[prev in list] [next in list] [prev in thread] [next in thread]
List: owasp-webgoat
Subject: [Owasp-webgoat] Lab: Role Based Access
From: "Arnold, Mark A." <mark.arnold () thermofisher ! com>
Date: 2007-03-21 19:32:58
Message-ID: EF4532F8D245DA4CB2A229CCAA44013802BC5074 () USWAL-MXVS01 ! amer ! thermo ! com
[Download RAW message or body]
All,
Can I get some feedback on the approach. After on as a normal user, I was able to \
view the profile of Jerry Mouse by intercepting the POST and changing the employee_id \
to 106.
Subsequent attempts to do the same, fail. Even valid attempts to view the profile \
return an error.
First, is my approach valid? Second, what my explain the issues I am having.
(Usin ie browser v. 6.0 on XP SP 2.
Best
_______________________________________________
Owasp-webgoat mailing list
Owasp-webgoat@lists.owasp.org
http://lists.owasp.org/mailman/listinfo/owasp-webgoat
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic