Lab 8

The purpose for this lab is to whitness simple vulnerabilities withing a web application that does not sanitize data. With the given files, you will read through and follow the steps provided. The steps given are to exploit insecure cookie data, exposure to sensitive data, cross site scripting, and cross site request forgeries.

lab8 files

Create a lab8.txt file and answer the following questions:

  1. You will need a cookie manager of some type for your browswer that will allow you to create/edit/delete cookies. You don't have to clear all your cookies however, it would be easier to find cookies from the domain cs.csubak.edu. Make a HTTP request to home.php and you should see a login homepage. Within your cookie manager, you should seee a cookie that was set called isActive. What is the value of the cookie?
  2. Authentication is needed in order to access blog.php. Within your URL, make a request to www.cs.csubak.edu/~derrick/cs3680/examples/lab8/blog.php. What happens?
  3. Use 'thepassword' as the password for the login, and submit the request. What are the cookies and values for the cs.csubak.edu domain?
  4. Make the logout request, which should redirect you back to the home page. With your cookie manager, either create if the cookie isn't present, or edit the isActive cookie and change the value to 1. Make a get request to home.php. What happens? This is an example of weak authentication where authentication could simply be bypassed. The solution, which will be discussed, is to use sessions.
  5. Now you should be able to navigate the blog.php. Embedded in the comments section of the blog is a malicious link that will redirect the user to somethingcool.html, or at least it appears to be. Click the link. Where did your browser redirect you? Are the values for the cookies the same values in your cookie manager?
  6. Navigate back to the blog.php and post a comment your self. You should see the comment appear directly on the page. Make another post but use the following text:
    <h1>my comment</h1>. What happened?
    This is a huge indicator that user input is not sanitized and html is not encoded.
    Try again but use the following text:
    <script>alert('xss');</script>. What happened?
  7. Navigate back to the blog.php and view the page source. This is the xss vulnerability that will forge a request to a malicious webpage that will contain your cookie data. Not good. Copy the whole text for the open script tag to closing script tag, including the open and close tag. Go to the blog's textarea and post the copied text. The text appears to be a normal comment with a link, however the link is to a malicious site with your cookie data.
    Why wouldn't you want to have sensitive information within a cookie? A solution for this is session management and csrf tokens which will be discussed.
  8. What are the rules you should always follow whenever handling user input?
    HINT: Never trust the _____ and always ______ the data.


/3680_S18/wk8/lab8.txt