git-svn-id: http://webgoat.googlecode.com/svn/trunk@28 4033779f-a91e-0410-96ef-6bf7bf53c507

2006-11-03 01:14:36 +00:00
parent ca2dfa27d1
commit 6a59cd6e6e
7 changed files with 78 additions and 18 deletions
--- a/webgoat/main/project/WebContent/lesson_plans/ForcedBrowsing.html
+++ b/webgoat/main/project/WebContent/lesson_plans/ForcedBrowsing.html
@ -1,9 +1,21 @@
-<div align="Center">
-<p><b>Lesson Plan Title:</b> How to Exploit Forced Browsing</p>
-</div>
-<!-- Start Instructions -->
+<div align="Center"> 
+<p><b>Lesson Plan Title:</b>Forced Browsing. </p>
+ </div>
+ 
 <p><b>Concept / Topic To Teach:</b> </p>
-How to Exploit Forced Browsing
+How to Exploit Forced Browsing.
+ <br> 
+<div align="Left"> 
+<p>
+<b>How the attacks works:</b>
+</p>
+Forced browsing is a technique used by attackers to gain access to resources that are not referenced, but are nevertheless accessible. 
+
+One technique is to manipulate the URL in the browser by deleting sections from the end until an unprotected directory is found
+</div>
 <p><b>General Goal(s):</b> </p>
-This lesson needs a creator!
-<!-- Stop Instructions -->
+<!-- Start Instructions -->
+* Your goal should be to try to guess the URL for the "config" interface.<br>
+* The "config" URL is only available to the maintenance personnel.<br>
+* The application doesn't check for horizontal priveleges.
+<!-- Stop Instructions -->