Miscellaneous bug fixes
divide by zero, inaccurate discount and totals, reflection of user input git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@273 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
24
main/project/WebContent/lesson_plans/JSONInjection.html
Normal file
24
main/project/WebContent/lesson_plans/JSONInjection.html
Normal file
@ -0,0 +1,24 @@
|
||||
<div align="Center">
|
||||
<p><b>Lesson Plan Title:</b> How to Perform JSON Injection </p>
|
||||
</div>
|
||||
|
||||
<p><b>Concept / Topic To Teach:</b> </p>
|
||||
This lesson teaches how to perform JSON Injection Attacks.
|
||||
<br>
|
||||
<div align="Left">
|
||||
<p>
|
||||
<b>How the attacks works:</b>
|
||||
</p>
|
||||
JavaScript Object Notation (JSON) is a simple and effective lightweight data exchange format. JSON can be in a lot of forms such as arrays, lists, hashtables and other data structures.
|
||||
JSON is widely used in AJAX and Web2.0 application and is favored by programmers over XML because of its ease of use and speed.
|
||||
However, JSON, like XML is prone to Injection attacks. A malicious attacker can inject the reply from the server and inject some arbitrary values in there.
|
||||
|
||||
</div>
|
||||
<p><b>General Goal(s):</b> </p>
|
||||
<!-- Start Instructions -->
|
||||
* You are traveling from Boston, MA- Airport code BOS to Seattle, WA - Airport code SEA.<br>
|
||||
* Once you enter the three digit code of the airport, an AJAX request will be executed asking for the ticket price.<br>
|
||||
* You will notice that there are two flights available, an expensive one with no stops and another cheaper one with 2 stops.<br>
|
||||
* Your goal is to try to get the one with no stops but for a cheaper price.
|
||||
<!-- Stop Instructions -->
|
||||
|
Reference in New Issue
Block a user