Lesson Plan Title: XML Injection Attacks.

Concept / Topic To Teach:

This lesson teaches how to perform XML Injection attacks.

How the attacks works:

AJAX applications use XML to exchange information with the server. This XML can be easily intercepted and altered by a malacious attacker.

General Goal(s):

The form below takes your WebGoat Rewards Mile account and returns back the kind of rewards you can afford. Your goal is to try to add more rewards to your allowed set of rewards. Your account ID is 836239.