Files
WebGoat/webgoat/main/project/WebContent/lesson_plans/HiddenFieldTampering.html
mayhew64 72c18c5426 Removed space from " webgoat" directory name
git-svn-id: http://webgoat.googlecode.com/svn/trunk@272 4033779f-a91e-0410-96ef-6bf7bf53c507
2008-01-12 17:42:01 +00:00

10 lines
707 B
HTML

<div align="Center">
<p><b>Lesson Plan Title:</b> How to Exploit Hidden Fields </p>
</div>
<p><b>Concept / Topic To Teach:</b> </p>
<!-- Start Instructions -->
Developers will use hidden fields for tracking, login, pricing, etc.. information on a loaded page. While this is a convenient and easy mechanism for the developer, they often don't validate the information that is received from the hidden field. This lesson will teach the attacker to find and modify hidden fields to obtain a product for a price other than the price specified <br>
<!-- Stop Instructions -->
<p><b>General Goal(s):</b> </p>
The user should be able to exploit a hidden field to obtain a product at an incorrect price.