LAB: Client Side Filtering
STAGE 1: You are Moe Stooge, CSO of Goat Hills Financial. You have access to everyone in the company's information, except the CEO, Neville Bartholomew. Or at least you shouldn't have access to the CEO's information. For this exercise, examine the contents of the page to see what extra information you can find.
How to
- เปิด Tamper data
- Select user : Larry Stooge
- ที่ Tamper data > Net/XHR > ClientSideFiltering.jsp > (Response Or HTML)
- จะพบข้อมูลของ CEO : Neville Bartholomew
- นำ Salary ที่พบมา Submit answer
STAGE 2: Now, fix the problem.
Modify the server to only return results that Moe Stooge is allowed to see.
----------------------------------------------------------------
