dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added JSONInjection, SilentTransactions

Browse Source 
Modified The install guide

git-svn-id: http://webgoat.googlecode.com/svn/trunk@48 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
sherif.fathy
2006-12-28 15:35:10 +00:00
parent af2df52e91
commit 5e061d5bad
6 changed files with 491 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
webgoat/main/project/WebContent/lesson_plans/DOMInjection.html
View File

@ -10,13 +10,13 @@ How to perform DOM injection attacks.
<b>How the attacks works:</b>
</p>
Some applications specially the ones that uses AJAX manipulates and updates the DOM
directly using javascript, DHTML and eval.<br>
directly using javascript, DHTML and eval() method.<br>
An attacker may take advantage of that by intercepting the reply and try to inject some
javascript commands to exploit his attacks.
</div>
<p><b>General Goal(s):</b> </p>
<!-- Start Instructions -->
* Your victim is a system that takes an activatation key to allow you to use it.
* Your victim is a system that takes an activatation key to allow you to use it.<br>
* Your goal should be to try to get to enable the activate button.<br>
* Take some time to see the HTML source in order to understand how does it work.<br>
* Take some time to see the HTML source in order to understand how the key validation process works.<br>
<!-- Stop Instructions -->