stanislas89 / webgoat

Automatically exported from code.google.com/p/webgoat
0 stars 0 forks source link

Bug on Log Spoofing Lesson #14

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
What steps will reproduce the problem?
1. put "<script>document.write("userA\nLogin success for username:
admin");</script>" in username field 

What is the expected output? What do you see instead?
It should say Congratulation but it does not.

What version of the product are you using? On what operating system?
Webgoat 5.1 on Windows XP Pro

Please provide any additional information below.

Original issue reported on code.google.com by donut...@gmail.com on 2 Jul 2008 at 8:03

GoogleCodeExporter commented 8 years ago
This is a clever solution to this lesson.  

However, this only writes the message to the screen and the screen simulates 
what is
in the log file. I will clean up the lesson to echo to the screen what is 
actually in
the "LOG".  The intent was to have data in the log where the log is read by 
another
program or user.

Original comment by mayhe...@gmail.com on 7 Jul 2008 at 11:57

GoogleCodeExporter commented 8 years ago

Original comment by mayhe...@gmail.com on 23 Apr 2012 at 7:59

GoogleCodeExporter commented 8 years ago
Fixed in 5.4

Original comment by mayhe...@gmail.com on 24 Apr 2012 at 4:23

GoogleCodeExporter commented 8 years ago

Original comment by sherif.fathy on 24 Apr 2012 at 4:29