GitHub/quartz
1
0
Fork 2
mirror of https://github.com/jackyzha0/quartz.git synced 2025-12-27 14:54:05 -06:00
Code Issues Actions Packages Projects Releases Wiki Activity

vault backup: 2022-09-08 17:47:28

Browse Source
This commit is contained in:
Jet Hughes 2022-09-08 17:47:28 +12:00
parent f5e3cb339f
commit d741fb5c78
2 changed files with 14 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
content/notes/01-security-audit.md
View File

@ -1,9 +0,0 @@
---
title: "01-security-audit"
aliases:
tags:
- assignment
- comp210
---

14
content/notes/ass01-security-audit.md
View File

@ -14,6 +14,20 @@ Jet Hughes - 9474308
- technology - technology
# Flaws # Flaws
## SQL Injection
CWE: 89
It is possible to inject SQL into the database using the login username field, and display it in the brower as the "username" of the logged in user.
The first thing I attempted was to login using the username " 'or 1=1;--". This worked and I was logged in as administrator.
After that I created an account. When I noticed that my username was displayed in the brower I attempted to extract data from the database and display is as this username.
In the username field of the login form I entered the string:
' union select group_concat(username||':'||password||':'||name||':'||credit_card_number||':'||credit_card_expiry||':'||credit_card_cvv) from user as name;--
This resulted in all the users data
## Password policy ## Password policy
- must have at least 5 characters and one digit. - must have at least 5 characters and one digit.
- not suffiecient - not suffiecient