From 96c2595ad00ec50b373c2c820721dcf97b31c89c Mon Sep 17 00:00:00 2001 From: Jesper Hallborg Date: Wed, 21 Sep 2022 14:07:14 +0200 Subject: [PATCH] Update interface name to exploit The name is org.owasp.webgoat.lessons.vulnerablecomponents.Contact not org.owasp.webgoat.vulnerablecomponents.Contact --- .../documentation/VulnerableComponents_content5a.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/resources/lessons/vulnerablecomponents/documentation/VulnerableComponents_content5a.adoc b/src/main/resources/lessons/vulnerablecomponents/documentation/VulnerableComponents_content5a.adoc index 60c7e357c..1809cf26b 100644 --- a/src/main/resources/lessons/vulnerablecomponents/documentation/VulnerableComponents_content5a.adoc +++ b/src/main/resources/lessons/vulnerablecomponents/documentation/VulnerableComponents_content5a.adoc @@ -13,6 +13,6 @@ WebGoat uses an XML document to add contacts to a contacts database. ---- -The java interface that you need for the exercise is: org.owasp.webgoat.vulnerablecomponents.Contact. +The java interface that you need for the exercise is: org.owasp.webgoat.lessons.vulnerablecomponents.Contact. Start by sending the above contact to see what the normal response would be and then read the CVE vulnerability documentation (search the Internet) and try to trigger the vulnerability. For this example, we will let you enter the XML directly versus intercepting the request and modifying the data. You provide the XML representation of a contact and WebGoat will convert it a Contact object using `XStream.fromXML(xml)`.