[Owasp-cincinnati] CSRF lesson in WebGoat
Marco M. Morana
marco.m.morana at gmail.com
Fri Jun 13 07:57:27 EDT 2008
Thanks Scott
Marco
p.s. I think is advisable in this case to report this issue as a bug in
Webgoat
_____
From: owasp-cincinnati-bounces at lists.owasp.org
[mailto:owasp-cincinnati-bounces at lists.owasp.org] On Behalf Of Scott Nusbaum
Sent: Thursday, June 12, 2008 9:53 PM
To: Zhou, Yan; owasp-cincinnati at lists.owasp.org
Subject: Re: [Owasp-cincinnati] CSRF lesson in WebGoat
Yan,
I helped a co-worker with this issue today. In the source code the
programmer used a executeQuery command to insert the data into the database.
The executeQuery raises an exception if the given SQL statement produces
anything other than a single ResultSet object. Since the SQL statement is an
Insert it won't return a result set and will fail displaying the error
message you noted. If you change the executeQuery to executeUpdate the
lesson will work properly.
I hope this helps.
Scott
"Zhou, Yan" <yzhou at medplus.com> wrote:
Hi there,
I have been trying the CSRF lesson in Web Goat, I kept seeing this error
message: * Could not add message to database
After debugging WebGoat, it does not seem like that is the problem. Even if
I copy the message right there from "Hint", I still do not get a checkmark.
Did I miss anything?
Thanks,
Yan
_______________________________________________
Owasp-cincinnati mailing list
Owasp-cincinnati at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-cincinnati
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-cincinnati/attachments/20080613/aca68e5f/attachment.html
More information about the Owasp-cincinnati
mailing list