00x0 准备项目地址https://github.com/yeshaoting/jvwa.gitmvn下载地址https://maven.apache.org/download.cgi开启环境mvn clean package -Dprofiledev java -jar jvwa-0.0.1-SNAPSHOT.war --spring.profiles.activedev开数据库经过九九八十一难总算改的可以运行了。sql配置-- MySQL dump 10.13 Distrib 5.7.17, for macos10.12 (x86_64) -- -- Host: 10.4.241.144 Database: jvwa -- ------------------------------------------------------ -- Server version 5.6.25-73.1-log /*!40101 SET OLD_CHARACTER_SET_CLIENTCHARACTER_SET_CLIENT */; /*!40101 SET OLD_CHARACTER_SET_RESULTSCHARACTER_SET_RESULTS */; /*!40101 SET OLD_COLLATION_CONNECTIONCOLLATION_CONNECTION */; /*!40101 SET NAMES utf8 */; /*!40103 SET OLD_TIME_ZONETIME_ZONE */; /*!40103 SET TIME_ZONE00:00 */; /*!40014 SET OLD_UNIQUE_CHECKSUNIQUE_CHECKS, UNIQUE_CHECKS0 */; /*!40014 SET OLD_FOREIGN_KEY_CHECKSFOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS0 */; /*!40101 SET OLD_SQL_MODESQL_MODE, SQL_MODENO_AUTO_VALUE_ON_ZERO */; /*!40111 SET OLD_SQL_NOTESSQL_NOTES, SQL_NOTES0 */; -- 修正点1添加 IF NOT EXISTS避免库已存在的1007错误 CREATE SCHEMA IF NOT EXISTS jvwa DEFAULT CHARACTER SET utf8mb4 ; -- 修正点2添加分号解决1064语法错误 USE jvwa; -- -- Table structure for table jvwa_user -- DROP TABLE IF EXISTS jvwa_user; /*!40101 SET saved_cs_client character_set_client */; /*!40101 SET character_set_client utf8 */; CREATE TABLE jvwa_user ( id int(11) NOT NULL AUTO_INCREMENT, username varchar(45) DEFAULT NULL, stage tinyint(4) NOT NULL DEFAULT 0, create_time int(11) NOT NULL DEFAULT 0, update_time int(11) NOT NULL DEFAULT 0, PRIMARY KEY (id), UNIQUE KEY username_UNIQUE (username) ) ENGINEInnoDB AUTO_INCREMENT1 DEFAULT CHARSETutf8; /*!40101 SET character_set_client saved_cs_client */; -- -- Table structure for table jvwa_user2 -- DROP TABLE IF EXISTS jvwa_user2; /*!40101 SET saved_cs_client character_set_client */; /*!40101 SET character_set_client utf8 */; CREATE TABLE jvwa_user2 ( id int(11) unsigned NOT NULL AUTO_INCREMENT, username varchar(45) NOT NULL COMMENT 用户名, password varchar(45) NOT NULL COMMENT 密码, PRIMARY KEY (id), UNIQUE KEY username_UNIQUE (username) ) ENGINEInnoDB AUTO_INCREMENT1 DEFAULT CHARSETutf8; /*!40101 SET character_set_client saved_cs_client */; -- -- Dumping data for table jvwa_user2 -- LOCK TABLES jvwa_user2 WRITE; /*!40000 ALTER TABLE jvwa_user2 DISABLE KEYS */; INSERT IGNORE INTO jvwa_user2 (id, username, password) VALUES (1,laogong-wangsicong163.com,all_of_them_are_poor_to_me); /*!40000 ALTER TABLE jvwa_user2 ENABLE KEYS */; UNLOCK TABLES; /*!40103 SET TIME_ZONEOLD_TIME_ZONE */; /*!40101 SET SQL_MODEOLD_SQL_MODE */; /*!40014 SET FOREIGN_KEY_CHECKSOLD_FOREIGN_KEY_CHECKS */; /*!40014 SET UNIQUE_CHECKSOLD_UNIQUE_CHECKS */; /*!40101 SET CHARACTER_SET_CLIENTOLD_CHARACTER_SET_CLIENT */; /*!40101 SET CHARACTER_SET_RESULTSOLD_CHARACTER_SET_RESULTS */; /*!40101 SET COLLATION_CONNECTIONOLD_COLLATION_CONNECTION */; /*!40111 SET SQL_NOTESOLD_SQL_NOTES */; -- Dump completed on 2018-03-28 16:59:43依赖配置适配mysql5.7.26project xmlnshttp://maven.apache.org/POM/4.0.0 xmlns:xsihttp://www.w3.org/2001/XMLSchema-instance xsi:schemaLocationhttp://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd modelVersion4.0.0/modelVersion namejvwa/name descriptionJava Vulnerable Web Application/description groupIdcn.yeshaoting/groupId artifactIdjvwa/artifactId version0.0.1-SNAPSHOT/version packagingwar/packaging parent groupIdorg.springframework.boot/groupId artifactIdspring-boot-starter-parent/artifactId version2.3.1.RELEASE/version relativePath/ /parent properties java-version1.8/java-version project.build.sourceEncodingUTF-8/project.build.sourceEncoding project.reporting.outputEncodingUTF-8/project.reporting.outputEncoding encodingUTF-8/encoding maven.compiler.source1.8/maven.compiler.source maven.compiler.target1.8/maven.compiler.target /properties dependencies !--web-- dependency groupIdorg.springframework.boot/groupId artifactIdspring-boot-starter-web/artifactId /dependency dependency groupIdorg.springframework.boot/groupId artifactIdspring-boot-starter-tomcat/artifactId scopeprovided/scope /dependency !--用于编译jsp-- dependency groupIdorg.apache.tomcat.embed/groupId artifactIdtomcat-embed-jasper/artifactId /dependency !