Last active
September 18, 2018 09:05
-
-
Save jipengxiang/e3b0b1fa8a9ac59bd7553d94c03e5a72 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Batch file to start web goat container: | |
cd /D C:\LEcturer\ST2515\Download | |
java -jar webgoat-container-7.0.1-war-exec.jar -httpPort 8080 | |
【WebGoat习题解析】Parameter Tampering->Bypass HTML Field Restrictions | |
The form below uses HTML form field restrictions. In order to pass this lesson, submit the form with each field containing | |
an unallowed value. You must submit invalid values for all six fields in one form submission. | |
1、这个习题如果直接用burp拦截提交请求后,发现Disabled input field没有被抓取到,所以就利用开发者工具将Disabled input field的“disabled”属性删掉 | |
2、利用burp拦截提交请求,并将6个输入区域(包含radio button,checkbox,输入框,submit按钮);此时发现Disabled input field输入值也被抓取到了 | |
3、将输入值改成invalid value之后,点击“forward”;这样misson就完成了 | |
Author
jipengxiang
commented
Sep 17, 2018
•
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment