CSPF-Founder
diff --git a/‎build/web/ForgotPassword.jsp
Lines changed: 0 additions & 1 deletion b/‎build/web/ForgotPassword.jsp
Lines changed: 0 additions & 1 deletion
diff --git a/‎build/web/Register.jsp
Lines changed: 0 additions & 1 deletion b/‎build/web/Register.jsp
Lines changed: 0 additions & 1 deletion
diff --git a/‎build/web/WEB-INF/classes/.netbeans_automatic_build b/‎build/web/WEB-INF/classes/.netbeans_automatic_build
diff --git a/‎build/web/WEB-INF/classes/.netbeans_update_resources b/‎build/web/WEB-INF/classes/.netbeans_update_resources
diff --git a/‎build/web/WEB-INF/classes/controller/AddPage.class
97 Bytes b/‎build/web/WEB-INF/classes/controller/AddPage.class
97 Bytes
diff --git a/‎build/web/WEB-INF/classes/controller/EmailCheck.class
97 Bytes b/‎build/web/WEB-INF/classes/controller/EmailCheck.class
97 Bytes
diff --git a/‎build/web/WEB-INF/classes/controller/ForwardMe.class
97 Bytes b/‎build/web/WEB-INF/classes/controller/ForwardMe.class
97 Bytes
diff --git a/‎build/web/WEB-INF/classes/controller/LoginValidator.class
97 Bytes b/‎build/web/WEB-INF/classes/controller/LoginValidator.class
97 Bytes
diff --git a/‎build/web/WEB-INF/classes/controller/Logout.class
97 Bytes b/‎build/web/WEB-INF/classes/controller/Logout.class
97 Bytes
diff --git a/‎build/web/WEB-INF/classes/controller/Register.class
97 Bytes b/‎build/web/WEB-INF/classes/controller/Register.class
97 Bytes
diff --git a/‎build/web/WEB-INF/classes/controller/SendMessage.class
97 Bytes b/‎build/web/WEB-INF/classes/controller/SendMessage.class
97 Bytes
diff --git a/‎build/web/WEB-INF/classes/controller/UsernameCheck.class
97 Bytes b/‎build/web/WEB-INF/classes/controller/UsernameCheck.class
97 Bytes
diff --git a/‎build/web/WEB-INF/classes/controller/XPathQuery.class
97 Bytes b/‎build/web/WEB-INF/classes/controller/XPathQuery.class
97 Bytes
diff --git a/‎build/web/WEB-INF/classes/controller/install.class
97 Bytes b/‎build/web/WEB-INF/classes/controller/install.class
97 Bytes
diff --git a/‎build/web/WEB-INF/classes/controller/open.class
97 Bytes b/‎build/web/WEB-INF/classes/controller/open.class
97 Bytes
diff --git a/‎build/web/WEB-INF/classes/controller/xxe.class
3.22 KB b/‎build/web/WEB-INF/classes/controller/xxe.class
3.22 KB
diff --git a/‎build/web/WEB-INF/classes/model/DBConnect.class
-165 Bytes b/‎build/web/WEB-INF/classes/model/DBConnect.class
-165 Bytes
diff --git a/‎build/web/WEB-INF/lib/jstl-api.jar
31.5 KB b/‎build/web/WEB-INF/lib/jstl-api.jar
31.5 KB
diff --git a/‎build/web/WEB-INF/lib/jstl-impl.jar
393 KB b/‎build/web/WEB-INF/lib/jstl-impl.jar
393 KB
diff --git a/‎build/web/WEB-INF/web.xml
Lines changed: 8 additions & 0 deletions b/‎build/web/WEB-INF/web.xml
Lines changed: 8 additions & 0 deletions
diff --git a/‎build/web/header.jsp
Lines changed: 8 additions & 0 deletions b/‎build/web/header.jsp
Lines changed: 8 additions & 0 deletions
diff --git a/‎build/web/vulnerability/Injection/1.xsl
Lines changed: 41 additions & 0 deletions b/‎build/web/vulnerability/Injection/1.xsl
Lines changed: 41 additions & 0 deletions
diff --git a/‎build/web/vulnerability/Injection/2.xsl
Lines changed: 35 additions & 0 deletions b/‎build/web/vulnerability/Injection/2.xsl
Lines changed: 35 additions & 0 deletions
diff --git a/‎build/web/vulnerability/Injection/courses.xml
Lines changed: 19 additions & 0 deletions b/‎build/web/vulnerability/Injection/courses.xml
Lines changed: 19 additions & 0 deletions
diff --git a/‎build/web/vulnerability/Injection/xslt.jsp
Lines changed: 17 additions & 0 deletions b/‎build/web/vulnerability/Injection/xslt.jsp
Lines changed: 17 additions & 0 deletions
diff --git a/‎build/web/vulnerability/Injection/xxe.jsp
Lines changed: 26 additions & 0 deletions b/‎build/web/vulnerability/Injection/xxe.jsp
Lines changed: 26 additions & 0 deletions
diff --git a/‎nbproject/build-impl.xml
Lines changed: 2 additions & 0 deletions b/‎nbproject/build-impl.xml
Lines changed: 2 additions & 0 deletions
diff --git a/‎nbproject/genfiles.properties
Lines changed: 3 additions & 3 deletions b/‎nbproject/genfiles.properties
Lines changed: 3 additions & 3 deletions
diff --git a/‎nbproject/project.properties
Lines changed: 2 additions & 1 deletion b/‎nbproject/project.properties
Lines changed: 2 additions & 1 deletion
diff --git a/‎nbproject/project.xml
Lines changed: 4 additions & 0 deletions b/‎nbproject/project.xml
Lines changed: 4 additions & 0 deletions
diff --git a/‎src/java/controller/xxe.java
Lines changed: 106 additions & 0 deletions b/‎src/java/controller/xxe.java
Lines changed: 106 additions & 0 deletions
diff --git a/‎web/ForgotPassword.jsp
Lines changed: 0 additions & 1 deletion b/‎web/ForgotPassword.jsp
Lines changed: 0 additions & 1 deletion
diff --git a/‎web/Register.jsp
Lines changed: 0 additions & 1 deletion b/‎web/Register.jsp
Lines changed: 0 additions & 1 deletion
diff --git a/‎web/WEB-INF/web.xml
Lines changed: 8 additions & 0 deletions b/‎web/WEB-INF/web.xml
Lines changed: 8 additions & 0 deletions
@@ -4,7 +4,6 @@
 <%@page import="java.sql.ResultSet"%>
 <%@page import="java.sql.Connection"%>
 <%@ include file="header.jsp" %>
-  <script src="jquery.min.js" type="text/javascript"></script>  
      <script type="text/javascript">  
               $(document).ready(function(){  
                   $("#username").change(function(){  
 
