748fa40b6de71191d5f69fb9b0841ecd746c2815,SecurityShepherdCore/src/servlets/module/challenge/XssChallengeSix.java,XssChallengeSix,doPost,#HttpServletRequest#HttpServletResponse#,55
Before Change
if(xssDetected)
{
Encoder encoder = ESAPI.encoder();
htmlOutput = "<h2 class='title'>Well Done</h2>" +
"<p>You successfully executed the JavaScript alert command!<br />" +
"The result key for this challenge is <a>" +
encoder.encodeForHTML(
Hash.generateUserSolution(
Getter.getModuleResultFromHash(getServletContext().getRealPath(""), levelHash),
(String)ses.getAttribute("userName")
)
) + "</a>";
}
log.debug("Adding searchTerm to Html: " + searchTerm);
htmlOutput += "<h2 class='title'>Your New Post!</h2>" +
After Change
out.print(getServletInfo());
//Translation Stuff
Locale locale = new Locale(Validate.validateLanguage(request.getSession()));
ResourceBundle errors = ResourceBundle.getBundle("i18n.servlets.errors", locale);
ResourceBundle bundle = ResourceBundle.getBundle("i18n.servlets.challenges.xss6", locale);
try
{
HttpSession ses = request.getSession(true);
if(Validate.validateSession(ses))
{
ShepherdLogManager.setRequestIp(request.getRemoteAddr(), request.getHeader("X-Forwarded-For"), ses.getAttribute("userName").toString());
log.debug(levelName + " servlet accessed by: " + ses.getAttribute("userName").toString());
Cookie tokenCookie = Validate.getToken(request.getCookies());
Object tokenParmeter = request.getParameter("csrfToken");
if(Validate.validateTokens(tokenCookie, tokenParmeter))
{
String htmlOutput = new String();
String userPost = new String();
String searchTerm = request.getParameter("searchTerm");
log.debug("User Submitted - " + searchTerm);
searchTerm = XssFilter.anotherBadUrlValidate(searchTerm);
userPost = "<a href=\"" + searchTerm + "\">Your HTTP Link!</a>";
log.debug("After Sanitising - " + searchTerm);
boolean xssDetected = FindXSS.search(userPost);
if(xssDetected)
{
Encoder encoder = ESAPI.encoder();
htmlOutput = "<h2 class='title'>" + bundle.getString("result.wellDone") + "</h2>" +
"<p>" + bundle.getString("result.youDidIt") + "<br />" +
bundle.getString("result.resultKey") + " <a>" +
encoder.encodeForHTML(
Hash.generateUserSolution(
Getter.getModuleResultFromHash(getServletContext().getRealPath(""), levelHash),
(String)ses.getAttribute("userName")
)
) + "</a>";
}
log.debug("Adding searchTerm to Html: " + searchTerm);
htmlOutput += "<h2 class='title'>" + bundle.getString("response.yourPost") + "</h2>" +
"<p>" + bundle.getString("response.linkPosted") + "</p> " +
userPost +
"</p>";
out.write(htmlOutput);