Restructured the baseline to remove extra src/main directory structure. Added eclipes project file
git-svn-id: http://webgoat.googlecode.com/svn/branches/webgoat-6.0@485 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
mayhew64@gmail.com
23
webapp/lesson_plans/en/BackDoors.html
Normal file
23
webapp/lesson_plans/en/BackDoors.html
Normal file
@ -0,0 +1,23 @@
|
||||
<div align="Center">
|
||||
<p><b>Lesson Plan Title:</b> How to Create Database Back Door Attacks.</p>
|
||||
</div>
|
||||
|
||||
<p><b>Concept / Topic To Teach:</b> </p>
|
||||
How to Create Database Back Door Attacks.
|
||||
<br>
|
||||
<div align="Left">
|
||||
<p>
|
||||
<b>How the attacks works:</b>
|
||||
</p>
|
||||
Databases are used usually as a backend for web applications. Also it is used as a media of storage. It can also
|
||||
be used as a place to store a malicious activity such as a trigger. A trigger is called by the database management
|
||||
system upon the execution of another database operation like insert, select, update or delete. An attacker for example
|
||||
can create a trigger that would set his email address instead of every new user's email address.
|
||||
</div>
|
||||
<p><b>General Goal(s):</b> </p>
|
||||
<!-- Start Instructions -->
|
||||
* Your goal should be to learn how you can exploit a vulnerable query to create a trigger.<br>
|
||||
* You will not be able to actually create one in this lesson because the underlying database engine used with WebGoat doesn't support triggers.<br>
|
||||
* Your login ID is 101.
|
||||
<!-- Stop Instructions -->
|
||||
|
||||
Reference in New Issue
Block a user