Time spent: 4 hours spent in total
Objective: Identify vulnerabilities in three different versions of the Globitek website: blue, green, and red.
The six possible exploits are:
- Username Enumeration
- Insecure Direct Object Reference (IDOR)
- SQL Injection (SQLi)
- Cross-Site Scripting (XSS)
- Cross-Site Request Forgery (CSRF)
- Session Hijacking/Fixation
Each version of the site has been given two of the six vulnerabilities. (In other words, all six of the exploits should be assignable to one of the sites.)
Vulnerability #1: Session Hijacking/Fixation
- The administrator log in can be bypassed by using another logged in session ID and using that session ID to gain privileges. The attacker is on the right in the GIF.
Vulnerability #2: SQL Injection
- Inject the following SQL command instead of an ID number: " OR SLEEP(3)=0-- " This will cause the page to "sleep" for 3 seconds and default back to the person with the id 1, Daron Burke.
Vulnerability #1: Username Enumeration
- The login page returns "Log in was unsuccessful" in bolded text for an existing username, but normal text for any other username with any random password. An attacker can simply bruteforce to enumerate a list of users.
Vulnerability #2: Cross-Site Scripting (XSS)
- An XSS Script was inserted into the Feedback section of the webpage to output an alert. The alert used in this assignment was <script>alert('Thomas found the XSS!');</script>. An alert will pop-up with the message when the feedback page is loaded.
Vulnerability #1: Cross-Site Request Forgery (CSRF)
- An employee is in the database that should not be published to the public site until a later date. The id of this employee is 10, and changing the ID in the URL to 10 will show his profile
Vulnerability #2: Insecure Direct Object Reference (IDOR)
- An HTML link was created for a fake salesman using the ID 2.
Describe any challenges encountered while doing the work