From 7242b1cf5b99b69878d7374b680769e891562eef Mon Sep 17 00:00:00 2001
From: Jet Hughes <jethughes0@gmail.com>
Date: Thu, 8 Sep 2022 11:53:36 +1200
Subject: [PATCH] vault backup: 2022-09-08 11:53:36

---
 content/notes/ass01-security-audit.md | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/content/notes/ass01-security-audit.md b/content/notes/ass01-security-audit.md
index d85005c35..d46c6cad3 100644
--- a/content/notes/ass01-security-audit.md
+++ b/content/notes/ass01-security-audit.md
@@ -33,5 +33,8 @@ Jet Hughes - 9474308
 - e.g. '; update PRODUCT set DESCRIPTION = '<script>alert("hello")</script>' where PRODUCT_ID = 67696;--
 
 ## Path traversal
+- I dont think there are any path traversal flaws in this website. This is because there isn't any urls which contain queryies or 
 ## Network-Level security
-## Other
\ No newline at end of file
+- when a user logs in a post request to the server transmits the username and unhashed password to the server. This informaiton is susceptible to a man in the middle attack or 
+![example payload](https://i.imgur.com/9Tn6gx1.png)
+## Other