dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

More CSRF Updates

Browse Source
This commit is contained in:
Jason White
2017-10-13 09:28:41 -06:00
parent b03a32f92c
commit 8d488c6ac6
7 changed files with 40 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
webgoat-lessons/csrf/src/main/resources/lessonPlans/en/CSRF_Reviews.adoc Normal file
View File

@ -0,0 +1,9 @@
== Post a review on someone else's behalf
The page below simulates a comment/review page. The difference here is that you have to inititate the submission elsewhere as you might
with a CSRF attack and like the previous exercise. It's easier than you think. In most cases, the trickier part is
finding somewhere that you want to execute the CSRF attack. The classic example is account/wire transfers in someone's bank account.
But we're keepoing it simple here. In this case, you just need to trigger a review submission on behalf of the currently
logged in user.