@@ -4,7 +4,6 @@
     Author     : breakthesec
 --%>
  <%@ include file="header.jsp" %>
- <script src="jquery.min.js" type="text/javascript"></script>  
      <script type="text/javascript">  
               $(document).ready(function(){  
                   $("#username").change(function(){  
 
@@ -44,6 +44,10 @@
         <servlet-name>XPathQuery</servlet-name>
         <servlet-class>controller.XPathQuery</servlet-class>
     </servlet>
+    <servlet>
+        <servlet-name>xxe</servlet-name>
+        <servlet-class>controller.xxe</servlet-class>
+    </servlet>
     <servlet-mapping>
         <servlet-name>install</servlet-name>
         <url-pattern>/install</url-pattern>
@@ -88,4 +92,8 @@
         <servlet-name>XPathQuery</servlet-name>
         <url-pattern>/XPathQuery.do</url-pattern>
     </servlet-mapping>
+    <servlet-mapping>
+        <servlet-name>xxe</servlet-name>
+        <url-pattern>/vulnerability/Injection/xxe.do</url-pattern>
+    </servlet-mapping>
 </web-app>
@@ -15,6 +15,7 @@
 <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
 	<title><%=siteTitle%></title>
 	<link rel="stylesheet" href="<%=path%>/style.css" type="text/css" charset="utf-8" />
+           <% out.print("<script src=\""+path+"/jquery.min.js\" type=\"text/javascript\"></script>"); %>
 </head>
 
