Assignment created by Nicholas Johnston for Secure Software Development class at Sheridan college.
Full writeup of vulnerability discovery, impacts, as well as mitigations can be found in the following google doc: https://docs.google.com/document/d/1uhMdyhfFiZuQTrenOgxZgjhodQuNUIYRx9owmadUWs0/edit?usp=sharing
The application has the following known vulnerabilities that you must find and exploit.
- Cross-Site Scripting (XSS)
- SQL Injection
- Broken Access Control (i.e. you can do things without authenticating that you should be able to do)
- Missing role-based access control enforcement and management (i.e. Blog authors should only be able to delete their posts. Admins can delete anyone’s posts. There is currently no mechanism for changing or managing the roles for users. Actually, there is no mechanism for even creating or managing users without issuing manual SQL against the database).
- Insecure password handling and storage.
- CSRF
- The entire website, including the login page, is served over plaintext HTTP.
- The web application has no logging except for the default logs generated by Nginx.
- The website only uses single-factor authentication.
- For the vulnerabilities described above, find and exploit at least one instance of that vulnerability.
- Provide proof of your exploit through screenshots or tool output.
- Write a sentence describing the severity and impact of the vulnerability.
- Implement the most appropriate security control for that vulnerability.