Lesson Plan Title: How to Discover Clues in the HTML

 

Concept / Topic To Teach:

Developers are notorious for leaving statements like FIXME's, Code Broken, Hack, etc... inside the source code.  Review the source code for any comments denoting passowrds, backdoors, or something doesn't work right. 

 

General Goal(s):

The user should be able to bypass the authentication check.

 

Figure 1 Lesson 3

 

Right-click the page and select "View source"

Figure 2 View Source

 

Solution:

 

 

Examine the HTML source.

 

 

In the HTML source there is a comment that contains a user name admin and a password adminpw. Enter these values in WebGoat and click "Login"

 

Figure 3 Enter discovered credentials

 

Figure 4 Lesson 3 Completed