f86af29210
git-svn-id: http://webgoat.googlecode.com/svn/trunk@97 4033779f-a91e-0410-96ef-6bf7bf53c507
25 lines
1.2 KiB
HTML
25 lines
1.2 KiB
HTML
<div align="Center">
|
|
<p><b>Lesson Plan Title:</b> How to Perform JSON Injection </p>
|
|
</div>
|
|
|
|
<p><b>Concept / Topic To Teach:</b> </p>
|
|
This lesson teaches how to perform JSON Injection Attacks.
|
|
<br>
|
|
<div align="Left">
|
|
<p>
|
|
<b>How the attacks works:</b>
|
|
</p>
|
|
JavaScript Object Notation (JSON) is a simple and effective lightweight data exchange format. JSON can be in a lot of forms such as arrays, lists, hashtables and other data structures.
|
|
JSON is widely used in AJAX and Web2.0 application and is favored by programmers over XML because of its ease of use and speed.
|
|
However, JSON, like XML is prone to Injection attacks. A malicious attacker can inject the reply from the server and inject some arbitrary values in there.
|
|
|
|
</div>
|
|
<p><b>General Goal(s):</b> </p>
|
|
<!-- Start Instructions -->
|
|
* You are traveling from Boston, MA- Airport code BOS to Seattle, WA - Airport code SEA.<br>
|
|
* Once you enter the three digit code of the airport, an AJAX request will be executed asking for the ticket price.<br>
|
|
* You will notice that there are two flights available, an expensive one with no stops and another cheaper one with 2 stops.<br>
|
|
* Your goal is to try to get the one with no stops but for a cheaper price.
|
|
<!-- Stop Instructions -->
|
|
|