update to do CSRF-based comment forging
This commit is contained in:
Jason White
@ -22,14 +22,9 @@
|
||||
<input type="submit" name="ubmit=" />
|
||||
|
||||
</form>
|
||||
</div>
|
||||
|
||||
<div class="lesson-page-wrapper">
|
||||
|
||||
<div class="adoc-content" th:replace="doc:CSRF_Basic_Get-1.adoc"></div>
|
||||
|
||||
|
||||
|
||||
<div class="attack-container">
|
||||
<div class="assignment-success">
|
||||
<i class="fa fa-2 fa-check hidden" aria-hidden="true">
|
||||
@ -38,11 +33,11 @@
|
||||
<form class="attack-form" accept-charset="UNKNOWN" id="confirm-flag-1"
|
||||
method="POST" name="form2"
|
||||
successCallback=""
|
||||
action="/WebGoat/csrf/basic-confirm-flag"
|
||||
action="/WebGoat/csrf/confirm-flag-1"
|
||||
enctype="application/json;charset=UTF-8">
|
||||
|
||||
Confirm Flag Value:
|
||||
<input type="text" length="6" name="confirmFlagVal" value="false" />
|
||||
<input type="text" length="6" name="confirmFlagVal" value="" />
|
||||
|
||||
<input name="submit" value="Submit" type="submit"/>
|
||||
|
||||
@ -52,6 +47,73 @@
|
||||
<div class="attack-output"></div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="lesson-page-wrapper">
|
||||
|
||||
<!--<div class="adoc-content" th:replace="doc:CrossSiteScripting_content7b.adoc"></div>-->
|
||||
|
||||
<!-- comment area -->
|
||||
<link rel="stylesheet" type="text/css" th:href="@{/lesson_css/reviews.css}"/>
|
||||
<script th:src="@{/lesson_js/csrf-review.js}" language="JavaScript"></script>
|
||||
|
||||
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
||||
|
||||
<div class="container-fluid">
|
||||
<div class="panel post">
|
||||
<div class="post-heading">
|
||||
<div class="pull-left image">
|
||||
<img th:src="@{/images/avatar1.png}"
|
||||
class="img-circle avatar" alt="user profile image"/>
|
||||
</div>
|
||||
<div class="pull-left meta">
|
||||
<div class="title h5">
|
||||
<a href="#"><b>John Doe</b></a>
|
||||
is selling this poster, read reviews below.
|
||||
</div>
|
||||
<h6 class="text-muted time">24 days ago</h6>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="post-image">
|
||||
<img th:src="@{images/cat.jpg}" class="image" alt="image post"/>
|
||||
</div>
|
||||
|
||||
<div class="post-description">
|
||||
|
||||
</div>
|
||||
|
||||
<div class="attack-container">
|
||||
<div class="post-footer">
|
||||
<div class="input-group">
|
||||
<form class="attack-form" accept-charset="UNKNOWN" id="csrf-review"
|
||||
method="POST" name="review-form"
|
||||
successCallback=""
|
||||
action="/WebGoat/csrf/review">
|
||||
<input class="form-control" id="reviewText" name="reviewText" placeholder="Add a Review" type="text"/>
|
||||
<input class="form-control" id="reviewStars" name="stars" type="text" />
|
||||
<input type="hidden" name="validateReq" value="2aa14227b9a13d0bede0388a7fba9aa9" />
|
||||
<input type="submit" name="submit" value="Submit review"/>
|
||||
</form>
|
||||
<div class="attack-feedback"></div>
|
||||
<div class="attack-output"></div>
|
||||
<!--<span class="input-group-addon">-->
|
||||
<!--<i id="postReview" class="fa fa-edit" style="font-size: 20px"></i>-->
|
||||
<!--</span>-->
|
||||
</div>
|
||||
<ul class="comments-list">
|
||||
<div id="list">
|
||||
</div>
|
||||
</ul>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<!-- end comments -->
|
||||
|
||||
|
||||
</div>
|
||||
|
||||
|
||||
<!--</div>-->
|
||||
|
||||
</html>
|
||||
Reference in New Issue
Block a user