team-alpha/railsgoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
188 Commits 1 Branch 0 Tags
6f71d7eda700d9489dff866df435db5dbbe4e62b
Commit Graph

65 Commits

Author SHA1 Message Date
cktricky d909f55ab9 initial write-up for gauntlt 2013-08-08 21:25:52 -04:00
Ken Johnson ce6f32a1a2 working command injection in fileupload, closes issue #23 2013-07-09 16:36:03 -04:00
Ken Johnson ea2014b637 I have exhausted all thoughts on how to actually get jquery file upload to work, so screw it, I am just going to make something homegrown for tomorrow 2013-07-09 13:53:00 -04:00
Ken Johnson 7b900bda2d fixes issue #24 2013-06-10 16:25:14 -04:00
Ken Johnson 39d2e9d79f finished CSRF/AJAX, closes issue #21 2013-06-06 22:40:52 -04:00
Ken Johnson d445e59a98 this fixes issue #20, seriously, no clue how I missed the missing constantize code 2013-06-06 16:43:58 -04:00
Ken Johnson 089e9540ac finished admin filter and write-up for issue #6 2013-06-04 11:49:59 -04:00
Ken Johnson ef2b2e8e11 okay, finally got a working redirect vuln 2013-06-04 11:00:01 -04:00
Ken Johnson 6d5623a423 changed SQLi vuln location, did write-up, closes issue #1 2013-06-03 12:31:34 -04:00
Ken Johnson 6528b56de6 added a sql injection vulnerability 2013-06-03 02:19:36 -04:00
Ken Johnson 2ac771ca50 Issue #3 can be closed, write-up and vuln complete for A4 2013-06-03 01:54:07 -04:00
Ken Johnson 14251e6f39 added Insecure dor vuln 2013-06-03 01:29:16 -04:00
Ken Johnson 88ea613da6 okay, write-up finished 2013-06-02 23:32:37 -04:00
Ken Johnson 86695e9e07 removed excess commented code 2013-06-02 22:42:50 -04:00
Ken Johnson e97afb9bb4 added a very dangerous, very serious vulnerability (constantize 2013-06-02 22:42:29 -04:00
Ken Johnson caecb88e30 prepping for constantize 2013-06-02 20:35:01 -04:00
Ken Johnson 570eafa01b this closes issue #9 2013-06-02 20:19:31 -04:00
Ken Johnson 06dce1f8b2 I believe this has resolved the dependent destruction and we can close issue #18 2013-06-02 13:08:56 -04:00
Ken Johnson 4e445375fa created the info disclosure write-up. Close issue #16 2013-06-02 12:39:04 -04:00
Ken Johnson 1267661c6a seems the signup bug has been fixed, I would close this for now 2013-06-01 19:49:01 -04:00
Ken Johnson 0319cc4768 added a few things here. Firstly, I fixed the broken delete function with the admin page. Secondly, whenever you register for this application, we will automatically populate your user data to make the application functional. Seemed like the easiest way to do this 2013-06-01 00:19:07 -04:00
Ken Johnson 38fcc263bd update account is now an ajax call 2013-05-31 22:10:32 -04:00
Ken Johnson 417aca2078 keeping changes up to date 2013-05-31 19:55:49 -04:00
Ken Johnson 6199beb780 we are going to fix this by automatically generating data for ppl that register HOWEVER, just in case that fails for some reason, I have applied a filter that ensures if some data is not associated with a person they cannot navigate to all aspects of the application. This is a preventive measure 2013-05-31 19:02:00 -04:00
Ken Johnson c63275b3b3 dashboard figures actually indicate correct values now 2013-05-31 15:54:25 -04:00
Ken Johnson 4813ba9349 added visualization chart for performance history 2013-05-31 15:20:58 -04:00
Ken Johnson 379c442049 I have added the performance model, controller, route and seed data, now I am working on the actual visual aspects of the page 2013-05-31 14:45:31 -04:00
Ken Johnson f8e21af3e0 added a new vulnerability plus completed the work info page 2013-05-31 11:41:54 -04:00
Ken Johnson 08a8c60276 added route, controller, model, sidebar link, and basic index page for the work info section so that we can render user data 2013-05-31 10:48:20 -04:00
Ken Johnson a599ca9862 so now, when you add a PTO scheduled date, the calendar on your PTO page automatically updates to show this event :-) 2013-05-31 10:31:35 -04:00
Ken Johnson a6a38c773e added validation for all schedule fields (presence of) and working on a new way to dynamically update your calendar upon submission of a new calendar event 2013-05-31 00:31:13 -04:00
Ken Johnson 9d5cebbfa0 normalize 2013-05-30 16:05:03 -04:00
Ken Johnson ff36b0fab5 working way to update your scheduled PTO 2013-05-30 12:11:50 -04:00
Ken Johnson caf348f189 made some big changes here. The schedule had a has_one relationship with the PTO model. That is a problem since we only get one result back. meaning, a user cant have multiple scheduled events. This has been fixed with the use of has_many within the PTO model. Now, in relation to the PTO section, the next changes to happen are to be a fully functional create action that allows an event to be schedule, the form and controller has already been created. Umm, also, a calendar has been added and when we get the results back from a call to the create event action we will update that calendar. Think that is about it for now 2013-05-28 12:48:35 -04:00
Ken Johnson daddb138a5 okay, I am tired, I am just gonna continue this effort sat night or sun. Anyways, some of the main things this app should do are running so not a bad day. I would say we are only a couple days from beta release. 2013-05-25 03:01:53 -04:00
Ken Johnson af763d40bf added the PTO section 2013-05-24 20:54:07 -04:00
Ken Johnson 96e0095878 moving in the right direction 2013-05-24 19:51:09 -04:00
Ken Johnson 0d841124f5 assigned a user id, does not "appear" to have screwed anything up 2013-05-24 15:25:06 -04:00
Ken Johnson 31ce6ab1b5 test 2013-05-24 13:19:44 -04:00
Ken Johnson dbbb2ce651 finished the first instance of broken auth and sess mgmt 2013-05-23 20:06:24 -04:00
Ken Johnson f674a57440 awesome. now we show code snippets in a much better way. Peeps who add to the tutorials will need to enclose code w/ <pre class="ruby></pre> 2013-05-23 15:18:39 -04:00
Ken Johnson 671095e030 added a vuln for broken auth and session mgmt, issue #2 2013-05-21 00:58:11 -04:00
Ken Johnson b2e2a1b4b0 moved delete button away from submit button (duh), and changed delete a user to a POST request after realizing a spider might wreak havoc on that and delete all users 2013-05-21 00:42:56 -04:00
Ken Johnson bd95958f17 added delete button 2013-05-20 22:21:00 -04:00
Ken Johnson 4337cb9a46 made sure the table refreshes after an update 2013-05-20 17:35:24 -04:00
Ken Johnson 5fd72fcd6f update users info via ajax is working, yay. Next thing is we need to move the datatables into an ajax call and so that we can refresh the table upon any changes occuring 2013-05-20 16:31:59 -04:00
Ken Johnson f7dbc482bb added a table to manage users 2013-05-17 14:08:18 -04:00
Ken Johnson a279d06b4c created admin controller 2013-05-17 10:25:56 -04:00
Ken Johnson 5f80211580 added an administrative method intended to be used as a before filter within the application controller as well as an is_admin? method 2013-05-16 17:56:31 -04:00
Ken Johnson d01e508bc3 added email validation and tthen saved any params they were entering during signup in an @user object 2013-04-28 02:49:02 -04:00