[Owasp-cincinnati] CSRF lesson in WebGoat

Marco M. Morana marco.m.morana at gmail.com
Fri Jun 13 07:57:27 EDT 2008

Thanks Scott




p.s. I think is advisable in this case to report this issue as a bug in



From: owasp-cincinnati-bounces at lists.owasp.org
[mailto:owasp-cincinnati-bounces at lists.owasp.org] On Behalf Of Scott Nusbaum
Sent: Thursday, June 12, 2008 9:53 PM
To: Zhou, Yan; owasp-cincinnati at lists.owasp.org
Subject: Re: [Owasp-cincinnati] CSRF lesson in WebGoat



I helped a co-worker with this issue today. In the source code the
programmer used a executeQuery command to insert the data into the database.
The executeQuery raises an exception if the given SQL statement produces
anything other than a single ResultSet object. Since the SQL statement is an
Insert it won't return a result set and will fail displaying the error
message you noted. If you change the executeQuery to executeUpdate the
lesson will work properly.

I hope this helps.


"Zhou, Yan" <yzhou at medplus.com> wrote:

Hi there, 


I have been trying the CSRF lesson in Web Goat, I kept seeing this error
message: * Could not add message to database


After debugging WebGoat, it does not seem like that is the problem. Even if
I copy the message right there from "Hint", I still do not get a checkmark. 


Did I miss anything?




Owasp-cincinnati mailing list
Owasp-cincinnati at lists.owasp.org



-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-cincinnati/attachments/20080613/aca68e5f/attachment.html 

More information about the Owasp-cincinnati mailing list