dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update to do CSRF-based comment forging

Browse Source
This commit is contained in:
Jason White
2017-10-12 18:17:48 -06:00
parent d0ec84e9a6
commit b03a32f92c
10 changed files with 452 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
webgoat-lessons/csrf/src/main/resources/i18n/WebGoatLabels.properties
View File

@ -1,4 +1,15 @@
csrf.title=Cross-Site Request Forgeries
csrf-get-null-referer.success=Congratulations! Appears you made the request from your local machine.
csrf-get-other-referer.successfeedback=Congratulations! Appears you made the request from\
csrf-get-other-referer.success=Congratulations! Appears you made the request from a separate host.
csrf-get.hint1=The form has hidden inputs.
csrf-get.hint2=You will need to use an external page and/or script to trigger it.
csrf-get.hint3=Try creating a local page or one that is uploaded and points to this form as its action.
csrf-get.hint4=The trigger can be manual or scripted to happen automatically
csrf-same-host=It appears your request is coming from the same host you are submitting to.
csrf-you-forgot-something=There's something missing from your request it appears, so I can't process it.
csrf-review.success=It appears you have submitted correctly from another site. Go reload and see if your post is there.