 <body>
@@ -39,6 +40,13 @@
 						  <li><a href="<%=path%>/vulnerability/Injection/xpath_login.jsp">Login Bypass</a></li>
                                                  </ul>
                                                 </li>
+                                                  <li><a href="#">XML Injection</a>
+                                                 <ul>
+						  <li><a href="<%=path%>/vulnerability/Injection/xxe.jsp">External Entity</a></li>
+                                                  <li><a href="<%=path%>/vulnerability/Injection/xslt.jsp?style=1.xsl">XSLT Injection</a></li>
+                                                 
+                                                 </ul>
+                                                </li>
 					</ul>
                                      </li>
 
 
@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+    Document   : courses.xsl
+    Created on : 21 January, 2015, 9:31 PM
+    Author     : breakthesec
+    Description:
+        Purpose of transformation follows.
+-->
+
+<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0">
+    <xsl:output method="html"/>
+
+    <!-- TODO customize transformation rules 
+         syntax recommendation http://www.w3.org/TR/xslt 
+    -->
+    <xsl:template match="/">
+        <h1> List of Courses: </h1>
+                <table border="1">
+                    <tr>
+                    <th>Course Name</th>
+                    <th>URL</th>
+                    </tr>
+                     <xsl:for-each select="courses/course-details">
+                        <tr>
+                        <td><xsl:value-of select="title"/></td>
+                        <td width="120px" style='text-align:center' >  
+                                <xsl:element name="a">
+                                <xsl:attribute name="href">
+                                <xsl:value-of select="url"/>
+                                </xsl:attribute> Sign Up
+                                </xsl:element>
+                        </td>
+                         </tr>
+                    </xsl:for-each>
+                    
+                </table>
+       
+    </xsl:template>
+
+</xsl:stylesheet>
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+    Document   : courses.xsl
+    Created on : 21 January, 2015, 9:31 PM
+    Author     : breakthesec
+    Description:
+        Purpose of transformation follows.
+-->
+
+<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0">
+    <xsl:output method="html"/>
+
+    <!-- TODO customize transformation rules 
+         syntax recommendation http://www.w3.org/TR/xslt 
+    -->
+    <xsl:template match="/">
+        <h1> List of Courses: </h1>
+             
+                    <ul>
+                     <xsl:for-each select="courses/course-details">
+                        <li>
+                             <xsl:element name="a">
+                                <xsl:attribute name="href">
+                                <xsl:value-of select="url"/>
+                                </xsl:attribute> 
+                                        <xsl:value-of select="title"/>
+                                  </xsl:element>
+                        </li>
+                         
+                    </xsl:for-each>
+                    </ul>
+    </xsl:template>
+
+</xsl:stylesheet>
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<courses>
+    <course-details>
+        <title>Hacking and Securing Java based Web Applications </title>
+        <url>https://www.udemy.com/hacking-securing-java-web-programming/</url>
+    </course-details>
+    <course-details>
+        <title>Hacking and Securing PHP Applications </title>
+        <url>https://www.udemy.com/hacking-securing-php/</url>
+    </course-details>
+    <course-details>
+        <title>Certified White Hat Hacker</title>
+        <url>https://www.udemy.com/certified-whitehat-hacker-level-1/</url>
+    </course-details>
+    <course-details>
+        <title>Certified APT Defender </title>
+        <url>https://www.udemy.com/certified-apt-defender/</url>
+    </course-details>
+</courses>
@@ -0,0 +1,17 @@
+ 
+<%@ include file="/header.jsp" %>
+<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
+<%@ taglib prefix="x" uri="http://java.sun.com/jsp/jstl/xml" %>
+<form >
+   Select Style: <select name="style">
+        <option value="1.xsl">Style 1</option>
+         <option value="2.xsl">Style 2</option> 
+    </select>
+    <input type="submit" value="change"/>
+</form><br/>
+ <c:import url="courses.xml" var="xml"/>
+ 
+<c:import url='${param["style"]}' var="xslt"/>
+<x:transform xml="${xml}" xslt="${xslt}"/>
+
+  <%@ include file="/footer.jsp" %>
@@ -0,0 +1,26 @@
+
+<%@ include file="/header.jsp" %>
+      <script type="text/javascript">  
+              $(document).ready(function(){  
+                  $("#req").click(function(){  
+                  var xml = '<?xml version="1.0" encoding="UTF-8"?><users><username>Neo</username><email>neo@matrix</email></users>';
+                $.ajax({
+                 url: 'xxe.do', 
+                 processData: false,
+                 type: "POST", 
+                 data: xml, 
+                 success: function(response){
+                   $("#result").html(response);
+                 },
+                 error: function(response) {
+                    $("#result").html(response);
+                 }
+                  
+                    });  
+                  });  
+              });  
+            </script> 
+         
+ <input type="button" id="req" name="req" value="Send Request"/> <br/>
+ <div id="result"></div>             
+  <%@ include file="/footer.jsp" %>
@@ -999,12 +999,14 @@ exists or setup the property manually. For example like this:
     <target depends="init" if="dist.ear.dir" name="library-inclusion-in-manifest">
         <copyfiles files="${file.reference.mysql-connector-java-5.1.33-bin.jar}" iftldtodir="${build.web.dir}/WEB-INF" todir="${dist.ear.dir}/lib"/>
         <copyfiles files="${file.reference.json-20090211.jar}" iftldtodir="${build.web.dir}/WEB-INF" todir="${dist.ear.dir}/lib"/>
+        <copyfiles files="${libs.jstl.classpath}" iftldtodir="${build.web.dir}/WEB-INF" todir="${dist.ear.dir}/lib"/>
         <mkdir dir="${build.web.dir}/META-INF"/>
         <manifest file="${build.web.dir}/META-INF/MANIFEST.MF" mode="update"/>
     </target>
     <target depends="init" name="library-inclusion-in-archive" unless="dist.ear.dir">
         <copyfiles files="${file.reference.mysql-connector-java-5.1.33-bin.jar}" todir="${build.web.dir}/WEB-INF/lib"/>
         <copyfiles files="${file.reference.json-20090211.jar}" todir="${build.web.dir}/WEB-INF/lib"/>
+        <copyfiles files="${libs.jstl.classpath}" todir="${build.web.dir}/WEB-INF/lib"/>
     </target>
     <target depends="init" if="dist.ear.dir" name="-clean-webinf-lib">
         <delete dir="${build.web.dir}/WEB-INF/lib"/>
 
