First commit

Author: breakthesec

build.xml

@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- You may freely edit this file. See commented blocks below for -->
+<!-- some examples of how to customize the build. -->
+<!-- (If you delete it and reopen the project it will be recreated.) -->
+<!-- By default, only the Clean and Build commands use this build script. -->
+<!-- Commands such as Run, Debug, and Test only use this build script if -->
+<!-- the Compile on Save feature is turned off for the project. -->
+<!-- You can turn off the Compile on Save (or Deploy on Save) setting -->
+<!-- in the project's Project Properties dialog box.-->
+<project name="JavaVulnerableLab" default="default" basedir=".">
+    <description>Builds, tests, and runs the project JavaVulnerableLab.</description>
+    <import file="nbproject/build-impl.xml"/>
+    <!--
+
+    There exist several targets which are by default empty and which can be 
+    used for execution of your tasks. These targets are usually executed 
+    before and after some main targets. They are: 
+
+      -pre-init:                 called before initialization of project properties 
+      -post-init:                called after initialization of project properties 
+      -pre-compile:              called before javac compilation 
+      -post-compile:             called after javac compilation 
+      -pre-compile-single:       called before javac compilation of single file
+      -post-compile-single:      called after javac compilation of single file
+      -pre-compile-test:         called before javac compilation of JUnit tests
+      -post-compile-test:        called after javac compilation of JUnit tests
+      -pre-compile-test-single:  called before javac compilation of single JUnit test
+      -post-compile-test-single: called after javac compilation of single JUunit test
+      -pre-dist:                 called before archive building 
+      -post-dist:                called after archive building 
+      -post-clean:               called after cleaning build products 
+      -pre-run-deploy:           called before deploying
+      -post-run-deploy:          called after deploying
+
+    Example of pluging an obfuscator after the compilation could look like 
+
+        <target name="-post-compile">
+            <obfuscate>
+                <fileset dir="${build.classes.dir}"/>
+            </obfuscate>
+        </target>
+
+    For list of available properties check the imported 
+    nbproject/build-impl.xml file. 
+
+
+    Other way how to customize the build is by overriding existing main targets.
+    The target of interest are: 
+
+      init-macrodef-javac:    defines macro for javac compilation
+      init-macrodef-junit:   defines macro for junit execution
+      init-macrodef-debug:    defines macro for class debugging
+      do-dist:                archive building
+      run:                    execution of project 
+      javadoc-build:          javadoc generation 
+
+    Example of overriding the target for project execution could look like 
+
+        <target name="run" depends="<PROJNAME>-impl.jar">
+            <exec dir="bin" executable="launcher.exe">
+                <arg file="${dist.jar}"/>
+            </exec>
+        </target>
+
+    Notice that overridden target depends on jar target and not only on 
+    compile target as regular run target does. Again, for list of available 
+    properties which you can use check the target you are overriding in 
+    nbproject/build-impl.xml file. 
+
+    -->
+</project>

build/web/ForgotPassword.jsp

@@ -0,0 +1,55 @@
+
+ <%@page import="model.DBConnect"%>
+<%@page import="java.sql.Statement"%>
+<%@page import="java.sql.ResultSet"%>
+<%@page import="java.sql.Connection"%>
+<%@ include file="header.jsp" %>
+  <script src="jquery.min.js" type="text/javascript"></script>  
+     <script type="text/javascript">  
+              $(document).ready(function(){  
+                  $("#username").change(function(){  
+                      var username = $(this).val();  
+                      $.getJSON("UsernameCheck.do","username="+username,function(result)
+                      {
+                          if(result.available==1)
+                          {
+                          $("#status").html("<b style='color:green'>&#10004;</b>");
+                           }
+                           else
+                           {
+                               $("#status").html("<b style='color:red'>&#10006; username doesn't exist</b>");
+                           }
+                          
+                      });
+                  });  
+              });  
+            </script> 
+            
+Password Recovery: 
+<form action="ForgotPassword.jsp" method="post">
+<table> 
+<tr><td>Username: </td><td><input type="text" name="username" id="username"/></td><td><span id="status"></span></td></tr>
+<tr><td>What's Your Pet's name?: </td><td><input type="text" name="secret" /></td></tr>
+<tr><td><input type="submit" name="GetPassword" value="GetPassword"/></td></tr>
+</table>  
+</form><br/>
+ 
+<%
+if(request.getParameter("secret")!=null)
+             {
+                 Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties"));
+                  ResultSet rs=null;
+                  Statement stmt = con.createStatement();  
+                  rs=stmt.executeQuery("select * from users where username='"+request.getParameter("username").trim()+"' and secret='"+request.getParameter("secret")+"'");
+                  if(rs != null && rs.next()){
+                      out.print("Hello "+rs.getString("username")+", <b class='success'> Your Password is: "+rs.getString("password"));
+                  }
+                  else
+                  {
+                      out.print("<b class='fail'> Secret/Email is wrong</b>");
+                  }
+             }
+                  
+%>
+               
+  <%@ include file="footer.jsp" %>

