dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

added int test for IDOR and fixed green button issue (#801)

Browse Source
This commit is contained in:
René Zubcevic
2020-04-29 12:12:11 +02:00
committed by GitHub
parent 2398949396
commit 9dea696c4c
10 changed files with 129 additions and 74 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
webgoat-lessons/idor/src/main/resources/html/IDOR.html
View File

@ -47,7 +47,7 @@
<!-- include content here, or can be placed in another location. Content will be presented via asciidocs files,
which you put in src/main/resources/plugin/lessonplans/{lang}/{fileName}.adoc -->
<div class="adoc-content" th:replace="doc:IDOR_viewDiffs.adoc"></div>
<div class="attack-container">
<div class="nonattack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<!-- using attack-form class on your form, will allow your request to be ajaxified and stay within the display framework for webgoat -->
<!-- using attack-form class on your form will allow your request to be ajaxified and stay within the display framework for webgoat -->
@ -124,7 +124,7 @@
<!-- include content here, or can be placed in another location. Content will be presented via asciidocs files,
which you put in src/main/resources/plugin/lessonplans/{lang}/{fileName}.adoc -->
<div class="adoc-content" th:replace="doc:IDOR_viewOtherProfile.adoc"></div>
<div class="attack-container">
<div class="nonattack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<!-- using attack-form class on your form, will allow your request to be ajaxified and stay within the display framework for webgoat -->
<!-- using attack-form class on your form will allow your request to be ajaxified and stay within the display framework for webgoat -->
@ -161,7 +161,7 @@
action="/WebGoat/IDOR/profile/{userId}">
<script th:src="@{/lesson_js/idor.js}" />
<input name="View Profile" value="View Profile" type="submit" />
<input name="Edit Profile" value="Edit Profile" type="submit" />
</form>
<!-- do not remove the two following div's, this is where your feedback/output will land -->