dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Miscellaneous bug fixes

Browse Source 
divide by zero, inaccurate discount and totals, reflection of user input


git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@273 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
rogan.dawes
2008-01-14 14:02:11 +00:00
commit b0b94c4688
917 changed files with 73689 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
main/project/WebContent/lesson_plans/WeakAuthenticationCookie.html Normal file
View File

@ -0,0 +1,10 @@
<div align="Center">
<p><b>Lesson Plan Title:</b> How to Spoof an Authentication Cookie </p>
</div>
<p><b>Concept / Topic To Teach:</b> </p>
<!-- Start Instructions -->
Many applications will automatically log a user into their site if the right authentication cookie is specified. &nbsp; Some times the cookie values can be guessed if the algorithm for generating the cookie can be obtained. &nbsp;Some times the cookies are left on the client machine and can be stolen by exploiting another system vulnerability. &nbsp;Some times the cookies maybe intercepted using Cross site scripting. &nbsp;This lesson tries to make the student aware of authentication cookies and presents the student with a way to defeat the cookie authentication method in this lesson.<br>
<!-- Stop Instructions -->
<p><b>General Goal(s):</b> </p>
The user should be able to bypass the authentication check.