WebGoat/src/main/resources/lessons/hijacksession/templates/hijackform.html

<div class="row">
	<div class="col-md-4">
		<form class="attack-form" accept-charset="UNKNOWN" method="POST"
			action="HijackSession/login">
			<div style="padding: 20px;" id="password-login">
				<h4 style="border-bottom: 1px solid #c5c5c5;">Account Access</h4>
				<fieldset>
					<div class="form-group input-group">
						<span class="input-group-addon"> <i
							class="glyphicon glyphicon-user"></i>
						</span> <input class="form-control" placeholder="User name"
							name="username" type="text"></input>
					</div>
					<div class="form-group input-group">
						<span class="input-group-addon"><i
							class="glyphicon glyphicon-lock"></i></span> <input class="form-control"
							placeholder="Password" name="password" type="password" />
					</div>
					<button type="submit" class="btn btn-primary btn-block">Access</button>
				</fieldset>
			</div>
		</form>
	</div>
</div>