CS - Bypass Front-end restrictions.md CS - Client site filtering.md CS - HTML tampering.md Ch - Admin lost password.md Ch - Admin password reset.md Ch - Without account.md Ch - Without password.md README.mdBreadcrumbs webgoat / A10 Cross-site Request Forgeries.md Latest...
A10 Server-side Request Forgery 1. Cross-Site Request Forgeries 1-3, 这里有个submit query按钮,直接点击会提示来自相同host,我们改下请求的host就可以拿到flag,这是最简单的方法,但这里应该不是这个目的。xsrf通常是同一浏览器的不同网站之间有恶意行为。所以我们要自己写一个html文件来模拟外站,复制sub query...
A10 Cross-site Request Forgeries.md A10 Server-Site Request Forgery.md A2 Crypto Basics.md A3 Cross Site Scripting.md A3 Path traversal.md A3 SQL Injection Advanced.md A3 SQL Injection Intro.md A3 SQL Injection mitigation.md A5 XXE.md A7 Authentication Bypasses.md A7 Insecure Login.md A7 JW...
A10 Cross-site Request Forgeries.md A10 Server-Site Request Forgery.md A2 Crypto Basics.md A3 Cross Site Scripting (stored).md A3 Cross Site Scripting.md A3 Path traversal.md A3 SQL Injection Advanced.md A3 SQL Injection Intro.md A3 SQL Injection mitigation.md ...
A10 Cross-site Request Forgeries.md A10 Server-Site Request Forgery.md A2 Crypto Basics.md A3 Cross Site Scripting.md A3 Path traversal.md A3 SQL Injection Advanced.md A3 SQL Injection Intro.md A3 SQL Injection mitigation.md A5 XXE.md A7 Authentication Bypasses.md A7 Insecure Login.md A7 JW...