dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

This change includes two additional CSRF lessons. One for

Browse Source 
by-passing a prompt (showing why prompts don't work).  The second for
by-passing CSRF tokens when XSS exists. 

It also modifies the existing CSRF lesson so that the lesson
can be extended and used by the two new lessons.


git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@386 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
cam.morris
2009-10-23 21:23:17 +00:00
parent b4af6471b1
commit d2a6a2b272
19 changed files with 747 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
main/project/WebContent/WEB-INF/webgoat-class.properties
View File

@ -16,6 +16,8 @@ category.Cross-Site\ Scripting\ (XSS).ranking=41
lesson.StoredXss.ranking=10
lesson.ReflectedXSS.ranking=20
lesson.CSRF.ranking=30
lesson.CsrfPromptByPass.ranking=40
lesson.CsrfTokenByPass.ranking=50
lesson.CrossSiteScripting.hidden=true
category.Unvalidated\ Parameters.ranking=51