diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/AbstractLesson.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/AbstractLesson.java
index 531dcf367..bba7c5a28 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/AbstractLesson.java
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/AbstractLesson.java
@@ -795,9 +795,9 @@ public abstract class AbstractLesson extends Screen implements Comparable
}
- protected String getFormAction()
+ public String getFormAction()
{
- return "attack" + "?menu=" + getCategory().getRanking();
+ return getLink();
}
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CSRF.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CSRF.java
index 0bb336f23..e19cedb5e 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CSRF.java
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CSRF.java
@@ -186,10 +186,8 @@ public class CSRF extends LessonAdapter {
for ( int i = 0; results.next(); i++ )
{
- String link = "" + results.getString( TITLE_COL ) + "";
+ String link = "" + results.getString( TITLE_COL ) + "";
TD td = new TD().addElement( link );
TR tr = new TR().addElement( td );
t.addElement( tr );
@@ -297,9 +295,7 @@ public class CSRF extends LessonAdapter {
hints.add( "Enter some text and try to include an image in there." );
hints.add( "In order to make the picture almost invisible try to add width=\"1\" and height=\"1\"." );
hints.add( "The format of an image in html is <img src=\"[URL]\" width=\"1\" height=\"1\" />
");
- hints.add( "Include this URL in the message <img src='http://localhost/WebGoat/attack?"+
- "Screen=" + String.valueOf(getScreenId()) +
- "&menu=" + getDefaultCategory().getRanking().toString() +
+ hints.add( "Include this URL in the message <img src='" + getLink() +
"&transferFunds=5000' width=\"1\" height=\"1\" />
");
return hints;
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DOMInjection.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DOMInjection.java
index d8fc9261a..45faa4561 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DOMInjection.java
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DOMInjection.java
@@ -95,9 +95,7 @@ public class DOMInjection extends LessonAdapter
String lineSep = System.getProperty("line.separator");
String script = "