Paul
/
Security-Quiz
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Added type='url' to inputs

Browse Source
Paul Wagener 10 years ago
parent d92776e86d
commit f846944b88
2 changed files with 9 additions and 9 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 6
      templates/sql.html
  2. 12
      templates/xss.html

6
templates/sql.html
Unescape View File

@ -163,7 +163,7 @@
<div class="question">
<span class="question-string">Met welke URL heb je het wachtwoord van Marco achterhaald?</span>
<div class="points"><span class="question-points">10</span> punten</div>
<input class="question-input" name="answer_sql_url_marco_password" value="{{answers.answer_sql_url_marco_password}}"></input>
<input class="question-input" type="url" name="answer_sql_url_marco_password" value="{{answers.answer_sql_url_marco_password}}"></input>
</div>
<div class="question">
@ -179,7 +179,7 @@
<div class="question">
<span class="question-string">Met welke URL kan je nu het wachtwoord van Marco achterhalen?</span>
<div class="points"><span class="question-points">5</span> punten</div>
<input class="question-input" name="answer_sql_url_marco_replace_password" value="{{answers.answer_sql_url_marco_replace_password}}"></input>
<input class="question-input" type="url" name="answer_sql_url_marco_replace_password" value="{{answers.answer_sql_url_marco_replace_password}}"></input>
</div>
<h2>Wereldwijs</h2>
@ -197,7 +197,7 @@
<div class="question">
<span class="question-string">Met welke URL heb je de website de geheime pagina laten tonen?</span>
<div class="points"><span class="question-points">10</span> punten</div>
<textarea class="question-input" name="answer_sql_wereldwijs_url">{{answers.answer_sql_wereldwijs_url}}</textarea>
<textarea class="question-input" type="url" name="answer_sql_wereldwijs_url">{{answers.answer_sql_wereldwijs_url}}</textarea>
</div>
{% endblock %}

12
templates/xss.html
Unescape View File

@ -91,13 +91,13 @@ figcaption {
<div class="question">
<span class="question-string">Maak een URL die Javascript aan de pagina toevoegd zodat deze 'XSS' in een alert-dialoog weergeeft.</span>
<div class="points"><span class="question-points">5</span> punten</div>
<input class="question-input" name="answer_xss_add_alert" value="{{answers.answer_xss_add_alert}}">
<input class="question-input" type="url" name="answer_xss_add_alert" value="{{answers.answer_xss_add_alert}}">
</div>
<div class="question">
<span class="question-string">Maak een URL die een nep inlogformulier laat zien. Bij het verzenden van dit formulier wordt de informatie naar jouw eigen website verstuurd! Je hoeft informatie nog niet op te vangen. Dat doe je straks wel!</span>
<div class="points"><span class="question-points">10</span> punten</div>
<input class="question-input" name="answer_xss_fake_form" value="{{answers.answer_xss_fake_form}}">
<input class="question-input" type="url" name="answer_xss_fake_form" value="{{answers.answer_xss_fake_form}}">
</div>
<div class="question">
@ -113,7 +113,7 @@ figcaption {
<div class="question">
<span class="question-string">Maak weer een URL die een nep inlogformulier laat zien, en zorg ervoor dat in de adresbalk de URL van de echte inlogpagina komt te staan.</span>
<div class="points"><span class="question-points">10</span> punten</div>
<input class="question-input" name="answer_xss_fake_form_fake_url" value="{{answers.answer_xss_fake_form_fake_url}}">
<input class="question-input" type="url" name="answer_xss_fake_form_fake_url" value="{{answers.answer_xss_fake_form_fake_url}}">
</div>
<h2>Webshop</h2>
@ -136,7 +136,7 @@ figcaption {
<div class="question">
<span class="question-string">Met welke URL kan je de sessie cookies van gebruikers ontfutselen? (Dus doorsturen naar je eigen site)</span>
<div class="points"><span class="question-points">10</span> punten</div>
<input class="question-input" name="answer_xss_url_redirect" value="{{answers.answer_xss_url_redirect}}">
<input class="question-input" type="url" name="answer_xss_url_redirect" value="{{answers.answer_xss_url_redirect}}">
</div>
<p class="hint"><strong>Hint:</strong> Op <a href="http://jdstiles.com/java/cct.html" target="_blank">deze site</a> kan je Javascript zonder quotejes genereren</a></p>
@ -144,7 +144,7 @@ figcaption {
<div class="question">
<span class="question-string">Verander de url naar image_zoom_escapehtml.php. Alle speciale HTML tekens (&lt;&gt;"&amp;) zijn nu geëscapet. Maar het is nog steeds mogelijk om een aanval uit te voeren! Maak een nieuwe URL die de sessie cookie naar je eigen website verstuurd. Let goed op de quotejes.</span>
<div class="points"><span class="question-points">10</span> punten</div>
<input class="question-input" name="answer_xss_url_redirect_escape" value="{{answers.answer_xss_url_redirect_escape}}">
<input class="question-input" type="url" name="answer_xss_url_redirect_escape" value="{{answers.answer_xss_url_redirect_escape}}">
</div>
<div class="question">
@ -201,7 +201,7 @@ figcaption {
<div class="question">
<span class="question-string">Met welke URL kan je 'XSS' in een alert printen?</span>
<div class="points"><span class="question-points">10</span> punten</div>
<textarea class="question-input" name="answer_xss_jquery">{{answers.answer_xss_jquery}}</textarea>
<input class="question-input" type="url" name="answer_xss_jquery" value="{{answers.answer_xss_jquery}}">
</div>

Write Preview
Loading…
Cancel
Save