@@ -1,8 +1,8 @@
-build.xml.data.CRC32=c2a19c05
+build.xml.data.CRC32=903755fa
 build.xml.script.CRC32=8f523743
 build.xml.stylesheet.CRC32=651128d4@1.67.1.1
 # This file is used by a NetBeans-based IDE to track changes in generated files such as build-impl.xml.
 # Do not edit this file. You may delete it but then the IDE will never regenerate such files for you.
-nbproject/build-impl.xml.data.CRC32=c2a19c05
-nbproject/build-impl.xml.script.CRC32=8ead9884
+nbproject/build-impl.xml.data.CRC32=903755fa
+nbproject/build-impl.xml.script.CRC32=084958d7
 nbproject/build-impl.xml.stylesheet.CRC32=99ea4b56@1.67.1.1
@@ -40,7 +40,8 @@ j2ee.server.type=Tomcat
 jar.compress=false
 javac.classpath=\
     ${file.reference.mysql-connector-java-5.1.33-bin.jar}:\
-    ${file.reference.json-20090211.jar}
+    ${file.reference.json-20090211.jar}:\
+    ${libs.jstl.classpath}
 # Space-separated list of extra javac options
 javac.compilerargs=
 javac.debug=true
 
@@ -14,6 +14,10 @@
                     <file>${file.reference.json-20090211.jar}</file>
                     <path-in-war>WEB-INF/lib</path-in-war>
                 </library>
+                <library dirs="200">
+                    <file>${libs.jstl.classpath}</file>
+                    <path-in-war>WEB-INF/lib</path-in-war>
+                </library>
             </web-module-libraries>
             <web-module-additional-libraries/>
             <source-roots>
 
