dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

* Log spoofing lesson this includes the following file:

Browse Source 
- LogSpoofing.html
  - LogSpoofing.java

git-svn-id: http://webgoat.googlecode.com/svn/trunk@27 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
sherif.fathy
2006-11-01 02:26:51 +00:00
parent 1a9d859507
commit ca2dfa27d1
4 changed files with 137 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
webgoat/main/project/WebContent/WEB-INF/webgoat-class.properties
View File

@ -15,6 +15,7 @@ lesson.RoleBasedAccessControl.hidden=true
category.Cross-Site\ Scripting\ (XSS).ranking=41
lesson.StoredXss.ranking=10
lesson.ReflectedXSS.ranking=20
lesson.CSRF.ranking=30
lesson.CrossSiteScripting.hidden=true
category.Unvalidated\ Parameters.ranking=51
@ -29,6 +30,7 @@ category.Injection\ Flaws.ranking=71
lesson.SqlNumericInjection.ranking=10
lesson.SqlStringInjection.ranking=20
lesson.CommandInjection.ranking=30
lesson.LogSpoofing.ranking=40
lesson.SQLInjection.hidden=true
category.Improper\ Error\ Handling.ranking=81

2
webgoat/main/project/WebContent/WEB-INF/webgoat-lmc.properties
View File

@ -14,6 +14,7 @@ lesson.PathBasedAccessControl.ranking=20
category.Cross-Site\ Scripting\ (XSS).ranking=41
lesson.StoredXss.ranking=10
lesson.ReflectedXSS.ranking=20
lesson.CSRF.ranking=30
category.Unvalidated\ Parameters.ranking=51
lesson.HiddenFieldTampering.ranking=10
@ -27,6 +28,7 @@ category.Injection\ Flaws.ranking=71
lesson.SqlNumericInjection.ranking=10
lesson.SqlStringInjection.ranking=20
lesson.CommandInjection.ranking=30
lesson.LogSpoofing.ranking=40
category.Improper\ Error\ Handling.ranking=81
lesson.FailOpenAuthentication.ranking=10

19
webgoat/main/project/WebContent/lesson_plans/LogSpoofing.html Normal file
View File

@ -0,0 +1,19 @@
<div align="Center">
<p><b>Lesson Plan Title:</b> Log Spoofing. </p>
</div>
<p><b>Concept / Topic To Teach:</b> </p>
This lesson teaches attempts to fool the human eye.
<br>
<div align="Left">
<p>
<b>How the attacks works:</b>
The attack is based on fooling the humane eye in log files. An attacker can erase his traces from the logs
using this attack.
</p>
</div>
<p><b>General Goal(s):</b> </p>
<!-- Start Instructions -->
* The grey area below represents what is going to be logged in the web server's log file.<br>
* Your goal is to make it like a username "admin" has succeeded into logging in.
<!-- Stop Instructions -->