build/web/META-INF/MANIFEST.MF

@@ -0,0 +1,2 @@
+Manifest-Version: 1.0
+

build/web/META-INF/context.xml

@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Context antiJARLocking="true" path="/JavaVulnerableLab" useHttpOnly="false"/>

build/web/Register.jsp

@@ -0,0 +1,52 @@
+<%-- 
+    Document   : Register
+    Created on : 2 Dec, 2014, 10:47:44 AM
+    Author     : breakthesec
+--%>
+ <%@ include file="header.jsp" %>
+ <script src="jquery.min.js" type="text/javascript"></script>  
+     <script type="text/javascript">  
+              $(document).ready(function(){  
+                  $("#username").change(function(){  
+                      var username = $(this).val();  
+                      $.getJSON("UsernameCheck.do","username="+username,function(result)
+                      {
+                          if(result.available==0)
+                          {
+                          $("#status").html("<b style='color:green'>&#10004; Available</b>");
+                           }
+                           else
+                           {
+                               $("#status").html("<b style='color:red'>&#10006; Username is already taken</b>");
+                           }
+                          
+                      });
+                  });  
+                   $("#email").change(function(){  
+                      var email = $(this).val();  
+                      $.getJSON("EmailCheck.do","email="+email,function(result)
+                      {
+                          if(result.available==0)
+                          {
+                          $("#emailStatus").html("<b style='color:green'>&#10004;</b>");
+                           }
+                           else
+                           {
+                               $("#emailStatus").html("<b style='color:red'>&#10006; Email is already in Use</b>");
+                           }
+                          
+                      });
+                  });  
+              });  
+            </script> 
+<form action="AddUser" method="post">
+<table> 
+<tr><td>UserName: </td><td><input type="text" name="username" id="username" /></td><td><span id="status"></span></td></tr>
+<tr><td>Email:</td><td><input type="text" name="email" id="email"/></td><td><span id="emailStatus"></span></td></tr>
+<tr><td>Describer Yourself:</td><td><input type="text" name="About" /></td></tr>
+<tr><td>What's Your Pet's name?:</td><td><input type="text" name="secret"  /></td></tr>
+<tr><td>Password :</td><td><input type="password" name="password"/></td></tr>
+<tr><td><input type="submit" name="Register" value="Register"/></td></tr>
+</table>  
+</form>
+<%@ include file="footer.jsp" %>

build/web/WEB-INF/AdminPanel.jsp

@@ -0,0 +1,7 @@
+ <%@ include file="/header.jsp" %>
+
+This is Admin Panel located in WEB-INF. You can't directly visit this page ;)<br/><br/>
+<ul>
+<li><b><a href='<%=path%>/admin/manageusers.jsp'>Manage Users </a></b></li>
+</ul>
+ <%@ include file="/footer.jsp" %>

build/web/WEB-INF/classes/controller/AddPage.class

@@ -0,0 +1,10 @@
+# To change this license header, choose License Headers in Project Properties.
+# To change this template file, choose Tools | Templates
+# and open the template in the editor.
+
+dbuser=root
+dbpass=root
+dbname=abc
+dburl=jdbc:mysql://localhost:3306/
+jdbcdriver=com.mysql.jdbc.Driver
+siteTitle=Java Vulnerable Lab

build/web/WEB-INF/classes/controller/EmailCheck.class

@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+To change this license header, choose License Headers in Project Properties.
+To change this template file, choose Tools | Templates
+and open the template in the editor.
+-->
+
+
+<users>
+    <user id="1">        
+        <name>NEO</name>
+        <username>neo</username>
+        <password>trinity</password>
+        <email>neo@matrix</email>
+         <about> I am the NEO</about>
+    </user>
+    <user id="2">        
+        <name>Trinity</name>
+        <username>trinity</username>
+        <password>neo</password>
+        <email>trinity@matrix</email>
+        <about>it is Trinity</about>
+    </user>
+    <user id="3">        
+        <name>Oracle</name>
+        <username>oracle</username>
+        <password>java</password>
+    </user>
+    <user id="4">        
+        <name>Anderson</name>
+        <username>anderson</username>
+        <password>java</password>
+        <email>anderson@1999</email>
+        <about>Computer Programmer</about>
+    </user>
+</users>

