Create directories ru/en/de and copy there plans of lessons. In ru-directory i put english files for translate them in future.

git-svn-id: http://webgoat.googlecode.com/svn/trunk@421 4033779f-a91e-0410-96ef-6bf7bf53c507
2011-05-22 11:22:28 +00:00
parent 77a6dd70a1
commit b22a537130
144 changed files with 2649 additions and 0 deletions
--- a/webgoat/src/main/webapp/lesson_plans/en/HiddenFieldTampering.html
+++ b/webgoat/src/main/webapp/lesson_plans/en/HiddenFieldTampering.html
@ -0,0 +1,12 @@
+<div align="Center">
+<p><b>Lesson Plan Title:</b> How to Exploit Hidden Fields </p>
+</div>
+<p><b>Concept / Topic To Teach:</b> </p>
+
+Developers will use hidden fields for tracking, login, pricing, etc.. information on a loaded page. While this is a convenient and easy mechanism for the developer, they often don't validate the information that is received from the hidden field.  This lesson will teach the attacker to find and modify hidden fields to obtain a product for a price other than the price specified  <br>
+
+<p><b>General Goal(s):</b> </p>
+The user should be able to exploit a hidden field to obtain a product at an incorrect price.
+<!-- Start Instructions -->
+Try to purchase the HDTV for less than the purchase price, if you have not done so already.
+<!-- Stop Instructions -->