Project 8 - Pentesting Live Targets

Time spent: 7 hours spent in total

Objective: Identify vulnerabilities in three different versions of the Globitek website: blue, green, and red.

The six possible exploits are:

Username Enumeration
Insecure Direct Object Reference (IDOR)
SQL Injection (SQLi)
Cross-Site Scripting (XSS)
Cross-Site Request Forgery (CSRF)
Session Hijacking/Fixation

Each version of the site has been given two of the six vulnerabilities. (In other words, all six of the exploits should be assignable to one of the sites.)

Blue

Vulnerability #1: SQL Injection Attack

Vulnerability #2: Session Hijacking Attack

Green

Vulnerability #1: Enumeration Attack

Vulnerability #2: Stored Cross-site Scripting Attack

Red

Vulnerability #1: IDOR Attack

Vulnerability #2: CSRF Attack

Notes

Describe any challenges encountered while doing the work

Name		Name	Last commit message	Last commit date
Latest commit History 5 Commits
README.md		README.md
blue_1.gif		blue_1.gif
blue_2.gif		blue_2.gif
green_1.gif		green_1.gif
green_2.gif		green_2.gif
needhelp.html		needhelp.html
project_8_readme.md		project_8_readme.md
red_1.gif		red_1.gif
red_2.gif		red_2.gif

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Project 8 - Pentesting Live Targets

Blue

Green

Red

Notes

About

Releases

Packages

Languages

JamesNornand/Codepathweek8

Folders and files

Latest commit

History

Repository files navigation

Project 8 - Pentesting Live Targets

Blue

Green

Red

Notes

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages