Electronic Books

Click OK.
You will need to click the Send button again.
584
Practical Hacking Techniques and Countermeasures
The WebGoat screen will be displayed in the Web browser.
The area of concern for this lab is under the Unvalidated Parameters
section, specifically the Hidden Field Tampering area. Click on this area.
You will need to click the Send button again.
Unvalidated Parameters
- Hidden Field Tampering
Wireless
585
WebGoat will now present you with a shopping cart where you are allowed
to pay $4,999.99 for a 46-inch High-Definition Television (HDTV).
Click the Purchase button.
Within Achilles look for the line QTY=1&Price=4999.99.
Purchase
586
Practical Hacking Techniques and Countermeasures
I think that is a little too high for a new TV and since I only have a couple
of dollars left from payday, I might as well spend it.
Within Achilles edit the 4999.99 to 1.99 and then click the Send button.
Notice in the Web browser that the sale has completed, with a total charge
of $1.99.
Wireless
587
WebGoat keeps track of what areas you complete successfully by placing
a small green rectangle with an asterisk in it for each area you have completed.
*Note: WebGoat is a good tool to use to familiarize yourself with several hacking
techniques. One thing to remember about Achilles is that it carries its own
SSL certificate. The reason this is important is that you can successfully
conduct a man-in-the-middle (MTM) attack.


Pages:
177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201