dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Reported by dwpoon, Yesterday (17 hours ago)

Browse Source 
I would like to submit the attached patch to avoid hard-coding
"/WebGoat" as the webapp's context path, at least for the HTTP splitting
lesson.  This issue has also been reported in July 2007; see
https://lists.owasp.org/pipermail/owasp-webgoat/2007-July/000432.html

Also see Issue 15 http://code.google.com/p/webgoat/issues/detail?id=15


git-svn-id: http://webgoat.googlecode.com/svn/trunk@366 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
mayhew64
2008-11-21 12:57:14 +00:00
parent 58aa49317a
commit bab1f6aeb7
2 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
webgoat/main/project/WebContent/lessons/General/redirect.jsp
View File

@ -7,10 +7,10 @@
<title>HTTP Splitting</title>
</head>
<body>
<% response.sendRedirect("/WebGoat/attack?" +
"Screen=" + request.getParameter("Screen") +
"&menu=" + request.getParameter("menu") +
"&fromRedirect=yes&language=" + request.getParameter("language"));
<% response.sendRedirect(request.getContextPath() + "/attack?" +
"Screen=" + request.getParameter("Screen") +
"&menu=" + request.getParameter("menu") +
"&fromRedirect=yes&language=" + request.getParameter("language"));
%>
</body>
</html>