dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Changed CSRF per Bruce's comments

Browse Source 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@56 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
sherif.fathy
2006-12-30 17:30:30 +00:00
parent 63043b0f34
commit ae225126ae
2 changed files with 20 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
webgoat/main/project/WebContent/lesson_plans/CSRF.html
View File

@ -21,7 +21,5 @@ In this way, the attacker can make the victim perform actions that they didn't i
</div>
<p><b>General Goal(s):</b> </p>
<!-- Start Instructions -->
* Your goal is to send an email to a newsgroup.<br>
* Try to include a 1x1 pixel image that includes a URL that transfers funds to your account.<br>
* Whoever receives this email and happens to be authenticated at that time will be a victim.
Your goal is to send an email to a newsgroup that contains an image whose URL is pointing to a malacious request. Try to include a 1x1 pixel image that includes a URL. The URL should point to the CSRF lesson with an extra parameter "transferFunds=4000". You can copy the shortcut from the left hand menu, right click on the left hand menu and choose copy shortcut. Whoever receives this email and happens to be authenticated at that time will have his funds transfered. When you think the attack is successfull, refresh the page and you will find the green check on the left hand side menu.
<!-- Stop Instructions -->