team-alpha/railsgoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
489 Commits 1 Branch 0 Tags
c157496b1e45376eb5ede5863a1b7fea2a808693
Commit Graph

117 Commits

Author SHA1 Message Date
John Poulin 4bff205e81 added in johns constantize change as well as some other stuff like CSS fun 2014-04-17 20:10:53 -04:00
John Poulin 5bb9c75f06 Added fix for Analytics SQLi 2014-04-17 20:05:07 -04:00
John Poulin 3f63480022 Added Analytics function to track user hits by ip address, referrer and user agent 2014-04-17 20:03:50 -04:00
John Poulin 5056f77395 Added codefix example for CSS context XSS. 2014-04-17 20:03:17 -04:00
John Poulin e760fc0087 merging 2014-04-17 20:03:14 -04:00
Mike McCabe 9fd91a8224 initial commit of mobile controller 2014-04-17 20:00:30 -04:00
cktricky 87f9c825ba a function to decrypt has been added to the mix 2014-03-16 15:26:33 -04:00
cktricky 3a5818c493 the basics of a working remember-me-logic-flaw completed :-) 2014-03-15 22:30:31 -04:00
cktricky 1f922916d2 have the ability now to update a row of direct deposit information as well as leverage the encryption routine to introduce a serious flaw 2014-03-15 21:58:42 -04:00
cktricky 16eaefefdf view portion of adding a column almost complete, then backend logic 2014-03-15 15:29:45 -04:00
cktricky 7a4efaa950 added the basic components to begin working on the pay index view 2014-03-15 10:28:52 -04:00
cktricky 2c8781ebc1 added a pay controller and model 2014-03-14 20:29:14 -04:00
cktricky 62920b535c Merge branch 'master' of github.com:OWASP/railsgoat into pr-96 2014-03-14 14:00:56 -04:00
cktricky d0e825fc17 making sure this is up to date 2014-03-14 14:00:51 -04:00
cktricky 8daeee09f2 working on cleaning up and testing if I can push changes to a PR 2014-03-14 09:07:52 -04:00
cktricky 4b0560a250 whew, now THAT is a huge tutorial explanation for a relatively simple issue! 2014-03-12 18:59:38 -04:00
cktricky 48ddc99955 some basic api functionality with a few gotchas 2014-03-12 17:45:08 -04:00
cktricky 95eb5a56fd added vulnerable auth check for the API 2014-03-12 15:40:12 -04:00
cktricky f4f5d5744c working on the auth structure for the API 2014-03-12 13:24:37 -04:00
cktricky 932d2304f9 okay first run at making an API for railsgoat 2014-03-12 12:38:41 -04:00
relotnek b101c286ce application controller edits 2014-03-11 20:54:38 -04:00
relotnek 6a4bc922bd added user lookup in application controller by auth_token 2014-03-11 20:40:10 -04:00
relotnek a5c4dc37a2 added logic in sessions controller for rememberme checkbox 2014-03-11 20:38:26 -04:00
relotnek 015b36d379 added cookie delete to session destroy method 2014-03-11 20:32:12 -04:00
relotnek a707e75662 added cookies.permanent in replacement of session 2014-03-11 20:31:32 -04:00
Mike McCabe abe22b19e9 adding password rest method and changing some logic around 2013-12-11 22:25:02 -05:00
James Espinosa be0d8f7594 Remove unnecessary comment 2013-12-04 00:59:00 -06:00
James Espinosa da1845e8f9 Implement working mailer and controller 2013-12-04 00:57:32 -06:00
James Espinosa 1a3d6d690c Update SMTP settings for Mailcatcher 2013-12-03 21:16:44 -06:00
James Espinosa 26e04deb9f Implement basic password reset mailer 2013-11-25 19:36:33 -06:00
Mike McCabe ce239e84be oops, maybe I should actually run the tests before committing 2013-11-23 17:59:41 -05:00
Mike McCabe c7515af6ab adding basic forgot password controller and views 2013-11-23 16:04:48 -05:00
cktricky 53dcc75f74 I think there was a subtle bug in the intentional security bypass within the admin controller 2013-11-14 15:05:00 -05:00
cktricky f53ab56e92 fixes a bug introduced during the transition from info_disclosure to A6 2013-11-14 11:06:27 -05:00
cktricky b84c8d4cc7 finished write-up for broken auth 2013-11-14 10:47:27 -05:00
Mike McCabe 235b6418d0 A7 adding before filter to see if admin or admin_id is 1 2013-11-13 19:35:12 -05:00
cktricky 4be667b606 working 2013-11-13 19:02:37 -05:00
Mike McCabe af8776a3ea halfway done A7 2013-11-13 18:23:38 -05:00
Mike McCabe 91e6797b40 adding broken functionality for A7 2013-11-13 18:23:38 -05:00
Mike McCabe f0ca17df79 updating the information for A9 fixes #27 2013-11-13 11:47:29 -05:00
cktricky a65a20a647 Merge branch 'master' of github.com:OWASP/railsgoat into top-10-2013 2013-10-14 08:29:39 -04:00
Mike McCabe 8c17a3df0e adding messaging function, needs tests... 2013-10-13 21:49:17 -04:00
Mike McCabe 8686f6b9d3 adding messages mvc to allow users to send messages. 2013-10-11 16:03:37 -04:00
cktricky e2c4fb4bd8 change to the user model based on a merge with master. Master is the correct code 2013-10-11 12:04:19 -04:00
Mike McCabe bbed455178 verifying user exists before trying to update 2013-10-09 11:08:39 -04:00
Mike McCabe 73f3272aa1 adding flash message with validation errors, and redirect to sign_up 2013-10-07 15:23:37 -04:00
cktricky da061c79b6 intended to remove some of the weirdness when updating a users account. A blank password basically ends up causing the previously existing password to be hashed twice. Probably move to has_secure_password at some point although that may end up screwing up the intent of the particular tutorial item 2013-09-30 13:03:03 -04:00
cktricky ef8a9c1a46 merged with master 2013-09-27 21:55:50 -04:00
chrismo e0bca0139e Added command injection Capybara spec. 2013-09-27 14:59:30 -05:00
cktricky 825a972e4c oops 2013-09-27 11:18:04 -04:00