[Owasp-cincinnati] CSRF lesson in WebGoat

Scott Nusbaum scottnusbaum at yahoo.com
Thu Jun 12 21:52:44 EDT 2008


Yan,

I helped a co-worker with this issue today. In the source code the programmer used a executeQuery command to insert the data into the database. The executeQuery raises an exception if the given             SQL statement produces anything other than a single             ResultSet object. Since the SQL statement is an Insert it won't return a result set and will fail displaying the error message you noted. If you change the executeQuery to executeUpdate the lesson will work properly.

I hope this helps.

Scott

"Zhou, Yan" <yzhou at medplus.com> wrote:              Hi there, 
   
  I have been trying the CSRF lesson in Web Goat, I kept seeing this error message: * Could not add message to database
   
  After debugging WebGoat, it does not seem like that is the problem. Even if I copy the message right there from “Hint”, I still do not get a checkmark. 
   
  Did I miss anything?
   
  Thanks, 
  Yan
  
  _______________________________________________
Owasp-cincinnati mailing list
Owasp-cincinnati at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-cincinnati


       
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-cincinnati/attachments/20080612/e1312b01/attachment.html 


More information about the Owasp-cincinnati mailing list