Suggested URL to access webgoat from webgoat.sh is incorrect
Closed this issue · 3 comments
GoogleCodeExporter commented
What steps will reproduce the problem?
1. Execute the webgoat.sh script to startup the bundled webgoat/tomcat software
2. Observe that the script recommends the user go to
http://127.0.0.1/WebGoat/attack
3. Go to this url in your browser and observe that the page fails to load
4. The correct URL is http://127.0.0.1/webgoat/attack (note the lowercase w and
g)
What is the expected output? What do you see instead?
Expected
Open http://127.0.0.1/webgoat/attack
Username: guest
Password: guest
Or try http://guest:guest@127.0.0.1/webgoat/attack
Current
Open http://127.0.0.1/WebGoat/attack
Username: guest
Password: guest
Or try http://guest:guest@127.0.0.1/WebGoat/attack
What version of the product are you using? On what operating system?
WebGoat-OWASP_Standard-5.3_RC1.7z
Mac 10.6.4
Firefox 3.6.8
Please provide any additional information below.
Original issue reported on code.google.com by mwcoa...@gmail.com
on 12 Aug 2010 at 12:34
GoogleCodeExporter commented
I am finding this too: the app is installed into 127.0.0.1/webgoat/attack
directory, but every reference in the documentation I have seen so far has used
the 'WebGoat' capitalisation [1][2][3].
I'm sure that there are more examples beyond those three, and it is an RC1.
As a result, I propose that it is the app being installed to the wrong
directory and not the documentation being incorrect.
---
WebGoat-OWASP_Standard-5.3_RC1.7z
Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.9.2.10pre) Gecko/20100908
Ubuntu/10.04 (lucid) Namoroka/3.6.10pre
---
[1] - Two references to /WebGoat/attack on the main page
http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project
[2] - The FAQ refers to http://localhost/WebGoat/attack
http://code.google.com/p/webgoat/wiki/FAQ
[3] - The OWASP guide refers to /WebGoat/attack on page 18 of the pdf (though
it says page 9 at the bottom of the page)
http://www.lulu.com/items/volume_62/1416000/1416452/1/print/OWASP_WebGoat_and_We
bScarab_for_print.pdf
Original comment by Kwa...@gmail.com
on 10 Sep 2010 at 2:53
GoogleCodeExporter commented
I can confirm that /webgoat/attack is correct address (NOT /WebGoat/attack).
Regards,
Adam
Original comment by adam.now...@gmail.com
on 26 Oct 2011 at 4:15
GoogleCodeExporter commented
Fixed in 5.4 - all should be WebGoat/attack
Original comment by mayhe...@gmail.com
on 23 Apr 2012 at 1:25
- Changed state: Fixed