Time spent: 6 hours spent in total
Objective: Identify vulnerabilities in three different versions of the Globitek website: blue, green, and red.
The six possible exploits are:
- Username Enumeration
- Insecure Direct Object Reference (IDOR)
- SQL Injection (SQLi)
- Cross-Site Scripting (XSS)
- Cross-Site Request Forgery (CSRF)
- Session Hijacking/Fixation
Each color is vulnerable to only 2 of the 6 possible exploits. First discover which color has the specific vulnerability, then write a short description of how to exploit it, and finally demonstrate it using screenshots compiled into a GIF.
Vulnerability #1: SQL Injection
Description: SQL Injection in the ./public/staff/salespeople/show.php?id=?? path. Replacing the id value for an SQL query like ' OR SLEEP(5)=0--' so the code runs and pauses the site for 5 seconds.
Vulnerability #1: Username Enumeration
Description: Username Enumeration found in the log in form when inputing a non username value there is a hint that shows if the account exist by the error message will be in bold when it is a username in the system.
Vulnerability #2: Cross Site Scripting (XSS)
Description: The sites Contact Us site has a form for user feedback that can be exploited using a alert script in the comments.
Vulnerability #1: Insecure Direct Object Reference (IDOR)
Description: IDOR can be exploited in the ./public/staff/salespeople/show.php?id=?? path. Where the id value can be changed to a number that can be easily guessed and shows pages of accounts that have been deactivated and are not supposed to be output.
Due to the large number of users trying to actively hack the site some vulnerabilities were changing while exploiting them.