dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

renamed JavaSource -> java, WebContent -> webapp regarding to Maven convention

Browse Source 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@392 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
ch.ko123
2009-11-01 11:04:59 +00:00
parent bb15524a7a
commit 791341000c
1033 changed files with 13 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
webgoat/main/project/webapp/lesson_plans/English/Phishing.html Normal file
View File

@ -0,0 +1,16 @@
<div align="Center">
<p><b>Lesson Plan Title:</b> Phishing with XSS </p>
</div>
<p><b>Concept / Topic To Teach:</b> </p>
<!-- Start Instructions -->
It is always a good practice to validate all input on the server side.
XSS can occur when unvalidated user input is used in an HTTP response.
With the help of XSS you can do a Phishing Attack and add content to a page
which looks official. It is very hard for a victim to determinate
that the content is malicious.
<!-- Stop Instructions -->
<p><b>General Goal(s):</b> </p>
The user should be able to add a form asking for username
and password. On submit the input should be sent
to http://localhost/WebGoat/catcher?PROPERTY=yes &user=catchedUserName&password=catchedPasswordName