webgoat
main
project
JavaSource
WebContent
META-INF
WEB-INF
css
database
images
javascript
lesson_plans
AccessControlMatrix.html
BackDoors.html
BasicAuthentication.html
BlindSqlInjection.html
BufferOverflow.html
CSRF.html
ChallengeScreen.html
CommandInjection.html
CrossSiteScripting.html
DOMInjection.html
DOS_Login.html
Encoding.html
FailOpenAuthentication.html
ForcedBrowsing.html
ForgotPassword.html
HiddenFieldTampering.html
HtmlClues.html
HttpBasics.html
HttpOnly.html
HttpSplitting.html
JSONInjection.html
JavaScriptValidation.html
Lesson_Plan_Template.html
LogSpoofing.html
NewLesson.html
PathBasedAccessControl.html
ReflectedXSS.html
RemoteAdminFlaw.html
RoleBasedAccessControl.html
SilentTransactions.html
SoapRequest.html
SqlNumericInjection.html
SqlStringInjection.html
StoredXss.html
ThreadSafetyProblem.html
TraceXSS.html
UncheckedEmail.html
WSDLScanning.html
WeakAuthenticationCookie.html
WeakSessionID.html
WelcomeScreeen.html
WsSAXInjection.html
WsSqlInjection.html
XMLInjection.html
XPATHInjection.html
lesson_template
lessons
users
main.jsp
sideWindow.jsp
webgoat.jsp
webgoat_challenge.jsp
doc
build.xml
HOW TO create the WebGoat workspace.txt
WAR Installation Instructions.txt
build.xml
eclipse.bat
readme.txt
webgoat.bat
webgoat.sh
webgoat_8080.bat
webscarab.bat
git-svn-id: http://webgoat.googlecode.com/svn/trunk@64 4033779f-a91e-0410-96ef-6bf7bf53c507
24 lines
1.1 KiB
HTML
24 lines
1.1 KiB
HTML
<div align="Center">
|
|
<p><b>Lesson Plan Title:</b> How to Create Database Back Door Attacks.</p>
|
|
</div>
|
|
|
|
<p><b>Concept / Topic To Teach:</b> </p>
|
|
How to Create Database Back Door Attacks.
|
|
<br>
|
|
<div align="Left">
|
|
<p>
|
|
<b>How the attacks works:</b>
|
|
</p>
|
|
Databases are used usually as a backend for web applications. Also it is used as a media of storage. It can also
|
|
be used as a place to store a malicious activity such as a trigger. A trigger is called by the database management
|
|
system upon the execution of another database operation like insert, select, update or delete. An attacker for example
|
|
can create a trigger that would set his email address instead of every new user's email address.
|
|
</div>
|
|
<p><b>General Goal(s):</b> </p>
|
|
<!-- Start Instructions -->
|
|
* Your goal should be to learn how you can exploit a vulnerable query to create a trigger.<br>
|
|
* You will not be able to actually create one in this lesson because the underlying database engine used with WebGoat doesn't support triggers.<br>
|
|
* Your login ID is 101.
|
|
<!-- Stop Instructions -->
|
|
|