dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

* Hints added

Browse Source 
* Solutions added
* Bugfixes
* Introduction added (including how to start with webgoat and useful tools)
* New lesson: Password strength
* New lessons: Multi Level Login
* Not yet working new lesson: Session fixation (inital release)

git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@301 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
wirth.marcel
2008-04-07 14:28:38 +00:00
parent 84f01ba70a
commit 5d930ec235
137 changed files with 4230 additions and 479 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
main/project/WebContent/lesson_solutions/HttpOnly.html
View File

@ -712,7 +712,7 @@ normal'>Solution:<o:p></o:p></b></p>
normal'><o:p>&nbsp;</o:p></b></p>
<p class=MsoNormal style='text-align:justify'><span style='font-family:"Arial","sans-serif"'>HTTPOnly
is not configured. When you click on <EFBFBD>Read Cookie<EFBFBD> you will get the following
is not configured. When you click on "Read Cookie" you will get the following
pop-up in JavaScript, displaying the cookies<o:p></o:p></span></p>
<p class=MsoNormal style='text-align:justify'><b style='mso-bidi-font-weight:
@ -736,7 +736,7 @@ style='font-weight:normal;mso-bidi-font-weight:bold'><o:p></o:p></span></p>
<p class=MsoNormal style='text-align:justify'><o:p>&nbsp;</o:p></p>
<p class=MsoNormal style='text-align:justify'><span style='font-family:"Arial","sans-serif"'>Select
<EFBFBD>Yes<EFBFBD> to turn HTTPOnly on. Intercept the HTTP Request and HTTP Response in
"Yes" to turn HTTPOnly on. Intercept the HTTP Request and HTTP Response in
WebScarab.<o:p></o:p></span></p>
<p class=MsoNormal style='text-align:justify'><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
@ -777,7 +777,7 @@ cookie</p>
<p class=MsoNormal style='text-align:justify'><o:p>&nbsp;</o:p></p>
<p class=MsoNormal style='text-align:justify'><span style='font-family:"Arial","sans-serif"'>Click
on <EFBFBD>Read cookie<EFBFBD>. You will see the JSESSIONID which is not using HTTPOnly.<o:p></o:p></span></p>
on "Read cookie". You will see the JSESSIONID which is not using HTTPOnly.<o:p></o:p></span></p>
<p class=MsoNormal style='text-align:justify;page-break-after:avoid'><span
style='mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_120"