* Hints added
* Solutions added * Bugfixes * Introduction added (including how to start with webgoat and useful tools) * New lesson: Password strength * New lessons: Multi Level Login * Not yet working new lesson: Session fixation (inital release) git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@301 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
@ -712,7 +712,7 @@ normal'>Solution:<o:p></o:p></b></p>
|
||||
normal'><o:p> </o:p></b></p>
|
||||
|
||||
<p class=MsoNormal style='text-align:justify'><span style='font-family:"Arial","sans-serif"'>HTTPOnly
|
||||
is not configured. When you click on <EFBFBD>Read Cookie<EFBFBD> you will get the following
|
||||
is not configured. When you click on "Read Cookie" you will get the following
|
||||
pop-up in JavaScript, displaying the cookies<o:p></o:p></span></p>
|
||||
|
||||
<p class=MsoNormal style='text-align:justify'><b style='mso-bidi-font-weight:
|
||||
@ -736,7 +736,7 @@ style='font-weight:normal;mso-bidi-font-weight:bold'><o:p></o:p></span></p>
|
||||
<p class=MsoNormal style='text-align:justify'><o:p> </o:p></p>
|
||||
|
||||
<p class=MsoNormal style='text-align:justify'><span style='font-family:"Arial","sans-serif"'>Select
|
||||
<EFBFBD>Yes<EFBFBD> to turn HTTPOnly on. Intercept the HTTP Request and HTTP Response in
|
||||
"Yes" to turn HTTPOnly on. Intercept the HTTP Request and HTTP Response in
|
||||
WebScarab.<o:p></o:p></span></p>
|
||||
|
||||
<p class=MsoNormal style='text-align:justify'><span style='font-family:"Arial","sans-serif"'><o:p> </o:p></span></p>
|
||||
@ -777,7 +777,7 @@ cookie</p>
|
||||
<p class=MsoNormal style='text-align:justify'><o:p> </o:p></p>
|
||||
|
||||
<p class=MsoNormal style='text-align:justify'><span style='font-family:"Arial","sans-serif"'>Click
|
||||
on <EFBFBD>Read cookie<EFBFBD>. You will see the JSESSIONID which is not using HTTPOnly.<o:p></o:p></span></p>
|
||||
on "Read cookie". You will see the JSESSIONID which is not using HTTPOnly.<o:p></o:p></span></p>
|
||||
|
||||
<p class=MsoNormal style='text-align:justify;page-break-after:avoid'><span
|
||||
style='mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_120"
|
||||
|
Reference in New Issue
Block a user