Small update for password reset lesson

hazanasec · May 9, 2019 · 00deb66 · 00deb66
1 parent 2a5e8df
commit 00deb66
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 3 deletions.
diff --git a/webgoat-lessons/password-reset/src/main/resources/html/PasswordReset.html b/webgoat-lessons/password-reset/src/main/resources/html/PasswordReset.html
@@ -109,8 +109,8 @@ <h4 class="">Forgot your password?</h4>
             <div class="container-fluid">
                 <div class="col-md-4">
                     <article class="card-body">
-                        <a href="" class="float-right btn btn-outline-primary">Sign up</a>
-                        <a href="" class="float-right btn btn-outline-primary">Login</a>
+                        <a class="float-right btn btn-outline-primary">Sign up</a>
+                        <a class="float-right btn btn-outline-primary">Login</a>
                         <h4 class="card-title mb-4 mt-1">WebGoat Password Recovery</h4>
                         <form>
                             <div class="form-group">

diff --git a/...password-reset/src/main/resources/lessonPlans/en/PasswordReset_host_header.adoc b/...password-reset/src/main/resources/lessonPlans/en/PasswordReset_host_header.adoc
@@ -13,7 +13,8 @@ The time out is necessary to restrict the attack window, having a link opens up
 == Assignment
 
 Try to reset the password of Tom (tom@webgoat-cloud.org) to your own choice and login as Tom with
-that password. Note: it is not possible to use OWASP ZAP for this lesson.
+that password. Note: it is not possible to use OWASP ZAP for this lesson, also browsers might not work, command line
+tools like `curl` and the like will be more successful for this attack.
 
 Tom always resets his password immediately after receiving the email with the link.