Commit 9adbc2de authored by Joonatan Ovaska's avatar Joonatan Ovaska
Browse files

Update Week01_assignments.md

parent 33b8a36c
......@@ -37,13 +37,13 @@ Assignments (10 pts):
* [Reading Report] "RWBH Chapter 9: SQL Injection" (pp. 81-93) (4 pts)
* Select and describe at least 2 factors that would make finding and exploiting an SQL injection vulnerability easy and fun.
* What is "Blind SQLi"?
* [Issue Report] "Login Jim" (2 pts)
* [Issue Report] TARGET: Juice Shop => "Login Jim" (2 pts)
* Open Juice Shop's score board from /#/score-board
* Find assisted "Login Jim" tutorial from score board and complete it ( /#/hacking-instructor?challenge=Login%20Jim )
* Provide issue report
* Refer to attached login.js snippet in mitigation options (no concrete code changes needed)
* [Issue Report] "Wasdat login SQLi" (4 pts)
* Register a new victim user account to Wasdat with email of "wasdat-victim@example.com".
* [Issue Report] TARGET: Wasdat? => "Wasdat login SQLi" (4 pts)
* Register a new victim user account to Wasdat with email of "wasdat-victim@example.com" with password "qwerty".
* Find SQL injection vulnerability in Wasdat's login (2 pts)
* ~~Login as~~ Get JWT authentication token for wasdat-victim@example.com by exploiting SQL injection vulnerability (2 pts)
* Optional: If you want to see the client application get logged in as victim user, you'd need to intercept modify the outgoing POST request on the fly with e.g. Burp Suite (proxy+intercept).
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment