Update Week01_assignments.md

9adbc2de · Joonatan Ovaska · 33b8a36c · 9adbc2de
Commit 9adbc2de authored Jan 10, 2022 by Joonatan Ovaska
--- a/Week01_assignments.md
+++ b/Week01_assignments.md
@@ -37,13 +37,13 @@ Assignments (10 pts):
 * [Reading Report] "RWBH Chapter 9: SQL Injection" (pp. 81-93) (4 pts)
   * Select and describe at least 2 factors that would make finding and exploiting an SQL injection vulnerability easy and fun.
   * What is "Blind SQLi"?
- * [Issue Report] "Login Jim" (2 pts)
+ * [Issue Report] TARGET: Juice Shop => "Login Jim" (2 pts)
   * Open Juice Shop's score board from /#/score-board
   * Find assisted "Login Jim" tutorial from score board and complete it ( /#/hacking-instructor?challenge=Login%20Jim )
   * Provide issue report
     * Refer to attached login.js snippet in mitigation options (no concrete code changes needed)
- * [Issue Report] "Wasdat login SQLi" (4 pts)
-   * Register a new victim user account to Wasdat with email of "wasdat-victim@example.com".
+ * [Issue Report] TARGET: Wasdat? => "Wasdat login SQLi" (4 pts)
+   * Register a new victim user account to Wasdat with email of "wasdat-victim@example.com" with password "qwerty".
   * Find SQL injection vulnerability in Wasdat's login (2 pts)
   * ~~Login as~~ Get JWT authentication token for wasdat-victim@example.com by exploiting SQL injection vulnerability (2 pts)
     * Optional: If you want to see the client application get logged in as victim user, you'd need to intercept modify the outgoing POST request on the fly with e.g. Burp Suite (proxy+intercept).