Add excercises for OWASP Top 10 vulnerabilities

[tobyash86]

For now, exercises were provided in the form of pdf documents. For sure we need to update them, but we need to consider if we want to stay with pdf documents or change the format.

[colbyprior]

I would like to give some of these exercises a go, could the PDF be made public?
I can help with updating the documentation as well.

[yuanshaocn]

Great work. Any chance you can also share the exercise PDF doc?

[tobyash86]

We are currently looking for more contributors to create content for the About page (#8) for OWASP Top 10 and people who will develop exercises. Before we do that, I will need to create vulnerabilities in the code, because currently, I am not aware of any. Probably there are some, but I need to review the code to find them.

After that, I will prepare instructions on how to exploit them, and based on that exercises should be created.

[yuanshaocn]

I see. No wonder it was rather difficult to find vulnerabilities.
Here is one for XSS vulnerability by giving a blog response like: <script>alert('hello world');</script>.

[tobyash86]

Here is one for XSS vulnerability by giving a blog response like: <script>alert('hello world');</script>.

Yeah, but because it is .NET project, I (and probably guys from OWASP too) would prefer to have vulnerabilities related to .NET, not JavaScript.