dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Moved remotely

Browse Source 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@15 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
mayhew64
2006-09-30 13:41:26 +00:00
parent 0465a6d6aa
commit 98949c00d8
155 changed files with 0 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
webgoat/main/project/WebContent/lesson_plans/TraceXSS.html Normal file
View File

@ -0,0 +1,9 @@
<div align="Center">
<p><b>Lesson Plan Title:</b> How to Perform Cross Site Trace Attacks </p>
</div>
<p><b>Concept / Topic To Teach:</b> </p>
<!-- Start Instructions -->
It is always a good practice to scrub all inputs, especially those inputs that will later be used as parameters to OS commands, scripts, and database queries. It is particularly important for content that will be permanently stored somewhere. Users should not be able to create message content that could cause another user to load an undesireable page or undesireable content when the user's message is retrieved.
<p><b>General Goal(s):</b> </p>
Tomcat is configured to support the HTTP TRACE command. Your goal is to perform a Cross Site Trace (XST) attack.
<!-- Stop Instructions -->