WebGoat教程学习(六)--日志欺骗(Log Spoofing)

The grey area below represents what is going to be logged in the web server's log file.
* Your goal is to make it like a username "admin" has succeeded into logging in.
* Elevate your attack by adding a script to the log file.

 

灰色框框的部分是日志输出部分,日志的记录是Login failed for username:输入的username

但是当输入的username是smith%0D%0ALogin Succeeded for username admin,如下图所示,会误认为admin账户登录成功了。

 

WebGoat教程学习(六)--日志欺骗(Log Spoofing)_第1张图片

 

转载于:https://www.cnblogs.com/cindy-2014/p/6062909.html

你可能感兴趣的:(java)