Fix some broken links of owasp's top 10 project. #374
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Can we do something more up to date than 2007?
…On Sun, 2 Aug 2020, 16:15 Zhengyang Song, ***@***.***> wrote:
Some of the current url links for OWASP's top 10 project are broken.
This pull request fixes them to be the current avaliable corresponding pdf
pages.
------------------------------
You can view, comment on, or merge this pull request online at:
#374
Commit Summary
- Fix some broken links of owasp's top 10 project.
File Changes
- *M* vulnerabilities/fi/file1.php
<https://github.com/ethicalhack3r/DVWA/pull/374/files#diff-f6e86db148b8a83bdba6e554191b9755>
(2)
- *M* vulnerabilities/fi/file2.php
<https://github.com/ethicalhack3r/DVWA/pull/374/files#diff-fb15fd42edae241c3b18b0b4e1bf0b95>
(2)
- *M* vulnerabilities/fi/file3.php
<https://github.com/ethicalhack3r/DVWA/pull/374/files#diff-3410bc497e90048d8054237b0b855da7>
(2)
- *M* vulnerabilities/fi/help/help.php
<https://github.com/ethicalhack3r/DVWA/pull/374/files#diff-f893116b0231e6d3155657a9b24a7a1a>
(2)
- *M* vulnerabilities/fi/include.php
<https://github.com/ethicalhack3r/DVWA/pull/374/files#diff-f8ca26c7a1343b8f95a6a6d9a57a2ab5>
(2)
- *M* vulnerabilities/weak_id/help/help.php
<https://github.com/ethicalhack3r/DVWA/pull/374/files#diff-72824a3538ba97c9e351e2a1818a37ec>
(2)
Patch Links:
- https://github.com/ethicalhack3r/DVWA/pull/374.patch
- https://github.com/ethicalhack3r/DVWA/pull/374.diff
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#374>, or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAA4SWLMJD2555MNZ6RZM3TR6V7K5ANCNFSM4PSS6UKA>
.
|
|
Do you mean a more up-to-date reference for the file inclusion vulnarability? I searched for "file inclusion site:owasp.org", the most proper pages seem to be:
If we also want the constraint of owasp's "top 10 project", the following one is somehow relevant but not exactly matched: |
|
For file inclusion, yes, go with the two you mention, they are the up-to-date OWASP guides. If you could also include a working link to the Top Ten that had file inclusion in, that would be good, just for historic reference. I'd drop the links into PDFs, stick to standard web pages if you can, they are more accessible. For the weak ID, can you find something similarly modern? |
|
For weak session id, I did a quick search and found this on owasp: Do you think it is suitable? |
|
Have they migrated that page to the new site yet?
Maybe include that page but also add this one as well as it is on the new
system and so will probably be maintained for longer
https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html
…On Mon, 3 Aug 2020 at 08:24, Zhengyang Song ***@***.***> wrote:
For weak session id, I did a quick search and found this on owasp:
- https://owasp.org/www-community/attacks/Session_Prediction
Do you think it is suitable?
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#374 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAA4SWIYI3465LHC7S7JUB3R6ZQ3VANCNFSM4PSS6UKA>
.
|
|
Oops I did not notice the site migration announcement. Maybe then we can use the following links for weak_id: |
|
They look good to me.
If you fancy looking through, and updating, any of the other help or
reference links while you are doing these, it would be really appreciated.
…On Mon, 3 Aug 2020 at 08:40, Zhengyang Song ***@***.***> wrote:
Oops I did not notice the site migration announcement.
Maybe then we can use the following links for weak_id:
-
https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/06-Session_Management_Testing/01-Testing_for_Session_Management_Schema
-
https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#374 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAA4SWOTR55Q63E5FE6SQATR6ZSWFANCNFSM4PSS6UKA>
.
|
|
Sure. Thanks for your quick response! I will update the pull request with the above links later. ^_^ |
|
No rush, thanks for the work.
…On Mon, 3 Aug 2020 at 08:48, Zhengyang Song ***@***.***> wrote:
Sure. Thanks for your quick response!
I will update the pull request with the above links later. ^_^
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#374 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAA4SWMB3EVEIVIF7YLH5ODR6ZTVLANCNFSM4PSS6UKA>
.
|
|
For multiple references in one Not sure whether this is the right routine to follow. |
|
Without downloading and testing it, it looks OK. Does it render correctly?
…On Mon, 3 Aug 2020 at 14:47, Zhengyang Song ***@***.***> wrote:
For multiple references in one help.php file, I searched in the current
code base and found this:
https://github.com/ethicalhack3r/DVWA/blob/30741c892d47030dbdda658e6bb4d240a287d3dd/vulnerabilities/csp/help/help.php#L49-L51
Not sure whether this is the right routine to follow.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#374 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAA4SWISWV4BHEJCS3YIVHLR625YNANCNFSM4PSS6UKA>
.
|
|
It now looks like: |
|
The current pull request is ready for review. With a quick search, I found some other broken owasp links where the challenges I have not practiced. |
|
Think you might have done something wrong as the link is showing not the
link text.
…On Mon, 3 Aug 2020 at 14:54, Zhengyang Song ***@***.***> wrote:
It now looks like:
[image: 2020-08-03]
<https://user-images.githubusercontent.com/8758315/89190277-d06f6b00-d5d3-11ea-8251-2ed3454f38c2.PNG>
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#374 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAA4SWO34RWNYNFZK7HGZXTR626S3ANCNFSM4PSS6UKA>
.
|
|
We rarely turn away pull requests!
…On Mon, 3 Aug 2020 at 15:03, Robin Wood ***@***.***> wrote:
Think you might have done something wrong as the link is showing not the
link text.