@@ -0,0 +1,106 @@
+/*
+ * To change this license header, choose License Headers in Project Properties.
+ * To change this template file, choose Tools | Templates
+ * and open the template in the editor.
+ */
+
+package controller;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.PrintWriter;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.NodeList;
+import org.xml.sax.InputSource;
+
+/**
+ *
+ * @author breakthesec
+ */
+public class xxe extends HttpServlet {
+
+    /**
+     * Processes requests for both HTTP <code>GET</code> and <code>POST</code>
+     * methods.
+     *
+     * @param request servlet request
+     * @param response servlet response
+     * @throws ServletException if a servlet-specific error occurs
+     * @throws IOException if an I/O error occurs
+     */
+    protected void processRequest(HttpServletRequest request, HttpServletResponse response)
+            throws ServletException, IOException {
+        response.setContentType("text/html;charset=UTF-8");
+        PrintWriter out = response.getWriter();
+        try
+        {
+          InputStream xml=request.getInputStream();
+          DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+          DocumentBuilder builder = factory.newDocumentBuilder();
+          InputSource is = new InputSource(xml);
+          Document doc = builder.parse(is);
+          Element element = doc.getDocumentElement();
+          NodeList nodes = element.getChildNodes();
+          out.print("<br/>Result:<br/>");
+          out.print("---------------------<br/>");
+          for (int i = 0; i < nodes.getLength(); i++) {
+            out.print(nodes.item(i).getNodeName()+" : " + nodes.item(i).getTextContent());
+            out.print("<br/>");
+         }
+        }
+        catch(Exception ex)
+        {
+            out.print(ex);
+        }
+        finally {
+            out.close();
+        }
+    }
+
+    // <editor-fold defaultstate="collapsed" desc="HttpServlet methods. Click on the + sign on the left to edit the code.">
+    /**
+     * Handles the HTTP <code>GET</code> method.
+     *
+     * @param request servlet request
+     * @param response servlet response
+     * @throws ServletException if a servlet-specific error occurs
+     * @throws IOException if an I/O error occurs
+     */
+    @Override
+    protected void doGet(HttpServletRequest request, HttpServletResponse response)
+            throws ServletException, IOException {
+        processRequest(request, response);
+    }
+
+    /**
+     * Handles the HTTP <code>POST</code> method.
+     *
+     * @param request servlet request
+     * @param response servlet response
+     * @throws ServletException if a servlet-specific error occurs
+     * @throws IOException if an I/O error occurs
+     */
+    @Override
+    protected void doPost(HttpServletRequest request, HttpServletResponse response)
+            throws ServletException, IOException {
+        processRequest(request, response);
+    }
+
+    /**
+     * Returns a short description of the servlet.
+     *
+     * @return a String containing servlet description
+     */
+    @Override
+    public String getServletInfo() {
+        return "Short description";
+    }// </editor-fold>
+
+}
@@ -4,7 +4,6 @@
 <%@page import="java.sql.ResultSet"%>
 <%@page import="java.sql.Connection"%>
 <%@ include file="header.jsp" %>
-  <script src="jquery.min.js" type="text/javascript"></script>  
      <script type="text/javascript">  
               $(document).ready(function(){  
                   $("#username").change(function(){  
 
@@ -4,7 +4,6 @@
     Author     : breakthesec
 --%>
  <%@ include file="header.jsp" %>
- <script src="jquery.min.js" type="text/javascript"></script>  
      <script type="text/javascript">  
               $(document).ready(function(){  
                   $("#username").change(function(){  
 
@@ -44,6 +44,10 @@
         <servlet-name>XPathQuery</servlet-name>
         <servlet-class>controller.XPathQuery</servlet-class>
     </servlet>
+    <servlet>
+        <servlet-name>xxe</servlet-name>
+        <servlet-class>controller.xxe</servlet-class>
+    </servlet>
     <servlet-mapping>
         <servlet-name>install</servlet-name>
         <url-pattern>/install</url-pattern>
@@ -88,4 +92,8 @@
         <servlet-name>XPathQuery</servlet-name>
         <url-pattern>/XPathQuery.do</url-pattern>
     </servlet-mapping>
+    <servlet-mapping>
+        <servlet-name>xxe</servlet-name>
+        <url-pattern>/vulnerability/Injection/xxe.do</url-pattern>
+    </servlet-mapping>
 </web-app>