dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #618 from matthias-g/csrf-3-post

Browse Source 
Do not allow trivial solution to CSRF-3
This commit is contained in:
misfir3 2019-07-12 17:16:23 -06:00 committed by GitHub
commit e36b4c3910
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
webgoat-lessons/csrf/src/main/java/org/owasp/webgoat/plugin/CSRFGetFlag.java
View File

@ -27,7 +27,7 @@ public class CSRFGetFlag extends Endpoint {
@Autowired @Autowired
private PluginMessages pluginMessages; private PluginMessages pluginMessages;
@RequestMapping(produces = {"application/json"}, method = RequestMethod.GET) @RequestMapping(produces = {"application/json"}, method = RequestMethod.POST)
@ResponseBody @ResponseBody
public Map<String, Object> invoke(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { public Map<String, Object> invoke(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {

2
webgoat-lessons/csrf/src/main/resources/html/CSRF.html
View File

@ -14,7 +14,7 @@
<div class="adoc-content" th:replace="doc:CSRF_Get_Flag.adoc"></div> <div class="adoc-content" th:replace="doc:CSRF_Get_Flag.adoc"></div>
<form accept-charset="UNKNOWN" id="basic-csrf-get" <form accept-charset="UNKNOWN" id="basic-csrf-get"
method="GET" name="form1" method="POST" name="form1"
target="_blank" target="_blank"
successCallback="" successCallback=""
action="/WebGoat/csrf/basic-get-flag" action="/WebGoat/csrf/basic-get-flag"