dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Minor grammar fix.

Browse Source 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@90 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
esheri3 2007-01-25 19:39:33 +00:00
parent 8c4d4d13b3
commit 94ee4db701
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
webgoat/main/project/WebContent/lesson_plans/CSRF.html
View File

@ -21,6 +21,6 @@ In this way, the attacker can make the victim perform actions that they didn't i
</div>
<p><b>General Goal(s):</b> </p>
<!-- Start Instructions -->
Your goal is to send an email to a newsgroup that contains an image whose URL is pointing to a malicious request. Try to include a 1x1 pixel image that includes a URL. The URL should point to the CSRF lesson with an extra parameter "transferFunds=4000". You can copy the shortcut from the left hand menu, right click on the left hand menu and choose copy shortcut. Whoever receives this email and happens to be authenticated at that time will have his funds transferred. When you think the attack is successful, refresh the page and you will find the green check on the left hand side menu.
Your goal is to send an email to a newsgroup that contains an image whose URL is pointing to a malicious request. Try to include a 1x1 pixel image that includes a URL. The URL should point to the CSRF lesson with an extra parameter "transferFunds=4000". You can copy the shortcut from the left hand menu by right clicking on the left hand menu and choosing copy shortcut. Whoever receives this email and happens to be authenticated at that time will have his funds transferred. When you think the attack is successful, refresh the page and you will find the green check on the left hand side menu.
<!-- Stop Instructions -->