Time spent: 6 hours spent in total
Objective: Identify vulnerabilities in three different versions of the Globitek website: blue, green, and red.
The six possible exploits are:
- Username Enumeration
- Insecure Direct Object Reference (IDOR)
- SQL Injection (SQLi)
- Cross-Site Scripting (XSS)
- Cross-Site Request Forgery (CSRF)
- Session Hijacking/Fixation
Each version of the site has been given two of the six vulnerabilities. (In other words, all six of the exploits should be assignable to one of the sites.)
Vulnerability #1: Session_Hijacking
Vulnerability #2: SQL_Injection_SQLi
Vulnerability #1: Username_Enumeration
Vulnerability #2: Cross_Site_Scripting_XSS
Vulnerability #1: Insecure_Direct_Object_Reference_IDOR
Vulnerability #2: Cross_Site_Request_Forgery_CSRF
Describe any challenges encountered while doing the work