Getting Started with WebGoat.NET
WebGoat Coins Customer Portal
Injection Attacks
Cross Site Scripting (XSS)
- Stored XSS
- Reflected XSS
Authentication Issues
- Insecure Forgot Password
Testing and Debugging
- Exploiting Debug Page
Encryption
.NET Exploits
- Unsafe blocks

Lesson Instructions

This lesson illustrates the common problem of trusting a user-supplied filename, then using it to generate a file path. Try uploading a file that will execute on the server.

File Upload

Select the file you want to upload, then click the Upload Document button

Attach a file (PDF, Excel or Plain Text)...