Miscellaneous bug fixes
divide by zero, inaccurate discount and totals, reflection of user input git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@273 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
rogan.dawes
23
main/project/WebContent/lesson_plans/DOMInjection.html
Normal file
23
main/project/WebContent/lesson_plans/DOMInjection.html
Normal file
@ -0,0 +1,23 @@
|
||||
<div align="Center">
|
||||
<p><b>Lesson Plan Title:</b> How to Perform DOM Injection Attack. </p>
|
||||
</div>
|
||||
|
||||
<p><b>Concept / Topic To Teach:</b> </p>
|
||||
How to perform DOM injection attacks.
|
||||
<br>
|
||||
<div align="Left">
|
||||
<p>
|
||||
<b>How the attacks works:</b>
|
||||
</p>
|
||||
Some applications specially the ones that uses AJAX manipulates and updates the DOM
|
||||
directly using javascript, DHTML and eval() method.<br>
|
||||
An attacker may take advantage of that by intercepting the reply and try to inject some
|
||||
javascript commands to exploit his attacks.
|
||||
</div>
|
||||
<p><b>General Goal(s):</b> </p>
|
||||
<!-- Start Instructions -->
|
||||
* Your victim is a system that takes an activation key to allow you to use it.<br>
|
||||
* Your goal should be to try to get to enable the activate button.<br>
|
||||
* Take some time to see the HTML source in order to understand how the key validation process works.<br>
|
||||
<!-- Stop Instructions -->
|
||||
|
||||
Reference in New Issue
Block a user