Small update for password reset lesson
This commit is contained in:
		| @ -109,8 +109,8 @@ | ||||
|             <div class="container-fluid"> | ||||
|                 <div class="col-md-4"> | ||||
|                     <article class="card-body"> | ||||
|                         <a href="" class="float-right btn btn-outline-primary">Sign up</a> | ||||
|                         <a href="" class="float-right btn btn-outline-primary">Login</a> | ||||
|                         <a class="float-right btn btn-outline-primary">Sign up</a> | ||||
|                         <a class="float-right btn btn-outline-primary">Login</a> | ||||
|                         <h4 class="card-title mb-4 mt-1">WebGoat Password Recovery</h4> | ||||
|                         <form> | ||||
|                             <div class="form-group"> | ||||
|  | ||||
| @ -13,7 +13,8 @@ The time out is necessary to restrict the attack window, having a link opens up | ||||
| == Assignment | ||||
|  | ||||
| Try to reset the password of Tom (tom@webgoat-cloud.org) to your own choice and login as Tom with | ||||
| that password. Note: it is not possible to use OWASP ZAP for this lesson. | ||||
| that password. Note: it is not possible to use OWASP ZAP for this lesson, also browsers might not work, command line | ||||
| tools like `curl` and the like will be more successful for this attack. | ||||
|  | ||||
| Tom always resets his password immediately after receiving the email with the link. | ||||
|  | ||||
|  | ||||
		Reference in New Issue
	
	Block a user