6a96547ef0
git-svn-id: http://webgoat.googlecode.com/svn/branches/webgoat-6.0@485 4033779f-a91e-0410-96ef-6bf7bf53c507
15 lines
810 B
HTML
15 lines
810 B
HTML
<div align="Center">
|
|
<p><b>Lesson Plan Title: </b>DOM Based Cross Site Scripting (XSS)</p>
|
|
</div>
|
|
<p><b>Concept / Topic To Teach:</b> </p>
|
|
<!-- Start Instructions -->
|
|
The Document Object Model (DOM) presents an interesting problem from
|
|
a security standpoint. It allows the content of a web page to be dynamically
|
|
modified, but that can be abused by attackers during a malicious code injection. XSS,
|
|
a type of malicious code injection, can occur when unvalidated user input is used directly
|
|
to modify the content of a page on the client side.
|
|
<!-- Stop Instructions -->
|
|
<p><b>General Goal(s):</b> </p>
|
|
For this exercise, your mission is to use this vulnerability to inject
|
|
malicious code into the DOM. Then in the last stage, you will correct
|
|
the flaws in the code to address the vulnerability. |