Minor grammar fixes.
git-svn-id: http://webgoat.googlecode.com/svn/trunk@97 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
esheri3
@ -17,7 +17,7 @@ However, JSON, like XML is prone to Injection attacks. A malicious attacker can
|
|||||||
<p><b>General Goal(s):</b> </p>
|
<p><b>General Goal(s):</b> </p>
|
||||||
<!-- Start Instructions -->
|
<!-- Start Instructions -->
|
||||||
* You are traveling from Boston, MA- Airport code BOS to Seattle, WA - Airport code SEA.<br>
|
* You are traveling from Boston, MA- Airport code BOS to Seattle, WA - Airport code SEA.<br>
|
||||||
* Once you enter the three digits code of the airport, an AJAX request will be executed asking for the tickets price.<br>
|
* Once you enter the three digit code of the airport, an AJAX request will be executed asking for the ticket price.<br>
|
||||||
* You will notice that there are two flights available, an expensive one with no stops and another cheaper one with 2 stops.<br>
|
* You will notice that there are two flights available, an expensive one with no stops and another cheaper one with 2 stops.<br>
|
||||||
* Your goal is to try to get the one with no stops but for a cheaper price.
|
* Your goal is to try to get the one with no stops but for a cheaper price.
|
||||||
<!-- Stop Instructions -->
|
<!-- Stop Instructions -->
|
||||||
|
|||||||
@ -11,10 +11,10 @@ for a new lesson, follow these few simple instructions to implement it:<br><br>
|
|||||||
* You need to add two files for each new lesson: <br>
|
* You need to add two files for each new lesson: <br>
|
||||||
- YourLesson.java to org.owasp.webgoat.lessons<br>
|
- YourLesson.java to org.owasp.webgoat.lessons<br>
|
||||||
- YourLesson.html to WebContent/lesson_plans<br><br>
|
- YourLesson.html to WebContent/lesson_plans<br><br>
|
||||||
* YourLesson class implmenet LessonAdapter and override the following methods:<br>
|
* YourLesson class must implement LessonAdapter and override the following methods:<br>
|
||||||
- createContent: Use the <a href="http://jakarta.apache.org/site/downloads/downloads_ecs.cgi">ECS package</a> to develop HTML presented to the user.<br>
|
- createContent: Use the <a href="http://jakarta.apache.org/site/downloads/downloads_ecs.cgi">ECS package</a> to develop HTML presented to the user.<br>
|
||||||
- getCategory: Returns the category for which this lesson belongs (XSS, Injection flaws..etc)<br>
|
- getCategory: Returns the category for which this lesson belongs (XSS, Injection flaws..etc)<br>
|
||||||
- getHints: List of hints you would like to pass on to the users to point them to right direction.<br>
|
- getHints: List of hints you would like to pass on to the users to point them in the right direction.<br>
|
||||||
- getTitle: The title for your new lesson.<br>
|
- getTitle: The title for your new lesson.<br>
|
||||||
- getCredits: Your name goes here.<br><br>
|
- getCredits: Your name goes here.<br><br>
|
||||||
|
|
||||||
|
|||||||
@ -17,8 +17,8 @@ so an injected attack script may be able to steal money from the client without
|
|||||||
</div>
|
</div>
|
||||||
<p><b>General Goal(s):</b> </p>
|
<p><b>General Goal(s):</b> </p>
|
||||||
<!-- Start Instructions -->
|
<!-- Start Instructions -->
|
||||||
* This is a sample internet banking application - money transfers page.<br>
|
* This is a sample internet banking application - money transfer page.<br>
|
||||||
* It shows below your balance, the account you are transferring to and amount you will transfer.<br>
|
* It shows below your balance, the account you are transferring to and amount you will transfer.<br>
|
||||||
* The application uses AJAX to submit the transaction after doing some basic client side validations.<br>
|
* The application uses AJAX to submit the transaction after doing some basic client side validations.<br>
|
||||||
* Your goal is to try to bypass the user's authorization and silently execute the transaction<br>
|
* Your goal is to try to bypass the user's authorization and silently execute the transaction.<br>
|
||||||
<!-- Stop Instructions -->
|
<!-- Stop Instructions -->
|
||||||
|
|||||||
Reference in New Issue
Block a user