dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

More CSRF Updates

Browse Source
This commit is contained in:
Jason White
2017-10-13 09:28:41 -06:00
parent b03a32f92c
commit 8d488c6ac6
7 changed files with 40 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
webgoat-lessons/csrf/src/main/resources/i18n/WebGoatLabels.properties
View File

@ -12,4 +12,8 @@ csrf-same-host=It appears your request is coming from the same host you are subm
csrf-you-forgot-something=There's something missing from your request it appears, so I can't process it.
csrf-review.success=It appears you have submitted correctly from another site. Go reload and see if your post is there.
csrf-review.success=It appears you have submitted correctly from another site. Go reload and see if your post is there.
csrf-review-hint1=Again, you will need to submit from an external domain/host to trigger this action. While CSRF can often be triggered from the same host (e.g. via persisted payload), this doesn't work that way.
csrf-review-hint2=Remember, you need to mimic the existing workflow/form.
csrf-review-hint3=This one has a weak anti-CSRF protection, but you do need to overcome (mimic) it