This change includes two additional CSRF lessons. One for

Browse Source

by-passing a prompt (showing why prompts don't work).  The second for
by-passing CSRF tokens when XSS exists. 

It also modifies the existing CSRF lesson so that the lesson
can be extended and used by the two new lessons.


git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@386 4033779f-a91e-0410-96ef-6bf7bf53c507

...

This commit is contained in:

cam.morris

2009-10-23 21:23:17 +00:00

parent b4af6471b1

commit d2a6a2b272

19 changed files with 747 additions and 11 deletions

Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL

Download Patch File Download Diff File Expand all files Collapse all files

BIN

main/project/WebContent/lesson_solutions/CsrfPromptByPass_files/imgPromptHack.png Normal file

Binary file not shown.

Side by Side After Width:  |  Height:  |  Size: 230 KiB