Time spent: 16 hours spent in total
Objective: Identify vulnerabilities in three different versions of the Globitek website: blue, green, and red.
The six possible exploits are:
- Username Enumeration
- Insecure Direct Object Reference (IDOR)
- SQL Injection (SQLi)
- Cross-Site Scripting (XSS)
- Cross-Site Request Forgery (CSRF)
- Session Hijacking/Fixation
Each version of the site has been given two of the six vulnerabilities. (In other words, all six of the exploits should be assignable to one of the sites.)
Vulnerability #1: SQL Injection-The id parameter is unsanitized and escapable on the salesperson page.
Vulnerability #2: Session Hijacking/Fixation - A new session ID was not regenerated when logging back in.
Vulnerability #1: Username Enumeration - Error message text becomes unbold if the username doesn't exist.
Vulnerability #2: Stored Cross-site Scripting - The 'name' and 'feedback' fields on the Feedback page are unsanitized. Guests can send malicious messages with embedded web scripts that will trigger once opened.
Vulnerability #1: Insecure Direct Object Reference -Hidden salesperson IDs are accessible.
Vulnerability #2: Cross-Site Request Forgery.
Describe any challenges encountered while doing the work