName">
+ ValidationExpression="[a-zA-Z\-\ _]*">
Enter your name (letters only):
diff --git a/WebGoat/ProxySetup.aspx.designer.cs b/WebGoat/ProxySetup.aspx.designer.cs
index 9843c6c8..ebdd1167 100644
--- a/WebGoat/ProxySetup.aspx.designer.cs
+++ b/WebGoat/ProxySetup.aspx.designer.cs
@@ -1,32 +1,60 @@
-// ------------------------------------------------------------------------------
-//
-// This code was generated by a tool.
-// Mono Runtime Version: 4.0.30319.1
-//
-// Changes to this file may cause incorrect behavior and will be lost if
-// the code is regenerated.
-//
-// ------------------------------------------------------------------------------
-
-namespace OWASP.WebGoat.NET {
-
-
- public partial class ProxySetup {
-
- protected System.Web.UI.WebControls.Content Content1;
-
- protected System.Web.UI.WebControls.Content Content3;
-
- protected System.Web.UI.WebControls.Content Content2;
-
- protected System.Web.UI.WebControls.RequiredFieldValidator valNameRequired;
-
- protected System.Web.UI.WebControls.RegularExpressionValidator valRegEx;
-
- protected System.Web.UI.WebControls.TextBox txtName;
-
- protected System.Web.UI.WebControls.Button btnReverse;
-
- protected System.Web.UI.WebControls.Label lblOutput;
- }
-}
+//------------------------------------------------------------------------------
+//
+// This code was generated by a tool.
+//
+// Changes to this file may cause incorrect behavior and will be lost if
+// the code is regenerated.
+//
+//------------------------------------------------------------------------------
+
+namespace OWASP.WebGoat.NET {
+
+
+ public partial class ProxySetup {
+
+ ///
+ /// valNameRequired control.
+ ///
+ ///
+ /// Auto-generated field.
+ /// To modify move field declaration from designer file to code-behind file.
+ ///
+ protected global::System.Web.UI.WebControls.RequiredFieldValidator valNameRequired;
+
+ ///
+ /// valRegEx control.
+ ///
+ ///
+ /// Auto-generated field.
+ /// To modify move field declaration from designer file to code-behind file.
+ ///
+ protected global::System.Web.UI.WebControls.RegularExpressionValidator valRegEx;
+
+ ///
+ /// txtName control.
+ ///
+ ///
+ /// Auto-generated field.
+ /// To modify move field declaration from designer file to code-behind file.
+ ///
+ protected global::System.Web.UI.WebControls.TextBox txtName;
+
+ ///
+ /// btnReverse control.
+ ///
+ ///
+ /// Auto-generated field.
+ /// To modify move field declaration from designer file to code-behind file.
+ ///
+ protected global::System.Web.UI.WebControls.Button btnReverse;
+
+ ///
+ /// lblOutput control.
+ ///
+ ///
+ /// Auto-generated field.
+ /// To modify move field declaration from designer file to code-behind file.
+ ///
+ protected global::System.Web.UI.WebControls.Label lblOutput;
+ }
+}
diff --git a/WebGoat/Resources/Master-Pages/Site.Master.cs b/WebGoat/Resources/Master-Pages/Site.Master.cs
index 4c8c41de..780e92ec 100644
--- a/WebGoat/Resources/Master-Pages/Site.Master.cs
+++ b/WebGoat/Resources/Master-Pages/Site.Master.cs
@@ -20,7 +20,7 @@ protected void Page_Load(object sender, EventArgs e)
}
protected void lbtGenerateTestData_Click(object sender, EventArgs e)
{
- Response.Redirect("/RebuildDatabase.aspx");
+ Response.Redirect("~/RebuildDatabase.aspx");
}
public void GreyOutMenu()
{
diff --git a/WebGoat/WebGoat.NET.csproj b/WebGoat/WebGoat.NET.csproj
index c00501db..b87d573a 100644
--- a/WebGoat/WebGoat.NET.csproj
+++ b/WebGoat/WebGoat.NET.csproj
@@ -1,4 +1,4 @@
-
+
True
@@ -17,6 +17,12 @@
4.0
+ true
+
+
+
+
+
true
@@ -71,7 +77,7 @@
lib\log4net.dll
- lib\Mono.Data.Sqlite.dll
+ lib\Mono.Data.Sqlite.dll
@@ -911,6 +917,7 @@
ProxySetup.aspx
+ ASPXCodeBehind
ProxySetup.aspx
@@ -934,30 +941,35 @@
Trace.aspx
+ ASPXCodeBehind
Trace.aspx
XPathInjection.aspx
+ ASPXCodeBehind
XPathInjection.aspx
HeaderInjection.aspx
+ ASPXCodeBehind
HeaderInjection.aspx
MessageDigest.aspx
+ ASPXCodeBehind
MessageDigest.aspx
XMLInjection.aspx
+ ASPXCodeBehind
XMLInjection.aspx
@@ -965,24 +977,28 @@
ReadlineDoS.aspx
+ ASPXCodeBehind
ReadlineDoS.aspx
RegexDoS.aspx
+ ASPXCodeBehind
RegexDoS.aspx
Unsafe.aspx
+ ASPXCodeBehind
Unsafe.aspx
Random.aspx
+ ASPXCodeBehind
Random.aspx
@@ -990,12 +1006,14 @@
VerbTampering.aspx
+ ASPXCodeBehind
VerbTampering.aspx
VerbTamperingAttack.aspx
+ ASPXCodeBehind
VerbTamperingAttack.aspx
@@ -1021,13 +1039,26 @@
+
+
+
+ True
+ True
+ 55305
+ /
+ http://localhost:55305/
+ False
+ False
+
+
+ False
+
+
+
-
-
-
-
+
@@ -1057,4 +1088,5 @@
-
+
+
\ No newline at end of file
diff --git a/WebGoat/WebGoat.NET.csproj.user b/WebGoat/WebGoat.NET.csproj.user
index fd9084ec..1919cf3a 100644
--- a/WebGoat/WebGoat.NET.csproj.user
+++ b/WebGoat/WebGoat.NET.csproj.user
@@ -1,5 +1,28 @@
+
+
+
+
+
+ CurrentPage
+ True
+ False
+ False
+ False
+
+
+
+
+
+
+
+
+ True
+ True
+
+
+
-
+
\ No newline at end of file