pentest

Project 8 - Pentesting Live Targets

Time spent: 2 hours spent in total

Objective: Identify vulnerabilities in three different versions of the Globitek website: blue, green, and red.

The six possible exploits are:

  • Username Enumeration
  • Insecure Direct Object Reference (IDOR)
  • SQL Injection (SQLi)
  • Cross-Site Scripting (XSS)
  • Cross-Site Request Forgery (CSRF)
  • Session Hijacking/Fixation

Each version of the site has been given two of the six vulnerabilities. (In other words, all six of the exploits should be assignable to one of the sites.)

Blue

Vulnerability #1: Session Hijacking/Fixation Video Walkthrough

Vulnerability #2: SQL Injection

Video Walkthrough

Green

Vulnerability #1: Username enumeration Video Walkthrough

Vulnerability #2: Cross-Site Scripting Video Walkthrough

Red

Vulnerability #1: Cross-Site Request Forgery Video Walkthrough

Vulnerability #2: Insecure Direct Object Reference

Video Walkthrough

Notes

Describe any challenges encountered while doing the work