jerryhoff / webgoat.net Goto Github PK

Hi,

I have the system up on Kali and can get the Sqlite working, but I want to test with Mysql. What are the value I need to put in the Client Executable and Data File Path to get this to work?

Thanks.

The stored XSS lesson is also vulnerable to SQL injection. I don't know if this is by design or not (bonus vulnerabilities!) but if not we should move to a prepared statement in MySqlDbProvider.cs

Can someone please give a detailed tutorial/guide from start to end to how to get it to run properly.

Like:

1. Setting Up MySql
   etc

The ASP.Net_SessionID cookie is httponly. While this is good for security, it's bad for webgoat. It would be nice to be able to demonstrate cookie stealing with the XSS attacks. Let's set it to not be that way initially, and part of the job of fixing webgoat is to change it to be httponly.

Hi, I am trying to scan the project's source code with the Sonar Cloud by forking the project to my repo.

But, when I used dotnet build, I encountered the build failure, and I checked the log, getting the error like the following:
error MSB3644: The reference assemblies for .NETFramework,Version=v3.5 were not found. To resolve this, install the Developer Pack (SDK/Targeting Pack) for this framework version or retarget your application.

I am fresh in the dotnet project, so I don't know how to fix it.
Is it an issue about the environment, i.e., Sonar Cloud? Or is it caused by the reason that this project is out of date?

Thank!

Hi Jerry,

Any way to turn on trace.axd?

I noticed it is disabled in web.config. I tried changing the values there with no luck. Wondering if you know how to turn it on.

Thanks.

is there documentation on how to run webgoat.net?

Hello All,
I have followed the steps written here and got the application running, but I am struggling to run the application through IIS directly. Is there a way to do that?

Hello,
I downloaded the zip and tried to install in IIS5.1 XP with .NET 4.0 and I get this error:
http://localhost/WebGoat.NET/Default.aspx ->
Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately.

Parser Error Message: Could not load file or assembly 'Mono.Data.Sqlite, Version=2.0.0.0, Culture=neutral, PublicKeyToken=0738eb9f132ed756' or one of its dependencies. The system cannot find the file specified.

Source Error:

Line 64: connectionStringName="SQLiteDbConnection"
Line 65: name="SQLiteRoleProvider"
Line 66: type="TechInfoSystems.Data.SQLite.SQLiteRoleProvider, TechInfoSystems.Data.SQLiteProvider" />
Line 67:
Line 68:

Should I install Mono also?

Hi

Webgoat.net from Visual studio with MySql. I have installed My SQl community version and import Webgoat.net from yours portal. Set up Database i am getting error.

Data Provider: | MySql

Data File Path: |  
Client Executable: |  
Server: |  localhost
Port: |  3306
Database: |  mysql
User Name: |  root

Password: |  Admin@123

Showing error:
Error testing database. Please see logs.

The stored XSS lesson doesn't work. The table comment has a column called commentNumber which is NOT NULL but isn't set when a new comment is added. To fix this, I think commentNumber should be set to auto_increment (at least that worked for me).

Where can I turn off validation request? Thanks!