dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

* Hints added

Browse Source 
* Solutions added
* Bugfixes
* Introduction added (including how to start with webgoat and useful tools)
* New lesson: Password strength
* New lessons: Multi Level Login
* Not yet working new lesson: Session fixation (inital release)

git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@301 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
wirth.marcel
2008-04-07 14:28:38 +00:00
parent 84f01ba70a
commit 5d930ec235
137 changed files with 4230 additions and 479 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
main/project/JavaSource/org/owasp/webgoat/lessons/UncheckedEmail.java
View File

@ -125,9 +125,14 @@ public class UncheckedEmail extends LessonAdapter
sendSimulatedMail(ec, to, subject, message);
}
}
if(to.length() > 0 && "webgoat.admin@owasp.org".equals(to) && message.contains("<script"))
{
s.setMessage("The attack worked! Now try to attack another person than the admin.");
}
// only complete the lesson if they changed the "to" hidden field
if (to.length() > 0 && !"webgoat.admin@owasp.org".equals(to))
// only complete the lesson if they changed the "to" hidden field and they sen a scripttag in the message
if (to.length() > 0 && !"webgoat.admin@owasp.org".equals(to) && message.contains("<script"))
{
makeSuccess(s);
}