On Mon, 3 Aug 2020 at 14:54, Zhengyang Song ***@***.***>
wrote:
> It now looks like:
> [image: 2020-08-03]
> <https://user-images.githubusercontent.com/8758315/89190277-d06f6b00-d5d3-11ea-8251-2ed3454f38c2.PNG>
>
> —
> You are receiving this because you commented.
> Reply to this email directly, view it on GitHub
> <#374 (comment)>,
> or unsubscribe
> <https://github.com/notifications/unsubscribe-auth/AAA4SWO34RWNYNFZK7HGZXTR626S3ANCNFSM4PSS6UKA>
> .
>
|
|
ah, that screenshot is about the new code and the above reference is about some exisitng code. For the existing code, the corresponding screenshot is like: |
|
That is correct, we show the link text not the link. As long as yours matches that it will be good. |
0da9e07 to
bcd0d3f
Compare
8000
|
Update: link text is added for the changed links. |
|
Let me know when you are done making changes and I'll go through them all
at once when I've got five minutes.
…On Tue, 4 Aug 2020 at 15:27, Zhengyang Song ***@***.***> wrote:
Update: link text is added for the changed links.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#374 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAA4SWPYOVLFT5CI34DCRSLR7ALDXANCNFSM4PSS6UKA>
.
|
|
Sure. I think it is done and ready for review for this PR now. Thanks! |
|
OK, will look later.
If I've not replied by the end of the week, give me a reminder.
…On Tue, 4 Aug 2020 at 15:53, Zhengyang Song ***@***.***> wrote:
Sure. I think it is done and ready for review for this PR now. Thanks!
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#374 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAA4SWNNMNT6BQNDZRSXDCDR7AOHPANCNFSM4PSS6UKA>
.
|
digininja
reviewed
Aug 4, 2020
| @@ -58,6 +58,7 @@ | |||
|
|
|||
| <br /> | |||
|
|
|||
| <p>Reference: <?php echo dvwaExternalLinkUrlGet( 'https://www.owasp.org/index.php/Top_10_2007-A3' ); ?></p> | |||
| <p>Reference: <?php echo dvwaExternalLinkUrlGet( 'https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/11.1-Testing_for_Local_File_Inclusion', 'WSTG - Local File Inclusion' ); ?></p> | |||
digininja
reviewed
Aug 4, 2020
| <ul> | ||
| <li>" . dvwaExternalLinkUrlGet( 'https://en.wikipedia.org/wiki/Remote_File_Inclusion' ) . "</li> | ||
| <li>" . dvwaExternalLinkUrlGet( 'https://www.owasp.org/index.php/Top_10_2007-A3' ) . "</li> | ||
| <li>" . dvwaExternalLinkUrlGet( 'https://en.wikipedia.org/wiki/Remote_File_Inclusion', 'Wikipedia - File inclusion vulnerability' ) . "</li> |
There was a problem hiding this comment.
Can you add this link to the help.php as well. May as well give all references in all places.
digininja
reviewed
Aug 4, 2020
| @@ -11,10 +11,11 @@ | |||
| [<em><a href=\"?page=include.php\">back</a></em>] | |||
| </div> | |||
|
|
|||
| <h2>More info</h2> | |||
| <h2>More Information</h2> | |||
| @@ -9,10 +9,11 @@ | |||
| \"<em>I needed a password eight characters long so I picked Snow White and the Seven Dwarves.</em>\" ~ Nick Helm<br /><br /> | |||
| [<em><a href=\"?page=include.php\">back</a></em>] </div> | |||
|
|
|||
| <h2>More info</h2> | |||
| <h2>More Information</h2> | |||
| @@ -22,8 +22,9 @@ | |||
|
|
|||
| <h2>More Information</h2> | |||
| <ul> | |||
| <li>" . dvwaExternalLinkUrlGet( 'https://en.wikipedia.org/wiki/Remote_File_Inclusion' ) . "</li> | |||
| <li>" . dvwaExternalLinkUrlGet( 'https://www.owasp.org/index.php/Top_10_2007-A3' ) . "</li> | |||
| <li>" . dvwaExternalLinkUrlGet( 'https://en.wikipedia.org/wiki/Remote_File_Inclusion', 'Wikipedia - File inclusion vulnerability' ) . "</li> | |||
| @@ -35,5 +35,6 @@ | |||
|
|
|||
| </div> | |||
|
|
|||
| <p>Reference: <?php echo dvwaExternalLinkUrlGet( 'https://www.owasp.org/index.php/Top_10_2013-A2-Broken_Authentication_and_Session_Management' ); ?></p> | |||
| <p>Reference: <?php echo dvwaExternalLinkUrlGet( 'https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/06-Session_Management_Testing/01-Testing_for_Session_Management_Schema', 'WSTG - Session Management Schema' ); ?></p> | |||
|
All looks good. I think add the one extra FI help that is on the main page to the help page and that should be it. |
|
Ack. Done. |
noe-orga-NTT
pushed a commit
to noe-orga-NTT/DVWA
that referenced
this pull request
May 30, 2025
…op-10 Fix some broken links of owasp's top 10 project.
noe-orga-NTT
pushed a commit
to noe-orga-NTT/DVWA
that referenced
this pull request
May 30, 2025
…op-10 Fix some broken links of owasp's top 10 project.
noe-orga-NTT
pushed a commit
to noe-orga-NTT/DVWA
that referenced
this pull request
May 30, 2025
…op-10 Fix some broken links of owasp's top 10 project.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Some of the current url links for OWASP's top 10 project are broken.
This pull request fixes them to be the current avaliable corresponding pdf pages.