[Owasp-cincinnati] CSRF lesson in WebGoat

Marco M. Morana marco.m.morana at gmail.com
Fri Jun 13 07:57:27 EDT 2008


Thanks Scott

 

Marco

 

p.s. I think is advisable in this case to report this issue as a bug in
Webgoat

 

  _____  

From: owasp-cincinnati-bounces at lists.owasp.org
[mailto:owasp-cincinnati-bounces at lists.owasp.org] On Behalf Of Scott Nusbaum
Sent: Thursday, June 12, 2008 9:53 PM
To: Zhou, Yan; owasp-cincinnati at lists.owasp.org
Subject: Re: [Owasp-cincinnati] CSRF lesson in WebGoat

 

Yan,

I helped a co-worker with this issue today. In the source code the
programmer used a executeQuery command to insert the data into the database.
The executeQuery raises an exception if the given SQL statement produces
anything other than a single ResultSet object. Since the SQL statement is an
Insert it won't return a result set and will fail displaying the error
message you noted. If you change the executeQuery to executeUpdate the
lesson will work properly.

I hope this helps.

Scott

"Zhou, Yan" <yzhou at medplus.com> wrote:

Hi there, 

 

I have been trying the CSRF lesson in Web Goat, I kept seeing this error
message: * Could not add message to database

 

After debugging WebGoat, it does not seem like that is the problem. Even if
I copy the message right there from "Hint", I still do not get a checkmark. 

 

Did I miss anything?

 

Thanks, 

Yan

_______________________________________________
Owasp-cincinnati mailing list
Owasp-cincinnati at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-cincinnati

 

  

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-cincinnati/attachments/20080613/aca68e5f/attachment.html 


More information about the Owasp-cincinnati mailing list