build/web/WEB-INF/classes/controller/ForwardMe.class

@@ -0,0 +1,91 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<web-app version="3.1" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd">
+    <servlet>
+        <servlet-name>install</servlet-name>
+        <servlet-class>controller.install</servlet-class>
+    </servlet>
+    <servlet>
+        <servlet-name>loginValidator</servlet-name>
+        <servlet-class>controller.LoginValidator</servlet-class>
+    </servlet>
+    <servlet>
+        <servlet-name>Register</servlet-name>
+        <servlet-class>controller.Register</servlet-class>
+    </servlet>
+    <servlet>
+        <servlet-name>Logout</servlet-name>
+        <servlet-class>controller.Logout</servlet-class>
+    </servlet>
+    <servlet>
+        <servlet-name>open</servlet-name>
+        <servlet-class>controller.open</servlet-class>
+    </servlet>
+    <servlet>
+        <servlet-name>SendMessage</servlet-name>
+        <servlet-class>controller.SendMessage</servlet-class>
+    </servlet>
+    <servlet>
+        <servlet-name>ForwardMe</servlet-name>
+        <servlet-class>controller.ForwardMe</servlet-class>
+    </servlet>
+    <servlet>
+        <servlet-name>AddPage</servlet-name>
+        <servlet-class>controller.AddPage</servlet-class>
+    </servlet>
+    <servlet>
+        <servlet-name>UsernameCheck</servlet-name>
+        <servlet-class>controller.UsernameCheck</servlet-class>
+    </servlet>
+    <servlet>
+        <servlet-name>EmailCheck</servlet-name>
+        <servlet-class>controller.EmailCheck</servlet-class>
+    </servlet>
+    <servlet>
+        <servlet-name>XPathQuery</servlet-name>
+        <servlet-class>controller.XPathQuery</servlet-class>
+    </servlet>
+    <servlet-mapping>
+        <servlet-name>install</servlet-name>
+        <url-pattern>/install</url-pattern>
+    </servlet-mapping>
+    <servlet-mapping>
+        <servlet-name>loginValidator</servlet-name>
+        <url-pattern>/LoginValidator</url-pattern>
+    </servlet-mapping>
+    <servlet-mapping>
+        <servlet-name>Register</servlet-name>
+        <url-pattern>/AddUser</url-pattern>
+    </servlet-mapping>
+    <servlet-mapping>
+        <servlet-name>Logout</servlet-name>
+        <url-pattern>/Logout</url-pattern>
+    </servlet-mapping>
+    <servlet-mapping>
+        <servlet-name>open</servlet-name>
+        <url-pattern>/open</url-pattern>
+    </servlet-mapping>
+    <servlet-mapping>
+        <servlet-name>SendMessage</servlet-name>
+        <url-pattern>/SendMessage.do</url-pattern>
+    </servlet-mapping>
+    <servlet-mapping>
+        <servlet-name>ForwardMe</servlet-name>
+        <url-pattern>/ForwardMe</url-pattern>
+    </servlet-mapping>
+    <servlet-mapping>
+        <servlet-name>AddPage</servlet-name>
+        <url-pattern>/admin/AddPage.do</url-pattern>
+    </servlet-mapping>
+    <servlet-mapping>
+        <servlet-name>UsernameCheck</servlet-name>
+        <url-pattern>/UsernameCheck.do</url-pattern>
+    </servlet-mapping>
+    <servlet-mapping>
+        <servlet-name>EmailCheck</servlet-name>
+        <url-pattern>/EmailCheck.do</url-pattern>
+    </servlet-mapping>
+    <servlet-mapping>
+        <servlet-name>XPathQuery</servlet-name>
+        <url-pattern>/XPathQuery.do</url-pattern>
+    </servlet-mapping>
+</web-app>

build/web/WEB-INF/classes/controller/LoginValidator.class

@@ -0,0 +1,21 @@
+ <%@ include file="/header.jsp" %>
+ <%
+ if(session.getAttribute("privilege")!=null && session.getAttribute("privilege").equals("admin"))
+{
+ %> 
+ 
+ <form action="AddPage.do" method="POST">
+<table> 
+    <tr><td>File Name:</td> <td><input type="text" name="filename" value=""/></td></tr>
+    <tr><td>Content :</td><td><textarea name="content" cols="50" rows="10"></textarea></td></tr>
+    <tr><td></td><td><input type="submit" name="Create" value="Create"/></td></tr>
+</table>  
+</form>
+ <%
+  }
+ else
+ {
+     out.print("<b class='fail'> x You Are not Authorized to view this Page x </b>");
+ }
+ %>
+ <%@ include file="/footer.jsp" %>

build/web/WEB-INF/classes/controller/Logout.class

@@ -0,0 +1,33 @@
+ <%@page import="java.io.FileOutputStream"%>
+<%@ include file="/header.jsp" %>
+ <%
+ if(session.getAttribute("isLoggedIn")!=null)
+{
+
+ %> 
+  <form action="Configure.jsp" method="POST">
+<table> 
+    <tr><td>Website Title:</td> <td><input type="text" name="siteTitle" value=""/></td></tr>
+    <tr><td></td><td><input type="submit" name="save" value="save"/></td></tr>
+</table>  
+</form>
+ 
+ <%
+     if(request.getParameter("save")!=null)
+    {
+        Properties props=new Properties();
+       
+        props.load(new FileInputStream(configPath));
+        props.setProperty("siteTitle",request.getParameter("siteTitle"));
+        FileOutputStream fileout = new FileOutputStream(configPath);
+        props.store(fileout, null); 
+        fileout.close();
+        out.print("<b class='success'> Configuration saved </b>");
+    }
+  }
+ else
+ {
+     out.print("<b style='color:red'> x You Are not Authorized to view this Page x </b>");
+ }
+ %>
+ <%@ include file="/footer.jsp" %>