dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

* Hints added

Browse Source 
* Solutions added
* Bugfixes
* Introduction added (including how to start with webgoat and useful tools)
* New lesson: Password strength
* New lessons: Multi Level Login
* Not yet working new lesson: Session fixation (inital release)

git-svn-id: http://webgoat.googlecode.com/svn/trunk@301 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
wirth.marcel
2008-04-07 14:28:38 +00:00
parent ce703bc67d
commit 82e32acb77
137 changed files with 4230 additions and 479 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
webgoat/main/project/WebContent/lesson_solutions/RemoteAdminFlaw.html
View File

@ -590,13 +590,13 @@ style='font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Append <i
style='mso-bidi-font-style:normal'>&amp;admin=true</i> to the URL in the
browser and hit <EFBFBD>Enter<EFBFBD><o:p></o:p></span></p>
browser and hit "Enter"<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Open the menu
<EFBFBD>Admin functions<EFBFBD> and notice that you have additional menu options like
<EFBFBD>Database Dump<EFBFBD>, <EFBFBD>User Information<EFBFBD> and <EFBFBD>Product Information<EFBFBD>.<o:p></o:p></span></p>
"Admin functions" and notice that you have additional menu options like
"Database Dump", "User Information" and "Product Information".<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
@ -618,8 +618,8 @@ style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Clicking on
<EFBFBD>User Information<EFBFBD> will not work. This is because the URL behind <EFBFBD>User
Information<EFBFBD> is <a href="http://localhost/WebGoat/attack?Screen=71&amp;menu=10">http://localhost/WebGoat/attack?Screen=71&amp;menu=10</a>
"User Information" will not work. This is because the URL behind "User
Information" is <a href="http://localhost/WebGoat/attack?Screen=71&amp;menu=10">http://localhost/WebGoat/attack?Screen=71&amp;menu=10</a>
does not contain the parameter admin=true. Rewrite the URL to become <a
href="http://localhost/WebGoat/attack?Screen=71&amp;menu=10&amp;admin=true">http://localhost/WebGoat/attack?Screen=71&amp;menu=10&amp;admin=true</a><o:p></o:p></span></p>