Monday, May 10, 2010

Web Security Challenge 4

Web Security Challenge on "Data Manipulation attacks for Web applications".

Many web sites do not use SSL encryption for their web application (including login pages). You can easily extract or manipulate data during the communication between the client and server. Some web application does their computation on the client system and submit back to the server. One of my first few hack was changing my score in the online games many years back.

This challenge is a simple challenge. You are required to change the price of a online shopping item to $2. For this challenge, You will learn to manipulate data send between the client and the server. This will be the fundamental for further challenges on code injection.

The challenge was created with simple HTML and PHP.
The URL: Email me if you interested

* Do not change the source code. You are suppose to manipulate it during the communication.
* It is a code challenge, manipulate the data not crack the server.

Technical resources:
- WebScarab, a good tool by OWASP
- Another good web security tools

Feel free to provide comments on this challenge.

No comments: