[OWASP-WEBGOAT]WebGoat - in Windows or Linux?
Mads Rasmussen
mads at opencs.com.br
Wed Nov 27 14:18:30 EST 2002
It seems that WebGoat only works with Tomcat 4.1.12 (maybe newer
versions as well).
I had problems with 4.0.6 but all went smoothly when I moved to 4.1.12
I encountered some oddities though
Here is a resume:
1) the 'Unchecked mail' page seems designed to run on a linux/unix
platform (you spawn sendmail). I haven't looked at the code but it calls
up cmd that is a windows shell. So that didn't work for me in windows.
And in windows you don't have the sendmail program :)
In linux:
ExecResults for 'cmd.exe /c sendmail mads at opencs.com.br'
Returncode: 0
Exception: java.io.IOException: cmd.exe: not found
In windows:
ExecResults for 'cmd.exe /c sendmail mads at opencs.com.br'
Returncode: 1
Bad return code (expected 0)
2) The parameter injection page that throws a dir listing does not work
in linux because it try to spawn the 'cmd' shell once again.
Maybe (most likely) I have misunderstood something
Do you have an idea of what I am doing wrong?
What would be the recommended machine architecture for running this?
Regards,
Mads Rasmussen
Open Communications Security
+55(11)3345-2525
More information about the Owasp-webgoat
mailing list