Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Use Netbeans to create two different unique and complete demonstrations of insec

ID: 3662117 • Letter: U

Question

Use Netbeans to create two different unique and complete demonstrations of insecure interaction between components such as SQL Injection, Command Line Injection, Cross-Site Scripting, Unrestricted Upload of File with Dangerous Type, Cross-Site Request Forgery (CSRF), or URL Redirection to Untrusted Site. You will demonstrate and describe how to fix each of the problems. Therefore a total of four code samples will be created. Two will have insecure interaction between components and two will have the issues fixed. Assignment Details Select 2 CWE/SANS Top 25 vulnerabilities under the category of Insecure Interaction between Components. Review and try the existing examples in links in the classroom. Use Netbeans to experiment. Work in multiple languages where possible. Using Netbeans, create your own unique, full example for each of the 2 vulnerabilities in this category. Demonstrate for each of the two applications they are vulnerable to this attack. You need to show explicitly the attack you use and demonstrate the impact of the vulnerability. The demonstration should occur through screen shots and detailed walkthrough of the steps you performed. Finally, using the information in the CWE/SANS Top 25 vulnerabilities, fix the issues in each of the two examples you created in step 2. Document the vulnerabilities and describe specifically how the issues were corrected.

Explanation / Answer

example for command line injection :

The following code is a wrapper around the UNIX command cat which prints the contents of a file to standard output.

It is also injectable:

=========== save this as catHack.cpp ========

========

create a text file : dummy.txt

with some dummy text.

Now run the below command :

the output would even contain the ls output which is a hack to your system.

--------------------------------------------------------------

SQL Injection : php

the below piece is to paginate your result with a passed offset from the user slected input.

<?php

$query  = "SELECT id, name FROM inventory ORDER BY price OFFSET $argv[0];";
$result = pg_query($conn, $query);

?>

now simply pass this a input of :

100;insert into user (name,password) values('test','test');

if user table exists in the db with columns name and password this user would gain access or get registered.

Related Questions

Use Matlab to produce figure Showing second order step response (similar figure
Question #2989128
Use Matlab to run the code shown below, which attempts to numerically compute y-
Question #2253531
Use Matlab to show that the sum below converges to 3, i.e. lim_k rightarrow infi
Question #3406500
Use Matlab to solve the following (a) Create a plot with a sphere at the center
Question #2290948
Use Matlab to solve the following question: In fluid dynamics, the Reynolds numb
Question #3933456
Use Matlab to solve the question: 5. (a) The initial temperature distribution ov
Question #3281648
Use Matlab to solve this problem using matrices and element by element operation
Question #3885526
Use Matlab to verify the central limit theorem for the sum of N independent expo
Question #1806971
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
Use NetBeans Project Name: Project1Task4 You **MUST** use an MVC framework for t
Next
Use Neville\'s Method to obtain the approximations for Lagrange interpolating po

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.