vuln_analysis

Vulnerability Analysis (September-November 2020)

This project consists of a black-box vulnerability analysis of a toy web application desingned for this purpose. The vulnerabilities are listed below, and each contains a description and Proof of Concept in the respective link.

Group Image available here

Login Vulnerabilities

• Login Vulnerabilities:

  • Vulnerability 1: SQL Injection in login form allows to login as any user (link)
  • Vulnerability 2: SQL Injection in login form allows to check if table exists in database (link)
  • Vulnerability 3: SQL Injection in login form allows to check table columns (link)

• Profile Vulnerabilities:

  • Vulnerability 4: SQL Injection in name form allows to change user's own username and to change the password of another user (link)
  • Vulnerability 5: SQL Injection in name form allows arbitrary read from database (link)

• Post Vulnerabilities

  • Vulnerability 6: User controlled parameter allows to read other user's posts (link)
  • Vulnerability 7: SQL injection in URL parameter (link)
  • Vulnerability 8: SQL injection in update post form allows to change any comment (link)
  • Vulnerability 9: SQL injection in update post form allows to edit other users' posts (link)
  • Vulnerability 10: User controlled parameter allows to edit other users' posts (link)
  • Vulnerability 11: SQL Injection allows to infer any database value(link)

• Friends Vulnerabilities

  • Vulnerability 12: SQL Injection in search friend form allows arbitrary read from database (link)

• Other Vulnerabilities

  • Vulnerability 13: Usage of insecure Protocol (link)
  • Vulnerability 14: Cookie contains user information (link)
  • Vulnerability 15: SQL equality funcion is case insensitive (link)
  • Vulnerability 16: Stored XSS (link)
  • Vulnerability 17: Reflected XSS (link)
  • Vulnerability 18: Unrestricted File Upload (link)
  • Vulnerability 19: Error Handling of the input fields allows to get information from the system (link)