Small update for password reset lesson

2019-05-09 09:17:11 +02:00 · 2019-05-09 09:17:11 +02:00 · 00deb66ad9
commit 00deb66ad9
parent 2a5e8dfdac
2 changed files with 4 additions and 3 deletions
--- a/webgoat-lessons/password-reset/src/main/resources/html/PasswordReset.html
+++ b/webgoat-lessons/password-reset/src/main/resources/html/PasswordReset.html
@ -109,8 +109,8 @@
            <div class="container-fluid">
                <div class="col-md-4">
                    <article class="card-body">
-                        <a href="" class="float-right btn btn-outline-primary">Sign up</a>
-                        <a href="" class="float-right btn btn-outline-primary">Login</a>
+                        <a class="float-right btn btn-outline-primary">Sign up</a>
+                        <a class="float-right btn btn-outline-primary">Login</a>
                        <h4 class="card-title mb-4 mt-1">WebGoat Password Recovery</h4>
                        <form>
                            <div class="form-group">
--- a/webgoat-lessons/password-reset/src/main/resources/lessonPlans/en/PasswordReset_host_header.adoc
+++ b/webgoat-lessons/password-reset/src/main/resources/lessonPlans/en/PasswordReset_host_header.adoc
@ -13,7 +13,8 @@ The time out is necessary to restrict the attack window, having a link opens up
 == Assignment

 Try to reset the password of Tom (tom@webgoat-cloud.org) to your own choice and login as Tom with
-that password. Note: it is not possible to use OWASP ZAP for this lesson.
+that password. Note: it is not possible to use OWASP ZAP for this lesson, also browsers might not work, command line
+tools like `curl` and the like will be more successful for this attack.

 Tom always resets his password immediately after receiving the email with the link.