<!DOCTYPE html> <html xmlns:th="http://www.thymeleaf.org"> <div class="lesson-page-wrapper"> <div class="adoc-content" th:replace="doc:CSRF_intro.adoc"></div> </div> <div class="lesson-page-wrapper"> <div class="adoc-content" th:replace="doc:CSRF_GET.adoc"></div> </div> <div class="lesson-page-wrapper"> <div class="adoc-content" th:replace="doc:CSRF_Get_Flag.adoc"></div> <form accept-charset="UNKNOWN" id="basic-csrf-get" method="GET" name="form1" successCallback="" action="/WebGoat/csrf/basic-get-flag" enctype="application/json;charset=UTF-8"> <input name="csrf" type="hidden" value="false"/> <input type="submit" name="ubmit="/> </form> <div class="adoc-content" th:replace="doc:CSRF_Basic_Get-1.adoc"></div> <div class="attack-container"> <div class="assignment-success"> <i class="fa fa-2 fa-check hidden" aria-hidden="true"> </i> </div> <form class="attack-form" accept-charset="UNKNOWN" id="confirm-flag-1" method="POST" name="form2" successCallback="" action="/WebGoat/csrf/confirm-flag-1" enctype="application/json;charset=UTF-8"> Confirm Flag Value: <input type="text" length="6" name="confirmFlagVal" value=""/> <input name="submit" value="Submit" type="submit"/> </form> <div class="attack-feedback"></div> <div class="attack-output"></div> </div> </div> <div class="lesson-page-wrapper"> <div class="adoc-content" th:replace="doc:CSRF_Reviews.adoc"></div> <!-- comment area --> <link rel="stylesheet" type="text/css" th:href="@{/lesson_css/reviews.css}"/> <script th:src="@{/lesson_js/csrf-review.js}" language="JavaScript"></script> <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div> <div class="attack-container"> <div class="container-fluid"> <div class="panel post"> <div class="post-heading"> <div class="pull-left image"> <img th:src="@{/images/avatar1.png}" class="img-circle avatar" alt="user profile image"/> </div> <div class="pull-left meta"> <div class="title h5"> <a href="#"><b>John Doe</b></a> is selling this poster, read reviews below. </div> <h6 class="text-muted time">24 days ago</h6> </div> </div> <div class="post-image"> <img th:src="@{images/cat.jpg}" class="image" alt="image post"/> </div> <div class="post-description"> </div> <div class="attack-container"> <div class="post-footer"> <div class="input-group"> <form class="attack-form" accept-charset="UNKNOWN" id="csrf-review" method="POST" name="review-form" successCallback="" action="/WebGoat/csrf/review"> <input class="form-control" id="reviewText" name="reviewText" placeholder="Add a Review" type="text"/> <input class="form-control" id="reviewStars" name="stars" type="text"/> <input type="hidden" name="validateReq" value="2aa14227b9a13d0bede0388a7fba9aa9"/> <input type="submit" name="submit" value="Submit review"/> </form> <div class="attack-feedback"></div> <div class="attack-output"></div> <!--<span class="input-group-addon">--> <!--<i id="postReview" class="fa fa-edit" style="font-size: 20px"></i>--> <!--</span>--> </div> <ul class="comments-list"> <div id="list"> </div> </ul> </div> </div> </div> </div> </div> <!-- end comments --> </div> <div class="lesson-page-wrapper"> <div class="adoc-content" th:replace="doc:CSRF_Frameworks.adoc"></div> </div> <div class="lesson-page-wrapper"> <div class="adoc-content" th:replace="doc:CSRF_JSON.adoc"></div> </div> <div class="lesson-page-wrapper"> <div class="adoc-content" th:replace="doc:CSRF_ContentType.adoc"></div> <script th:src="@{/lesson_js/feedback.js}" language="JavaScript"></script> <div style="container-fluid; background-color: #f1f1f1; border: 2px solid #a66; border-radius: 12px; padding: 7px; margin-top:7px; padding:5px;"> <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div> <div class="container-fluid"> <div class="row"> <div class="col-md-8"> <div class="well well-sm"> <form class="attack-form" accept-charset="UNKNOWN" id="csrf-feedback" method="POST" prepareData="feedback" action="/WebGoat/csrf/feedback/message" contentType="application/json"> <div class="row"> <div class="col-md-6"> <div class="form-group"> <label for="name"> Name</label> <input type="text" class="form-control" name="name" id="name" placeholder="Enter name" required="required"/> </div> <div class="form-group"> <label for="email"> Email Address</label> <div class="input-group"> <span class="input-group-addon"><span class="glyphicon glyphicon-envelope"></span> </span> <input type="email" name="email" class="form-control" id="email" placeholder="Enter email" required="required"/></div> </div> <div class="form-group"> <label for="subject"> Subject</label> <select id="subject" name="subject" class="form-control" required="required"> <option value="na" selected="">Choose One:</option> <option value="service">General Customer Service</option> <option value="suggestions">Suggestions</option> <option value="product">Product Support</option> </select> </div> </div> <div class="col-md-6"> <div class="form-group"> <label for="name"> Message</label> <textarea name="message" id="message" class="form-control" rows="9" cols="25" required="required" placeholder="Message"></textarea> </div> </div> <div class="col-md-12"> <button class="btn btn-primary pull-right" id="btnContactUs"> Send Message </button> </div> </div> </form> </div> </div> </div> </div> </div> <div class="attack-container"> <div class="assignment-success"> <i class="fa fa-2 fa-check hidden" aria-hidden="true"> </i> </div> <form class="attack-form" accept-charset="UNKNOWN" id="confirm-flag-feedback" method="POST" name="form2" action="/WebGoat/csrf/feedback" enctype="application/json;charset=UTF-8"> Confirm Flag Value: <input type="text" length="6" name="confirmFlagVal" value=""/> <input name="submit" value="Submit" type="submit"/> </form> <div class="attack-feedback"></div> <div class="attack-output"></div> </div> </div> <div class="lesson-page-wrapper"> <div class="adoc-content" th:replace="doc:CSRF_Login.adoc"></div> <div class="attack-container"> <div class="assignment-success"> <i class="fa fa-2 fa-check hidden" aria-hidden="true"> </i> </div> <form class="attack-form" accept-charset="UNKNOWN" id="confirm-flag-login" method="POST" name="form2" action="/WebGoat/csrf/login" enctype="application/json;charset=UTF-8"> Press the button below when your are logged in as the other user<br/> <input name="submit" value="Solved!" type="submit"/> </form> <div class="attack-feedback"></div> <div class="attack-output"></div> </div> </div> <div class="lesson-page-wrapper"> <div class="adoc-content" th:replace="doc:CSRF_Impact_Defense.adoc"></div> </div> <!--</div>--> </html>