Lesson Plan Title: Client Side Filtering

Concept / Topic To Teach:

It is always a good practice to send to the client only information which they are supposed to have access to. In this lesson, too much information is being sent to the client, creating a serious access control problem.

General Goal(s):

For this exercise, your mission is exploit the extraneous information being returned by the server to discover information to which you should not have access.