Getting Started with WebGoat.NET
WebGoat Coins Customer Portal
Injection Attacks
Cross Site Scripting (XSS)
- Stored XSS
- Reflected XSS
Authentication Issues
- Insecure Forgot Password
Testing and Debugging
- Exploiting Debug Page
Encryption
.NET Exploits
- Unsafe blocks

Lesson Instructions

Like many data-driven web applications, this page is vulnerable to SQL injection. The page allows users to sign up for their mailling list. Before adding new users, the page does a check to make sure the email address isn't already in the database. Exploit this page and retrieve all the email addresses in the database.

Employee Email

Are you looking to contact one of our employees? Use this form to find their email quickly!

Enter the first few letters of their first or last name:

Name: