ryancblack/webgoat

Suggested URL to access webgoat from webgoat.sh is incorrect

Closed this issue · 3 comments

GoogleCodeExporter commented 
What steps will reproduce the problem?
1. Execute the webgoat.sh script to startup the bundled webgoat/tomcat software
2. Observe that the script recommends the user go to 
http://127.0.0.1/WebGoat/attack
3. Go to this url in your browser and observe that the page fails to load
4. The correct URL is http://127.0.0.1/webgoat/attack (note the lowercase w and 
g)

What is the expected output? What do you see instead?
Expected
  Open http://127.0.0.1/webgoat/attack
  Username: guest
  Password: guest
  Or try http://guest:guest@127.0.0.1/webgoat/attack 

Current
  Open http://127.0.0.1/WebGoat/attack
  Username: guest
  Password: guest
  Or try http://guest:guest@127.0.0.1/WebGoat/attack 


What version of the product are you using? On what operating system?
WebGoat-OWASP_Standard-5.3_RC1.7z 
Mac 10.6.4
Firefox 3.6.8

Please provide any additional information below.

Original issue reported on code.google.com by mwcoa...@gmail.com on 12 Aug 2010 at 12:34

GoogleCodeExporter commented 
I am finding this too: the app is installed into 127.0.0.1/webgoat/attack 
directory, but every reference in the documentation I have seen so far has used 
the 'WebGoat' capitalisation [1][2][3]. 

I'm sure that there are more examples beyond those three, and it is an RC1. 

As a result, I propose that it is the app being installed to the wrong 
directory and not the documentation being incorrect.


---

WebGoat-OWASP_Standard-5.3_RC1.7z

Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.9.2.10pre) Gecko/20100908 
Ubuntu/10.04 (lucid) Namoroka/3.6.10pre

---


[1] - Two references to /WebGoat/attack on the main page 
http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project

[2] - The FAQ refers to http://localhost/WebGoat/attack
http://code.google.com/p/webgoat/wiki/FAQ

[3] - The OWASP guide refers to /WebGoat/attack on page 18 of the pdf (though 
it says page 9 at the bottom of the page)
http://www.lulu.com/items/volume_62/1416000/1416452/1/print/OWASP_WebGoat_and_We
bScarab_for_print.pdf

Original comment by Kwa...@gmail.com on 10 Sep 2010 at 2:53

GoogleCodeExporter commented 
I can confirm that /webgoat/attack is correct address (NOT /WebGoat/attack).

Regards,
Adam

Original comment by adam.now...@gmail.com on 26 Oct 2011 at 4:15

GoogleCodeExporter commented 
Fixed in 5.4 - all should be WebGoat/attack

Original comment by mayhe...@gmail.com on 23 Apr 2012 at 1:25

  • Changed state: Fixed