diff --git a/ webgoat/main/project/WebContent/lesson_plans/CSRF.html b/ webgoat/main/project/WebContent/lesson_plans/CSRF.html index 6e751b649..dc17ddef9 100644 --- a/ webgoat/main/project/WebContent/lesson_plans/CSRF.html +++ b/ webgoat/main/project/WebContent/lesson_plans/CSRF.html @@ -21,6 +21,6 @@ In this way, the attacker can make the victim perform actions that they didn't i

General Goal(s):

-Your goal is to send an email to a newsgroup that contains an image whose URL is pointing to a malicious request. Try to include a 1x1 pixel image that includes a URL. The URL should point to the CSRF lesson with an extra parameter "transferFunds=4000". You can copy the shortcut from the left hand menu, right click on the left hand menu and choose copy shortcut. Whoever receives this email and happens to be authenticated at that time will have his funds transferred. When you think the attack is successful, refresh the page and you will find the green check on the left hand side menu. +Your goal is to send an email to a newsgroup that contains an image whose URL is pointing to a malicious request. Try to include a 1x1 pixel image that includes a URL. The URL should point to the CSRF lesson with an extra parameter "transferFunds=4000". You can copy the shortcut from the left hand menu by right clicking on the left hand menu and choosing copy shortcut. Whoever receives this email and happens to be authenticated at that time will have his funds transferred. When you think the attack is successful, refresh the page and you will find the green check on the left hand side menu.