5d930ec235
* Solutions added * Bugfixes * Introduction added (including how to start with webgoat and useful tools) * New lesson: Password strength * New lessons: Multi Level Login * Not yet working new lesson: Session fixation (inital release) git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@301 4033779f-a91e-0410-96ef-6bf7bf53c507
17 lines
755 B
HTML
17 lines
755 B
HTML
<div align="Center">
|
|
<p><b>Lesson Plan Title:</b> Phishing with XSS </p>
|
|
</div>
|
|
<p><b>Concept / Topic To Teach:</b> </p>
|
|
<!-- Start Instructions -->
|
|
It is always a good practice to validate all input on the server side.
|
|
XSS can occur when unvalidated user input is used in an HTTP response.
|
|
With the help of XSS you can do a Phishing Attack and add content to a page
|
|
which looks official. It is very hard for a victim to determinate
|
|
that the content is malicious.
|
|
<!-- Stop Instructions -->
|
|
<p><b>General Goal(s):</b> </p>
|
|
The user should be able to add a form asking for username
|
|
and password. On submit the input should be sent
|
|
to http://localhost/WebGoat/catcher?PROPERTY=yes &user=catchedUserName&password=catchedPasswordName
|
|
|