From 0a41b2813d0819ad0c64e3f47d55e762faad2bae Mon Sep 17 00:00:00 2001 From: Jason White Date: Fri, 6 Jan 2017 08:06:49 -0500 Subject: [PATCH] #304 ... trying to fix prev. commit --- webgoat-lessons/idor/pom.xml | 36 +++++++++++++++++++ .../lessonPlans/en/IDOR_viewOwnAltPath.adoc | 2 +- 2 files changed, 37 insertions(+), 1 deletion(-) create mode 100644 webgoat-lessons/idor/pom.xml diff --git a/webgoat-lessons/idor/pom.xml b/webgoat-lessons/idor/pom.xml new file mode 100644 index 000000000..4e4db28c9 --- /dev/null +++ b/webgoat-lessons/idor/pom.xml @@ -0,0 +1,36 @@ + + 4.0.0 + idor + jar + + org.owasp.webgoat.lesson + webgoat-lessons-parent + 8.0-SNAPSHOT + + + + + + org.asciidoctor + asciidoctor-maven-plugin + 1.5.3 + + + + output-html + generate-resources + + process-asciidoc + + + html + src/main/resources/plugin/IDOR/lessonPlans/en/ + + + + + + + + \ No newline at end of file diff --git a/webgoat-lessons/idor/src/main/resources/plugin/IDOR/lessonPlans/en/IDOR_viewOwnAltPath.adoc b/webgoat-lessons/idor/src/main/resources/plugin/IDOR/lessonPlans/en/IDOR_viewOwnAltPath.adoc index 80f0a2c45..bc2891149 100644 --- a/webgoat-lessons/idor/src/main/resources/plugin/IDOR/lessonPlans/en/IDOR_viewOwnAltPath.adoc +++ b/webgoat-lessons/idor/src/main/resources/plugin/IDOR/lessonPlans/en/IDOR_viewOwnAltPath.adoc @@ -3,4 +3,4 @@ The application we are working with seems to follow a RESTful pattern so far as the profile goes. Many apps have roles in which an elevated user may access content of another. In that case, just /profile won't work since the own user's session/authentication data won't tell us whose profile they want view. -So, what do you think is a likely pattern to view your own profile explicitly? \ No newline at end of file +So, what do you think is a likely pattern to view your own profile using a direct object reference? \ No newline at end of file