b0b94c4688
divide by zero, inaccurate discount and totals, reflection of user input git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@273 4033779f-a91e-0410-96ef-6bf7bf53c507
9 lines
602 B
HTML
9 lines
602 B
HTML
<div align="Center">
|
|
<p><b>Lesson Plan Title:</b> How to Bypass a Path Based Access Control Scheme </p>
|
|
</div>
|
|
<p><b>Concept / Topic To Teach:</b> </p>
|
|
<!-- Start Instructions -->
|
|
In a path based access control scheme, an attacker can traverse a path by providing relative path information. Therefore an attacker can use relative paths to access files that normally are not directly accessible by anyone, or would otherwise be denied if requested directly.
|
|
<!-- Stop Instructions -->
|
|
<p><b>General Goal(s):</b> </p>
|
|
The user should be able to access a file that is not in the listed directory. |