--jsp页面使用jstl标签-- dependency groupIdjavax.servlet/groupId artifactIdjstl/artifactId /dependency dependency groupIdorg.springframework.retry/groupId artifactIdspring-retry/artifactId /dependency dependency groupIdorg.springframework.boot/groupId artifactIdspring-boot-starter-aop/artifactId /dependency !--JDBC-- dependency groupIdorg.springframework.boot/groupId artifactIdspring-boot-starter-jdbc/artifactId /dependency dependency groupIdorg.springframework.boot/groupId artifactIdspring-boot-devtools/artifactId optionaltrue/optional /dependency !--mysql-- dependency groupIdmysql/groupId artifactIdmysql-connector-java/artifactId !-- 唯一改动指定为 MySQL 5.7 兼容版本解决驱动版本冲突 -- version5.1.49/version /dependency !--mybatis-- dependency groupIdorg.mybatis.spring.boot/groupId artifactIdmybatis-spring-boot-starter/artifactId version2.1.3/version /dependency !-- alibaba的druid数据库连接池 -- dependency groupIdcom.alibaba/groupId artifactIddruid-spring-boot-starter/artifactId version1.1.22/version /dependency !--lombok-- dependency groupIdorg.projectlombok/groupId artifactIdlombok/artifactId /dependency !-- apache commons -- dependency groupIdcommons-beanutils/groupId artifactIdcommons-beanutils/artifactId version1.9.4/version /dependency dependency groupIdcommons-io/groupId artifactIdcommons-io/artifactId version2.7/version /dependency dependency groupIdorg.apache.commons/groupId artifactIdcommons-lang3/artifactId version3.10/version /dependency dependency groupIdcommons-collections/groupId artifactIdcommons-collections/artifactId version3.2.2/version /dependency dependency groupIdcommons-codec/groupId artifactIdcommons-codec/artifactId version1.14/version /dependency dependency groupIdcommons-fileupload/groupId artifactIdcommons-fileupload/artifactId version1.4/version /dependency !-- guava -- dependency groupIdcom.google.guava/groupId artifactIdguava/artifactId version29.0-jre/version /dependency dependency groupIdjoda-time/groupId artifactIdjoda-time/artifactId version2.10.6/version /dependency !-- fastjson -- dependency groupIdcom.alibaba/groupId artifactIdfastjson/artifactId version1.2.71/version /dependency !--test-- dependency groupIdorg.springframework.boot/groupId artifactIdspring-boot-starter-test/artifactId scopetest/scope /dependency /dependencies build finalName${project.artifactId}-${project.version}/finalName plugins plugin groupIdorg.springframework.boot/groupId artifactIdspring-boot-maven-plugin/artifactId /plugin /plugins resources resource directorysrc/main/resources/directory excludes !--先排除application开头的配置文件-- excludeapplication*.properties/exclude /excludes /resource resource directorysrc/main/resources/directory !--filtering 需要设置为 true这样在include的时候才会把配置文件中的env 这个maven变量替换成当前环境的对应值-- filteringtrue/filtering includes !--引入所需环境的配置文件-- includeapplication.properties/include includeapplication-${env}.properties/include /includes /resource /resources /build profiles profile iddev/id activation activeByDefaulttrue/activeByDefault /activation properties envdev/env /properties /profile profile idtest/id properties envtest/env /properties /profile profile idprod/id properties envprod/env /properties /profile /profiles /projectapplication-dev.ymlspring: datasource: url: jdbc:mysql://localhost:3306/jvwa?autoReconnecttruezeroDateTimeBehaviorrounduseUnicodetruecharacterEncodingUTF-8useSSLfalse driver-class-name: com.mysql.jdbc.Driver username: root password: 123456 type: com.alibaba.druid.pool.DruidDataSource druid: max-active: 50 min-idle: 8 allow: 127.0.0.1 deny: 192.168.0.114 # 改回驼峰命名和代码里的占位符 spring.datasource.druid.loginUsername 完全匹配 loginUsername: yeshaoting loginPassword: admin#1a#9z resetEnable: false再打包00x1关卡1任务目标找出正确的用户名与密码并通过验证。Tips这个页面用户与密码不需要去服务器交互验证。意思就是是纯粹的前端。纯粹的前端他肯定会监控按钮监控ID之类的自动弹出报错死马当活马医先试试。全局搜索stage1Submit工具也显示了// $scope.stage1Submit function() { //赋值 var stage1Username stage1_user; var state1Password tHis1Is3aSim3p#ab$; // if (stage1Username $scope.stage1Username state1Password $scope.state1Password) { $http({ method : POST, url : Constants.server_url /security/stage1/pass }).then(function successCallback(response) { if (response.data.status ! 200) { console.log(response.data.statusText); Notify.error(response.data.statusText); return; } alert(SUCCESS_MESSAGE); $state.go(stage2, {}, {reload: true}); }, function errorCallback(response) { Notify.error(response.data.statusText); }); } else { Notify.error(用户名或密码错误请重试); } }