Restructured the baseline to remove extra src/main directory structure. Added eclipes project file

git-svn-id: http://webgoat.googlecode.com/svn/branches/webgoat-6.0@485 4033779f-a91e-0410-96ef-6bf7bf53c507
2012-11-19 23:57:51 +00:00
parent fb938e0933
commit 6a96547ef0
1204 changed files with 85 additions and 2 deletions
--- a/webapp/lesson_plans/English/OffByOne.html
+++ b/webapp/lesson_plans/English/OffByOne.html
@ -0,0 +1,21 @@
+<div align="Center">
+<p><b>Lesson Plan Title:</b> How to Exploit "Off-by-One" Buffer Overflow Vulnerabilities</p>
+</div>
+<p><b>Concept / Topic To Teach:</b></p>
+How to Exploit a Web Based "Off-by-One" Buffer Overflow.
+<br>
+<div align="Left">
+<p><b>How the attack works:</b>
+</p>
+Despite being more rare, buffer overflow vulnerabilities on the web occur when a tier of the application has insufficient memory allocated to deal with the data submitted by the user. Typically, such a tier would be written in C or a similar language. 
+
+For the particular subset, namely, off-by-one overflows, this lesson focuses on the consequences of being able to overwrite the position for the trailing null byte. 
+
+As a result, further information is returned back to the user, due to the fact that no null byte was found.
+</div>
+<p><b>Lesson Goal(s):</b> </p>
+<!-- Start Instructions -->
+<p>Welcome to the <b>OWASP Hotel</b>! Can you find out which room a VIP guest is staying in?</p>
+<!-- Stop Instructions -->
+* Understand how a buffer overflow vulnerability can be triggered on a web application.<br>
+* Understand what type of value lengths are likely to trigger a buffer overflow.<br>