pentest

Project 8 - Pentesting Live Targets

Time spent: 2 hours spent in total

Objective: Identify vulnerabilities in three different versions of the Globitek website: blue, green, and red.

The six possible exploits are:

Username Enumeration
Insecure Direct Object Reference (IDOR)
SQL Injection (SQLi)
Cross-Site Scripting (XSS)
Cross-Site Request Forgery (CSRF)
Session Hijacking/Fixation

Each version of the site has been given two of the six vulnerabilities. (In other words, all six of the exploits should be assignable to one of the sites.)

Blue

Vulnerability #1: Session Hijacking/Fixation

Vulnerability #2: SQL Injection

https://35.184.207.42/blue/public/staff/salespeople/show.php?id=12%27%20OR%20SLEEP%285%29=0--%27

Green

Vulnerability #1: Username enumeration

Vulnerability #2: Cross-Site Scripting

Red

Vulnerability #1: Cross-Site Request Forgery

Vulnerability #2: Insecure Direct Object Reference

https://35.184.207.42/red/public/salesperson.php?id=10

Notes

Describe any challenges encountered while doing the work

Name		Name	Last commit message	Last commit date
Latest commit History 4 Commits
CSRF.gif		CSRF.gif
README.md		README.md
XSS.gif		XSS.gif
crossSiteRequestForgeryForm.txt		crossSiteRequestForgeryForm.txt
insecureDirectObjectReference.gif		insecureDirectObjectReference.gif
sessionHijacking.gif		sessionHijacking.gif
sqli.gif		sqli.gif
usernameEnumeration.gif		usernameEnumeration.gif

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

pentest

Project 8 - Pentesting Live Targets

Blue

Green

Red

Notes

About

Releases

Packages

robly78746/pentest

Folders and files

Latest commit

History

Repository files navigation

pentest

Project 8 - Pentesting Live Targets

Blue

Green

Red

Notes

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Packages