51d40b7b22
- New files added: XMLInjection.html, XMLInjection.java and XMLInjection/EmployeesData.xml git-svn-id: http://webgoat.googlecode.com/svn/trunk@33 4033779f-a91e-0410-96ef-6bf7bf53c507
22 lines
809 B
HTML
22 lines
809 B
HTML
<div align="Center">
|
|
<p><b>Lesson Plan Title:</b>Forced Browsing. </p>
|
|
</div>
|
|
|
|
<p><b>Concept / Topic To Teach:</b> </p>
|
|
How to Exploit Forced Browsing.
|
|
<br>
|
|
<div align="Left">
|
|
<p>
|
|
<b>How the attacks works:</b>
|
|
</p>
|
|
Forced browsing is a technique used by attackers to gain access to resources that are not referenced, but are nevertheless accessible.
|
|
|
|
One technique is to manipulate the URL in the browser by deleting sections from the end until an unprotected directory is found
|
|
</div>
|
|
<p><b>General Goal(s):</b> </p>
|
|
<!-- Start Instructions -->
|
|
* Your goal should be to try to guess the URL for the "config" interface.<br>
|
|
* The "config" URL is only available to the maintenance personnel.<br>
|
|
* The application doesn't check for horizontal privileges.
|
|
<!-- Stop Instructions -->
|