Added more content for CSRF lesson
This commit is contained in:
Nanne Baars
@ -16,4 +16,17 @@ csrf-review.success=It appears you have submitted correctly from another site. G
|
||||
|
||||
csrf-review-hint1=Again, you will need to submit from an external domain/host to trigger this action. While CSRF can often be triggered from the same host (e.g. via persisted payload), this doesn't work that way.
|
||||
csrf-review-hint2=Remember, you need to mimic the existing workflow/form.
|
||||
csrf-review-hint3=This one has a weak anti-CSRF protection, but you do need to overcome (mimic) it
|
||||
csrf-review-hint3=This one has a weak anti-CSRF protection, but you do need to overcome (mimic) it
|
||||
|
||||
csrf-feedback-hint1=Look at the content-type.
|
||||
csrf-feedback-hint2=Try to post the same message with content-type text/plain
|
||||
csrf-feedback-hint3=The json can be put into a hidden field inside
|
||||
|
||||
csrf-feedback-invalid-json=Invalid JSON received.
|
||||
csrf-feedback-success=Congratulations you have found the correct solution, the flag is: {0}
|
||||
|
||||
csrf-login-hint1=First create a new account with csrf-username
|
||||
csrf-login-hint2=Create a form which will log you in as this user (hint 1) and upload it to WebWolf
|
||||
csrf-login-hint3=Visit this assignment again
|
||||
csrf-login-success=Congratulations, now log out and login with your normal user account within WebGoat, remember the attacker knows you solved this assignment
|
||||
csrf-login-failed=The solution is not correct, you are clicking the button while logged in as {0}
|
||||
Reference in New Issue
Block a user