Everything after -- is commented out. The query now returns true immediately.
Change answer to ' OR 1=1 -- in the raw HTTP request. Sometimes WebGoat’s frontend validation blocks the payload, but the backend accepts it. webgoat password reset 6
The goal is to change the password for the user and then log in with that new password. You will use WebWolf to intercept the "reset" email. Intercept the Reset Request Navigate to the "Forgot Password" form in WebGoat. Everything after -- is commented out