[Owasp-o2-platform] How to change a parameter?

• Next message: [Owasp-o2-platform] How to change a parameter?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi, I am trying to solve the third stage of WebGoat sqli through the O2.
I can select the larry profile in the list with:
ie.selectLists()[1].options()[0].select().flash();
but I fail to change the value of the paramater id.

Another way to do this, is intercept the request with webscarab,
Someone automated the webscarab with O2?

Follow my script:

panel.clear();
var ie = panel.add_IE().silent(true);

ie.open("http://172.16.234.138");
ie.link("OWASP WebGoat version 5.3.x").click();
ie.link("Injection Flaws").click();
ie.link("LAB: SQL Injection").click();
ie.link("Stage 3: Numeric SQL Injection").click();

/*Login with larry user*/
ie.field("password").value("larry");
ie.button("Login").flash().click();

ie.selectLists()[1].options()[0].select().flash();
var payload = "101 OR 1=1 ORDER BY salary desc";

/*Change the id*/
/* I couldnt do this */

ie.button("ViewProfile").click();

return 0;

-- 
Thiago
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-o2-platform/attachments/20101203/7199ba80/attachment.html 

• Next message: [Owasp-o2-platform] How to change a parameter?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]