dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

lessonplan character updates so it also works on Windows Cp125

Browse Source
This commit is contained in:
René Zubcevic
2020-04-20 12:39:51 +02:00
committed by Nanne Baars
parent 6b68a12449
commit 6f532683a1
8 changed files with 16 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
webgoat-lessons/csrf/src/main/resources/lessonPlans/en/CSRF_Login.adoc
View File

@ -5,8 +5,8 @@
In a login CSRF attack, the attacker forges a login request to an honest site using the attackers username
and password at that site. If the forgery succeeds, the honest server responds with a `Set-Cookie` header
that instructs the browser to mutate its state by storing a session cookie, logging the user into
the honest site as the attacker. This session cookie is used to bind subsequent requests to the users session and hence
to the attackers authentication credentials. Login CSRF attacks can have serious consequences, for example
the honest site as the attacker. This session cookie is used to bind subsequent requests to the user's session and hence
to the attacker's authentication credentials. Login CSRF attacks can have serious consequences, for example
see the picture below where an attacker created an account at google.com the victim visits the malicious
website and the user is logged in as the attacker. The attacker could then later on gather information about
the activities of the user.