dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixed spelling mistakes.

Browse Source 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@64 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
esheri3
2007-01-22 18:10:06 +00:00
parent 3ae171c303
commit a90d292239
20 changed files with 44 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
webgoat/main/project/WebContent/lesson_plans/CSRF.html
View File

@ -21,5 +21,6 @@ In this way, the attacker can make the victim perform actions that they didn't i
</div>
<p><b>General Goal(s):</b> </p>
<!-- Start Instructions -->
Your goal is to send an email to a newsgroup that contains an image whose URL is pointing to a malacious request. Try to include a 1x1 pixel image that includes a URL. The URL should point to the CSRF lesson with an extra parameter "transferFunds=4000". You can copy the shortcut from the left hand menu, right click on the left hand menu and choose copy shortcut. Whoever receives this email and happens to be authenticated at that time will have his funds transfered. When you think the attack is successfull, refresh the page and you will find the green check on the left hand side menu.
Your goal is to send an email to a newsgroup that contains an image whose URL is pointing to a malicious request. Try to include a 1x1 pixel image that includes a URL. The URL should point to the CSRF lesson with an extra parameter "transferFunds=4000". You can copy the shortcut from the left hand menu, right click on the left hand menu and choose copy shortcut. Whoever receives this email and happens to be authenticated at that time will have his funds transferred. When you think the attack is successful, refresh the page and you will find the green check on the left hand side menu.
<!-- Stop Instructions -->