[Owasp-webgoat] Reading other user's messages from WebGoat forum
Marco Koster
marcokoster at gmx.ch
Wed Sep 9 07:07:32 EDT 2009
Hello everybody
I have a question about WebGoat. If I post a message in the forum at
Cross-Site Scripting (XSS) / Cross Site Request Forgery (CSFR), is it
possible somehow for other users to read that message as well? For example:
if I log in to webgoat as "guest" and post a message there, is it
possible for
another user, say, "guest1" to read that message, too?
So far I realized that messages can be read only by the users who
created them.
Is there some workaround to fix that?
I am using WebGoat version 5.2.
Thank you in advance for your answers
Best regards,
Marco Koster
More information about the Owasp-webgoat
mailing list