shivamdixit / webgoatphp Goto Github PK
View Code? Open in Web Editor NEWWebGoatPHP is a port of WebGoat to PHP and MySQL/SQLite databases.
Home Page: http://webgoatphp.com/
License: Apache License 2.0
WebGoatPHP is a port of WebGoat to PHP and MySQL/SQLite databases.
Home Page: http://webgoatphp.com/
License: Apache License 2.0
This is not a bug but WebScarab is an outdated and inactive OWASP project, ZAP does the same. Please replace the name to reflect a new tool
Remember me not implemented in login.
Chart is displayed perfectly if opened from the url directly (i.e using #analytics in the url) however if you navigate using side panel the values (%) printed on it gets distorted.
WebGoatPHP logo on home page is not responsive and overlaps with heading on medium size resolution.
Currently we don't have any "remember me" feature in user login. We need to implement it in a secure way.
TODO : Running the user supplied code in a sandbox.
When running the app via vagrant, jframework is not able to detect mode because the port is different. Change the conditions so that it works on all the ports.
Chrome XSS Auditor is refusing to execute the script because its source code was found within the request.
Add number of days remaining also in countdown timer of a contest.
In date time picker add a condition to check that contest start date > present date and end date > start date.
To alleviate this, use jframework's catch controller. Catch controllers catch everything that goes past them, e.g example.com/catch-controller/everything/here/goes/to/catch/controller.css
They receive the rest of the URL, and can decide what to do.
A good design would be to have example.com/webgoatphp/challenges/challenge-name-here/X
and X should be served from within the challenge folder. This allows the challenge to be able to use relative URLs, and access everything it has to offer, and at the same time allows the framework to track and log everything.
Thanks
-A
Following warning is encountered while the running tests from test/sys/main :
Unable to call Doctrine Plugin::Shutdown() - function does not exist in Unknown on line 0
Reset lesson is not working for any of the lessons in firefox.
Reason: An AJAX request is made to reset the lesson and when response comes, the page is refreshed. However in firefox on refreshing the page it is also sending the POST data again causing the completion of the lesson again. Hence the success message is displayed and the lesson is marked completed again.
Solution: Use a different way of refreshing the page.
Fatal Error 1 in /app/control/mode/single/challenges/__catch.php line 33
My php version is 5.5.12
If one lesson is completed, all are marked as "Completed".
Fix window.open
arguments in script/challenges.js
to make it work.
In secure coding mode, developer is specifying start and end line number that will be available for editing. (In function isSecureCodingAllowed()) However this is not the best way because if in future developer modifies the code, line numbers will change and wrong lines will be displayed to the user.
1.- zGo XSS 2 (Stored) challenge
2. Fill in a script in the message box such as <SCRIPT>alert(document.cookie);</SCRIPT>
3. Submit
Result
The user is not allow to go out of this challenge nor reset due to the"stored" xss.Everytime the XSS is been displayed. You need to delete the message XSS after the challenge is finished
We need to switch to SQLite database for single-user mode so that minimum db setup is required.
If a user tries to access the workshop admin dashboard and if he is not authorized to do so, it results in error "Too many redirects". Instead of redirecting the user to the login page if he is not authorized, redirect him to SiteRoot.
On hover color should not change if that element is selected.
Add an option of "Change Password"
In function "Check" of \jf\RBACManager if an integer User Id is supplied in the second parameter then it will generate error "Undefined variable: UserID" at line 130 _japp/model/lib/rbac.php
When deleting a workshop user, corresponding user-role association must also be deleted from the database.
Add a media query for small screen sizes. Preferably create a new navigation panel at the bottom and hide side panel when screen size is small.
In order to consider module challenges complete, solutions should be also completed.Right now there are no solutions provided to users
When displaying source code to the user, it is not indented because we are using "trim" function and hence all the white-spaces are removed. If we will not use this function, it will show extra white-spaces, extra new lines.
We need something to remove extra spaces but at the same time keep indentation intact.
Hi,
This is not an issue per se with your repo, I am wondering whats happening with the webgoat project now that it is down.
Thanks.
jframework throws a "ShutdownError : Class not found" error in deploy mode. Working fine in develop mode.
In workshop mode->dashboard->lesson settings, the ON/OFF visibility buttons only work if you refresh the page. They will not work if you use the side panel to navigate.
Need to create a custom 404 page.
When adding challenge add a verification on input.
Display a countdown timer.
Solution: Add a condition to check if no workshop users are present.
Add condition in date time picker if contest is already present.
In the Forgot password challenge, the reset button does not reset the lesson.
happen in Firefox mozilla 29.0.1 (Windows version)
if email is better for this, let me know. I saw WebGoat PHP demo'd briefly at the AppSec USA project summit. I am attempting to run it on a LAMP stack (apache 2.4.18, mysql 5.7.16 & php 7.0.8), but am getting nowhere. One persistent error in the log is:
Uncaught Error: Class 'jf' not found in /var/www/html/webgoat-php/app/view/default/about.php:3\nStack trace:\n#0 {main}\n thrown in /var/www/html/webgoat-php/app/view/default/about.php on line 3, referer: http://localhost/webgoat-php/app/view/default/
The db is created and all wired up ... not getting any errors that way. Any ideas/help?
Fix the hash based navigation. The current method create duplicate ids which causes unexpected behavior.
In contest mode and an option for the admin to re-evaluate all submissions.
At certain resolution Reset Lesson button distorts the top menu and for side menu col-md class should be used instead of col-lg.
We need to create a logo for WebGoatPHP. If anyone is willing to create one, please go ahead.
Fix the bootstrap form structure.
In ACE editor extra spaces are displayed at the last line.
In class SingleModeController if static content is requested, it is returned by using file_get_contents, however this is not complete correct as audio/video/images etc cannot be returned in this way.
It would be better to use jframework dwnload manager.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.