Added Backdoors lesson

git-svn-id: http://webgoat.googlecode.com/svn/trunk@47 4033779f-a91e-0410-96ef-6bf7bf53c507
2006-12-25 17:20:01 +00:00
parent 3732cd80af
commit af2df52e91
9 changed files with 224 additions and 7 deletions
--- a/webgoat/main/project/WebContent/lesson_plans/BackDoors.html
+++ b/webgoat/main/project/WebContent/lesson_plans/BackDoors.html
@ -0,0 +1,21 @@
+<div align="Center"> 
+<p><b>Lesson Plan Title:</b> How to Create Database Back Door Attacks.</p>
+ </div>
+ 
+<p><b>Concept / Topic To Teach:</b> </p>
+How to Create Database Back Door Attacks.
+ <br> 
+<div align="Left"> 
+<p>
+<b>How the attacks works:</b>
+</p>
+Database are used usually as a backend for web applications. Also it is used as a media of storage. It can also
+be used as a place to store a malacious activity such as a trigger. A trigger is called by the database management
+system upon the execution of another database operation like insert, select, update or delete. An attacker for example
+can create a trigger that would set his email address instead of every new user's email address.
+</div>
+<p><b>General Goal(s):</b> </p>
+<!-- Start Instructions -->
+* Your goal should be to learn how you can exploit a vulnerable query to create a trigger.<br>
+* You will not be able to actually create one in this lesson because the underlying database engine used with WebGoat doesn't support triggers.<br>
+<!-- Stop Instructions -->
--- a/webgoat/main/project/WebContent/lesson_plans/CSRF.html
+++ b/webgoat/main/project/WebContent/lesson_plans/CSRF.html
@ -1,5 +1,5 @@
 <div align="Center"> 
-<p><b>Lesson Plan Title:</b> Cross Site Request Forgery. </p>
+<p><b>Lesson Plan Title:</b> How to Perform Cross Site Request Forgery. </p>
 </div>
 
 <p><b>Concept / Topic To Teach:</b> </p>
--- a/webgoat/main/project/WebContent/lesson_plans/DOMInjection.html
+++ b/webgoat/main/project/WebContent/lesson_plans/DOMInjection.html
@ -1,5 +1,5 @@
 <div align="Center"> 
-<p><b>Lesson Plan Title:</b>DOM Injection. </p>
+<p><b>Lesson Plan Title:</b> How to Perform DOM Injection Attack. </p>
 </div>
 
 <p><b>Concept / Topic To Teach:</b> </p>
--- a/webgoat/main/project/WebContent/lesson_plans/ForcedBrowsing.html
+++ b/webgoat/main/project/WebContent/lesson_plans/ForcedBrowsing.html
@ -1,5 +1,5 @@
 <div align="Center"> 
-<p><b>Lesson Plan Title:</b>Forced Browsing. </p>
+<p><b>Lesson Plan Title:</b> How to Perform Forced Browsing Attacks. </p>
 </div>
 
 <p><b>Concept / Topic To Teach:</b> </p>
--- a/webgoat/main/project/WebContent/lesson_plans/HttpSplitting.html
+++ b/webgoat/main/project/WebContent/lesson_plans/HttpSplitting.html
@ -1,5 +1,5 @@
 <div align="Center"> 
-<p><b>Lesson Plan Title:</b> Http Splitting </p>
+<p><b>Lesson Plan Title:</b> How to Perform Http Splitting </p>
 </div>
 
 <p><b>Concept / Topic To Teach:</b> </p>
--- a/webgoat/main/project/WebContent/lesson_plans/LogSpoofing.html
+++ b/webgoat/main/project/WebContent/lesson_plans/LogSpoofing.html
@ -1,5 +1,5 @@
 <div align="Center"> 
-<p><b>Lesson Plan Title:</b> Log Spoofing. </p>
+<p><b>Lesson Plan Title:</b> How to Perform Log Spoofing. </p>
 </div>
 
 <p><b>Concept / Topic To Teach:</b> </p>
--- a/webgoat/main/project/WebContent/lesson_plans/XMLInjection.html
+++ b/webgoat/main/project/WebContent/lesson_plans/XMLInjection.html
@ -1,5 +1,5 @@
 <div align="Center"> 
-<p><b>Lesson Plan Title:</b> XML Injection Attacks. </p>
+<p><b>Lesson Plan Title:</b> How to Perform XML Injection Attacks. </p>
 </div>
 
 <p><b>Concept / Topic To Teach:</b> </p>
--- a/webgoat/main/project/WebContent/lesson_plans/XPATHInjection.html
+++ b/webgoat/main/project/WebContent/lesson_plans/XPATHInjection.html
@ -1,5 +1,5 @@
 <div align="Center"> 
-<p><b>Lesson Plan Title:</b> XPATH Injection Attacks. </p>
+<p><b>Lesson Plan Title:</b> How to Perform XPATH Injection Attacks. </p>
 </div>
 
 <p><b>Concept / Topic To Teach:</b> </p>