dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
WebGoat/ webgoat/main/project/WebContent/lesson_plans/DOMInjection.html
sherif.fathy 296254e279 This patch contains the HTTP connector that intercepts the requests to the application and tries to communicate with OSG. 
It also contains the DOM Injection lesson

git-svn-id: http://webgoat.googlecode.com/svn/trunk@35 4033779f-a91e-0410-96ef-6bf7bf53c507
2006-12-16 22:39:14 +00:00

23 lines
842 B
HTML
Raw Blame History

<div align="Center">
<p><b>Lesson Plan Title:</b>DOM Injection. </p>
</div>
<p><b>Concept / Topic To Teach:</b> </p>
How to perform DOM injection attacks.
<br>
<div align="Left">
<p>
<b>How the attacks works:</b>
</p>
Some applications specially the ones that uses AJAX manipulates and updates the DOM
directly using javascript, DHTML and eval.<br>
An attacker may take advantage of that by intercepting the reply and try to inject some
javascript commands to exploit his attacks.
</div>
<p><b>General Goal(s):</b> </p>
<!-- Start Instructions -->
* Your victim is a system that takes an activatation key to allow you to use it.
* Your goal should be to try to get to enable the activate button.<br>
* Take some time to see the HTML source in order to understand how does it work.<br>
<!-- Stop Instructions -->
Reference in New Issue View Git Blame Copy Permalink