dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Small update for password reset lesson

Browse Source
This commit is contained in:
Nanne Baars
2019-05-09 09:17:11 +02:00
parent 2a5e8dfdac
commit 00deb66ad9
2 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
webgoat-lessons/password-reset/src/main/resources/html/PasswordReset.html
View File

@ -109,8 +109,8 @@
<div class="container-fluid"> <div class="container-fluid">
<div class="col-md-4"> <div class="col-md-4">
<article class="card-body"> <article class="card-body">
<a href="" class="float-right btn btn-outline-primary">Sign up</a> <a class="float-right btn btn-outline-primary">Sign up</a>
<a href="" class="float-right btn btn-outline-primary">Login</a> <a class="float-right btn btn-outline-primary">Login</a>
<h4 class="card-title mb-4 mt-1">WebGoat Password Recovery</h4> <h4 class="card-title mb-4 mt-1">WebGoat Password Recovery</h4>
<form> <form>
<div class="form-group"> <div class="form-group">

3
webgoat-lessons/password-reset/src/main/resources/lessonPlans/en/PasswordReset_host_header.adoc
View File

@ -13,7 +13,8 @@ The time out is necessary to restrict the attack window, having a link opens up
== Assignment == Assignment
Try to reset the password of Tom (tom@webgoat-cloud.org) to your own choice and login as Tom with Try to reset the password of Tom (tom@webgoat-cloud.org) to your own choice and login as Tom with
that password. Note: it is not possible to use OWASP ZAP for this lesson. that password. Note: it is not possible to use OWASP ZAP for this lesson, also browsers might not work, command line
tools like `curl` and the like will be more successful for this attack.
Tom always resets his password immediately after receiving the email with the link. Tom always resets his password immediately after receiving the email with the link.