Lesson Plan Title: How to Perform XML Injection Attacks.

Concept / Topic To Teach:

This lesson teaches how to perform XML Injection attacks.

How the attacks works:

AJAX applications use XML to exchange information with the server. This XML can be easily intercepted and altered by a malacious attacker.

General Goal(s):

WebGoat-Miles Reward Miles shows all the rewards available. Once, you enter your account ID, it will show you your balance and the ones that you can afford. Your goal is to try to add more rewards to your allowed set of rewards. Your account ID is 836239.