Giters

anilad / FBCS_W9

Facebook CyberSecurity Course for Veterans Week 9 Assignment: Pentesting Live Targets

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Facebook CyberSecurity Course for Veterans Week 9 Assignment: Pentesting Live Targets

Project 8 - Pentesting Live Targets

Time spent: 10 hours spent in total

Objective: Identify vulnerabilities in three different versions of the Globitek website: blue, green, and red.

The six possible exploits are:

  • Username Enumeration
  • Insecure Direct Object Reference (IDOR)
  • SQL Injection (SQLi)
  • Cross-Site Scripting (XSS)
  • Cross-Site Request Forgery (CSRF)
  • Session Hijacking/Fixation

Each version of the site has been given two of the six vulnerabilities. (In other words, all six of the exploits should be assignable to one of the sites.)

Pentesting Report

BLUE

  • Vulnerability 1: SQL Injection (SQLi) Comment SQLI gif

  • Vulnerability 2: Session Hijacking/Fixation Comment SESSION HIJACKING/ENUMERATION gif

GREEN

  • Vulnerability 1: Username Enumeration Comment USER ENUMERATION gif

  • Vulnerability 2: Cross-Site Scripting (XSS) Comment XSS gif

RED

  • Vulnerability 1: Insecure Direct Object Reference (IDOR) Comment IDOR gif

  • Vulnerability 2: Cross-Site Request Forgery (CSRF) Comment CSRF gif

About

Facebook CyberSecurity Course for Veterans Week 9 Assignment: Pentesting Live Targets