Time spent: 5 hours spent in total
Objective: Identify vulnerabilities in three different versions of the Globitek website: blue, green, and red.
The six possible exploits are:
- Username Enumeration
- Insecure Direct Object Reference (IDOR)
- SQL Injection (SQLi)
- Cross-Site Scripting (XSS)
- Cross-Site Request Forgery (CSRF)
- Session Hijacking/Fixation
Each version of the site has been given two of the six vulnerabilities. (In other words, all six of the exploits should be assignable to one of the sites.)
Vulnerability #1: SQLi
- GIF Walkthrough:
Vulnerability #2: Session Hijacking/Fixation I can log in in one browser and get the session id which can be use by pass login process in another browser. the session can be hijacked and steal users information.
- GIF Walkthrough:
Vulnerability #1: Username Enumeration
- GIF Walkthrough:
Vulnerability #2: Cross-Site Scripting (XSS)
- GIF Walkthrough:
Vulnerability #1: Insecure Direct Object Reference (IDOR)
- GIF Walkthrough:
Vulnerability #2: Cross-Site Request Forgery CSRF
- GIF Walkthrough:
