GitHub/quartz
1
0
Fork 2
mirror of https://github.com/jackyzha0/quartz.git synced 2025-12-27 14:54:05 -06:00
Code Issues Actions Packages Projects Releases Wiki Activity

vault backup: 2022-09-08 12:08:34

Browse Source
This commit is contained in:
Jet Hughes 2022-09-08 12:08:34 +12:00
parent 7242b1cf5b
commit df96ce6159
1 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
content/notes/ass01-security-audit.md
View File

@ -28,13 +28,17 @@ Jet Hughes - 9474308
- '; update PRODUCT set UNIT_PRICE = 0 where 1=1;--
## Javascript Injection
- I could be possible to perform a javascript injection as the users name is displayed in the website. and prodcut information is displayed in the view catalogue page
- You could update a products name to be a script which would then run on others systems
- e.g. '; update PRODUCT set DESCRIPTION = '<script>alert("hello")</script>' where PRODUCT_ID = 67696;--
- It ispossible to perform a javascript injection as the users name is displayed in the website. and prodcut information is displayed in the view catalogue page
- I was able to create an account and log in using the username ''<script>alert("hello")</script>''. However when I did log in the username wasn't displayed in the browser, and alert didn't show. I also repeated the process with the user name ''<script>console.log("hello")</script>'' which also didn't run
- You was able to update a product name to be a script which would then run on others systems
- e.g. '; update PRODUCT set DESCRIPTION = '<script>alert("hello")</script>' where PRODUCT_ID = 67696;--
- this could be used to export JSESSIONIDs of other users. Which would allow the attack to access their account (while the other user is logged in).
- It could also be used to present the user with a message
## Path traversal
- I dont think there are any path traversal flaws in this website. This is because there isn't any urls which contain queryies or
- You can access the welcome page simply using the path /catalogue/welcome.jsp. This will load the welcome page with the username null. However it is unclear whether this is a security issue as curently the welcome page offers no functionality.
- I dont think there are any path traversal flaws in this website. This is because there isn't any urls which contain queries or parameters relating to sensitive pages.
## Network-Level security
- when a user logs in a post request to the server transmits the username and unhashed password to the server. This informaiton is susceptible to a man in the middle attack or
- when a user logs in a post request to the server transmits the username and unhashed password to the server. This informaiton is susceptible to a man in the middle attack or other kinds of interception. Hopefully the website uses http.
![example payload](https://i.imgur.com/9Tn6gx1.png)
## Other