Open CoolGoose opened 1 year ago
https://github.com/sonatype-nexus-community/codetocloud-workshop/blob/main/src/main/resources/webgoat/templates/login.html
No csrf handling for the form
cross site request forgery :P
Details
https://github.com/sonatype-nexus-community/codetocloud-workshop/blob/main/src/main/resources/webgoat/templates/login.html
PoC
No csrf handling for the form
Impact
cross site request forgery :P