The purpose of this assignment is to explore vulnerabilities and protection methods in web applications.
In this lab, you are going to locate and exploit two common web application vulnerabilities: SQL-injection and Cross-Site Scripting (XSS).
The web application used in this lab is a system where you have the ability to request the grade you wish to receive for the course (NOT related to the actual grade you will receive) along with a motivation why you should receive this grade. The administrator then has the ability to approve or disprove of your request.
Your objective is to make sure your request is approved before the administrator has a chance to look at it.
To get login information for your group, use FIRE VM account request lab to request accounts. Just submit an empty file and the TA will reply with your group's password for the vulnerable system.
Your objective is to find an SQL-Injection vulnerability in the web application and exploit it to modify the one of your requests in the database so that it is approved.
In the report you should include:
It is important that you don't modify the requests of other groups!
Hint: The problem is not with the login page, just use your virtual group account credentials to log in.
Your objective is to find an XSS vulnerability in the web application and inject code so that when the request is viewed by an administrator, it should automatically approve your request.
In the report you should include:
Please, submit a report that includes your answers from part 1 & 2.
Submissions with poor discussion of protection will be rejected.