[Owasp-cincinnati] CSRF lesson in WebGoat
scottnusbaum at yahoo.com
Thu Jun 12 21:52:44 EDT 2008
I helped a co-worker with this issue today. In the source code the programmer used a executeQuery command to insert the data into the database. The executeQuery raises an exception if the given SQL statement produces anything other than a single ResultSet object. Since the SQL statement is an Insert it won't return a result set and will fail displaying the error message you noted. If you change the executeQuery to executeUpdate the lesson will work properly.
I hope this helps.
"Zhou, Yan" <yzhou at medplus.com> wrote: Hi there,
I have been trying the CSRF lesson in Web Goat, I kept seeing this error message: * Could not add message to database
After debugging WebGoat, it does not seem like that is the problem. Even if I copy the message right there from Hint, I still do not get a checkmark.
Did I miss anything?
Owasp-cincinnati mailing list
Owasp-cincinnati at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-cincinnati