575d040c24
Modified DOM Injection lesson Added gratification to http splitting git-svn-id: http://webgoat.googlecode.com/svn/trunk@37 4033779f-a91e-0410-96ef-6bf7bf53c507
19 lines
714 B
HTML
19 lines
714 B
HTML
<div align="Center">
|
|
<p><b>Lesson Plan Title:</b> XML Injection Attacks. </p>
|
|
</div>
|
|
|
|
<p><b>Concept / Topic To Teach:</b> </p>
|
|
This lesson teaches how to perform XML Injection attacks.
|
|
<br>
|
|
<div align="Left">
|
|
<p>
|
|
<b>How the attacks works:</b>
|
|
</p>
|
|
AJAX applications use XML to exchange information with the server. This XML can be easily intercepted and altered by a malacious attacker.
|
|
|
|
</div>
|
|
<p><b>General Goal(s):</b> </p>
|
|
<!-- Start Instructions -->
|
|
The form below takes your WebGoat Rewards Mile account and returns back the kind of rewards you can afford. Your goal is to try to add more rewards to your allowed set of rewards. Your account ID is 836239.
|
|
<!-- Stop Instructions -->
|