dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Removed hardcoded webgoat path for URLs

Browse Source 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@367 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
mayhew64
2008-11-21 16:57:23 +00:00
parent c0d2d13e5a
commit 7998e60f29
68 changed files with 592 additions and 592 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
main/project/WebContent/lesson_solutions/Lab Access Control/Lab Add Business Layer Access Control.html
View File

@ -3,7 +3,7 @@
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Solution Lab Role Based Access Control Stage2</title>
<link rel="stylesheet" type="text/css" href="/WebGoat/lesson_solutions/formate.css">
<link rel="stylesheet" type="text/css" href="lesson_solutions/formate.css">
</head>
<body>
<p><b>Lesson Plan Title:</b> How to Perform Cross Site Scripting (XSS)</p>

2
main/project/WebContent/lesson_solutions/Lab Access Control/Lab Add Data Layer Access Control.html
View File

@ -3,7 +3,7 @@
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Solution Lab Role Based Access Control Stage4</title>
<link rel="stylesheet" type="text/css" href="/WebGoat/lesson_solutions/formate.css">
<link rel="stylesheet" type="text/css" href="lesson_solutions/formate.css">
</head>
<body>
<p><b>Lesson Plan Title:</b> How to Perform Cross Site Scripting (XSS)</p>

4
main/project/WebContent/lesson_solutions/Lab Access Control/Lab Bypass Business Layer Access Control.html
View File

@ -3,7 +3,7 @@
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Solution Lab Role Based Access Control Stage1</title>
<link rel="stylesheet" type="text/css" href="/WebGoat/lesson_solutions/formate.css">
<link rel="stylesheet" type="text/css" href="lesson_solutions/formate.css">
</head>
<body>
<p><b>Lesson Plan Title:</b> How to Perform Cross Site Scripting (XSS)</p>
@ -36,7 +36,7 @@ it because it has a really logical name.
But we will look it up. So your first step is to log in as John with john as
password. Use WebScarab to intercept the delete request.
<img src="/WebGoat/lesson_solutions/Lab Access Control/images/access_control_stage1.png" width=450px alt="deleteAction" />
<img src="lesson_solutions/Lab Access Control/images/access_control_stage1.png" width=450px alt="deleteAction" />
As you can see the delete action is called DeleteProfile.
Now log in as Tom. Click in the list on his name and make sure WebScarab

4
main/project/WebContent/lesson_solutions/Lab Access Control/Lab Bypass Data Layer Access Control.html
View File

@ -3,7 +3,7 @@
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Solution Lab Role Based Access Control Stage3</title>
<link rel="stylesheet" type="text/css" href="/WebGoat/lesson_solutions/formate.css">
<link rel="stylesheet" type="text/css" href="lesson_solutions/formate.css">
</head>
<body>
<p><b>Lesson Plan Title:</b> How to Perform Cross Site Scripting (XSS)</p>
@ -39,7 +39,7 @@ of another employee!
Log in as Tom with tom as password. Click on Tom's name in the list and make sure
webscarab will intercept the next request. Change the employee_id for example to 101.<br><br>
<img src="/WebGoat/lesson_solutions/Lab Access Control/images/access_control_stage1.png" width=450px alt="deleteAction" />
<img src="lesson_solutions/Lab Access Control/images/access_control_stage1.png" width=450px alt="deleteAction" />
</body>