Lesson Plan Title: Client Side Filtering
Concept / Topic To Teach:
It is always a good practice to send to the client only information which they are supposed to have access to. In this lesson, too much information is being sent to the client, creating a serious access control problem.General Goal(s):
For this exercise, your mission is exploit the extraneous information being returned by the server to discover information to which you should not have access.