github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-11-18 10:20:35 +03:00
Code Issues Packages Projects Releases Wiki Activity

modsecurity loader

Browse Source
This commit is contained in:
Mihai Pitu
2013-08-09 15:48:00 +03:00
committed by Felipe Zimmerle
parent b1755c5b84
commit a662d8fe4c
10 changed files with 299 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

102
java/ModSecurityTestApp/web/index.jsp
View File

@@ -3,12 +3,102 @@
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>JSP Page</title>
<title>ModSecurity WAF for Java: Demo page</title>
</head>
<body>
<form method="post" action="Post.jsp">
Post Action: <input type="text" name="data" />
<input type="submit" />
</form>
<body style="background: #333333;">
<div align="center" style="width:930px; margin:0 auto; box-shadow: 5px 5px 6px #000; background: #FFFFFF;">
<div width="930">
<h1>
<img border="0" height="101" alt="ModSecurity: Open Source Web Application Firewall" src="http://www.modsecurity.org/g/header-top.jpg" />
</h1>
</div>
<div width="930">
<table width="90%" cellspacing="0" cellpadding="0" border="0">
<tr>
<td>
<h2 style="font-family: Arial;">ModSecurity Core Rule Set (CRS) - Installed demo</h2>
</td>
</tr>
<tr>
<td>
<p>
Please feel free to inject malicious input to stress test the ModSecurity Core Rule Set (CRS). The form accepts both GET and POST request methods. You can either do this via the form below or manually.
</p>
<p>
Check your servlet context logging for ModSecurity output. The request may also be blocked if, for example, <i>SecRuleEngine</i> is <i>On</i>.
</p>
<p>
You can also access the <a href="help.html">ModSecurity for Java - Help page</a>.
</p>
</td>
</tr>
<tr>
<td>
<form id="demoForm" method="post" action="index.jsp">
<b>Payload:</b>
<fieldset>
<textarea name="test" rows="6" cols="90" style="max-width:800px;"></textarea> <!--Foo' or '2' < '1' ;--example payload-->
</fieldset>
<fieldset><input id="submit" type="submit" value="Send"></input>
method=
<a id="demoMethodToggle" href="javascript:toggleMethod()"> GET </a>
enctype=
<a id="demoEncToggle" href="javascript:toggleEncType()"> application/x-www-form-urlencoded </a></fieldset>
</form>
<script type="text/javascript">
function toggleEncType() {
var f = document.getElementById('demoForm');
var le = document.getElementById('demoEncToggle');
var lm = document.getElementById('demoMethodToggle');
if (f.getAttribute('enctype') === 'application/x-www-form-urlencoded') {
f.setAttribute('enctype', 'multipart/form-data');
f.setAttribute('method', 'POST');
le.innerHTML = 'multipart/form-data';
lm.innerHTML = 'POST';
}
else {
f.setAttribute('enctype', 'application/x-www-form-urlencoded');
le.innerHTML = 'application/x-www-form-urlencoded';
}
}
function toggleMethod() {
var f = document.getElementById('demoForm');
var le = document.getElementById('demoEncToggle');
var lm = document.getElementById('demoMethodToggle');
if (f.getAttribute('method') === 'POST') {
f.setAttribute('enctype', 'application/x-www-form-urlencoded');
f.setAttribute('method', 'GET');
le.innerHTML = 'application/x-www-form-urlencoded';
lm.innerHTML = 'GET';
}
else {
f.setAttribute('method', 'POST');
lm.innerHTML = 'POST';
}
}
</script>
<br />
<br />
<br />
<br />
</td>
</tr>
<tr>
<td>
<% if (request.getParameter("test") != null) {%>
<h3>Last submitted payload:</h3>
<p><%= request.getParameter("test")%></p>
<br />
<% }%>
</td>
</tr>
</table>
</div>
</div>
</body>
</html>