Function AC User: Spelling and grammar fixes.

2020-05-24 13:07:44 +02:00 · 2020-05-24 13:07:44 +02:00 · ae156a4a0f
commit ae156a4a0f
parent 9576c6b9da
1 changed files with 3 additions and 4 deletions
--- a/webgoat-lessons/missing-function-ac/src/main/resources/lessonPlans/en/missing-function-ac-03-users.adoc
+++ b/webgoat-lessons/missing-function-ac/src/main/resources/lessonPlans/en/missing-function-ac-03-users.adoc
@ -1,10 +1,9 @@
 == Just Try It
-As the previous page noted, sometimes apps rely on client controls. to control access (obscurity). If you can find items that don't have visible links, just try them, see what happens. Yes, it
+As the previous page described, sometimes applications rely on client-side controls to control access (obscurity). If you can find items which are invisible, just try them and see what happens. Yes, it can be that simple!
 can be that simple!
 === Gathering User Info
-Often times, data dumps from vulnerabilities such as sql injection, but they can also come from poor or lacking access control.
+Often data dumps originate from vulnerabilities such as sql injection, but they can also come from poor or lacking access control.
-It will likely take multiple steps and multiple attempts to get this one. Pay attention to the comments, leaked info. and you'll need to guess some.  You may need to use another browser/account along the way.  Start with the info. you already gathered (hidden menu items) to see if you can pull the list of users and then provide the 'Hash' for your own user account.
+It will likely take multiple steps and multiple attempts to get this one. Pay attention to the comments and leaked info. And you'll need to do some guessing too.  You may need to use another browser/account along the way.  Start with the info you already gathered (hidden menu items) to see if you can pull the list of users and then provide the 'Hash' for your own user account.