dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added more content for CSRF lesson

Browse Source
This commit is contained in:
Nanne Baars
2017-11-22 01:34:05 +01:00
parent 5eed385d5d
commit 43b82027f5
14 changed files with 512 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
webgoat-lessons/csrf/src/main/resources/lessonPlans/en/CSRF_Reviews.adoc
View File

@ -1,9 +1,9 @@
== Post a review on someone else's behalf
The page below simulates a comment/review page. The difference here is that you have to inititate the submission elsewhere as you might
The page below simulates a comment/review page. The difference here is that you have to initiate the submission elsewhere as you might
with a CSRF attack and like the previous exercise. It's easier than you think. In most cases, the trickier part is
finding somewhere that you want to execute the CSRF attack. The classic example is account/wire transfers in someone's bank account.
But we're keepoing it simple here. In this case, you just need to trigger a review submission on behalf of the currently
But we're keeping it simple here. In this case, you just need to trigger a review submission on behalf of the currently
logged in user.