dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
webgoat
main
project
JavaSource
WebContent
META-INF
WEB-INF
css
database
images
javascript
lesson_plans
AccessControlMatrix.html
BackDoors.html
BasicAuthentication.html
BlindSqlInjection.html
BufferOverflow.html
CSRF.html
ChallengeScreen.html
CommandInjection.html
CrossSiteScripting.html
DBCrossSiteScripting.html
DBSQLInjection.html
DOMInjection.html
DOS_Login.html
Encoding.html
FailOpenAuthentication.html
ForcedBrowsing.html
ForgotPassword.html
HiddenFieldTampering.html
HtmlClues.html
HttpBasics.html
HttpOnly.html
HttpSplitting.html
JSONInjection.html
JavaScriptValidation.html
Lesson_Plan_Template.html
LogSpoofing.html
NewLesson.html
PathBasedAccessControl.html
ReflectedXSS.html
RemoteAdminFlaw.html
RoleBasedAccessControl.html
SilentTransactions.html
SoapRequest.html
SqlNumericInjection.html
SqlStringInjection.html
StoredXss.html
ThreadSafetyProblem.html
TraceXSS.html
UncheckedEmail.html
WSDLScanning.html
WeakAuthenticationCookie.html
WeakSessionID.html
WelcomeScreeen.html
WsSAXInjection.html
WsSqlInjection.html
XMLInjection.html
XPATHInjection.html
lesson_template
lessons
users
main.jsp
sideWindow.jsp
webgoat.jsp
webgoat_challenge.jsp
doc
build.xml
HOW TO create the WebGoat workspace.txt
WAR Installation Instructions.txt
build.xml
eclipse.bat
readme.txt
webgoat.bat
webgoat.sh
webgoat_8080.bat
webscarab.bat
9ea97126b8a21ba7a5f3c8de4c8802a3091ba2c6
WebGoat/ webgoat/main/project/WebContent/lesson_plans/SilentTransactions.html
esheri3 f86af29210 Minor grammar fixes. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@97 4033779f-a91e-0410-96ef-6bf7bf53c507
2007-01-25 20:35:06 +00:00

25 lines
1.2 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<div align="Center">
<p><b>Lesson Plan Title:</b> How to Perform Silent Transactions Attacks. </p>
</div>
<p><b>Concept / Topic To Teach:</b> </p>
This lesson teaches how to perform silent transactions attacks.
<br>
<div align="Left">
<p>
<b>How the attacks works:</b>
</p>
Any system that silently processes transactions using a single submission is dangerous to the client.
For example, if a normal web application allows a simple URL submission, a preset session attack will
allow the attacker to complete a transaction without the users authorization.
In Ajax, it gets worse: the transaction is silent; it happens with no user feedback on the page,
so an injected attack script may be able to steal money from the client without authorization.<br>
</div>
<p><b>General Goal(s):</b> </p>
<!-- Start Instructions -->
* This is a sample internet banking application - money transfer page.<br>
* It shows below your balance, the account you are transferring to and amount you will transfer.<br>
* The application uses AJAX to submit the transaction after doing some basic client side validations.<br>
* Your goal is to try to bypass the user's authorization and silently execute the transaction.<br>
<!-- Stop Instructions -->
Reference in New Issue View Git Blame Copy Permalink