IT395_Eric_Clarkson_Unit_6_Assignment_Complete

.docx

School

Purdue Global University *

*We aren’t endorsed by this school

Course

395

Subject

Information Systems

Date

Apr 3, 2024

Type

docx

Pages

13

Uploaded by BarristerRiverRook47

Report
1 Unit 6 Assignment IT395 Certified Ethical Hacking II Eric Clarkson Purdue Global University Professor Donald McCracken October 3, 2023
2 Step 2:   Username: admin Password: password On the DVWA Welcome screen click on DVWA Security. Select “low” and click “Submit.” The Security Level should now indicate  low. Click the XSS reflected button. This should now be reflected by the page title. Put your first name into the textbox and click: “Submit.” It should reflect back your name below in red text. Place a screenshot into your lab file.
3 Step 3: In the “What’s your name?” textbox type in <this is a test> Because there is no error generated by using the tags, you know that you can use scripts on this webpage. In the “What’s your name?” textbox type in <script>alert(‘vulnerability exposed to firstname’);</script> For the alert to be raised try Firefox or a different browser if this does not work for you. Take a screenshot of the alert dialogue box and put in your assignment.
4 Step 4: Click the ‘SQL Injection’ button on the left of the screen. In the “User ID” textbox type in O’Conner. The idea here is to see how the website handles punctuation. This should raise an error. This error tells you that the website does not have code to handle special characters. Click the browser's back button and enter the following in the “User ID” textbox: ’ OR ‘1’ = ‘1 and click “Submit.” There should be a space at the end. Take a screenshot of the output and place it in your lab document.
5 Answer the question in 20 or more words: What do you think is happening on that last command? The command 'OR '1' = '1" demonstrates a SQL injection attack capable of bypassing authentication mechanisms and providing unauthorized access to a database. An attacker can obtain access to sensitive information by inserting this command into a login form and tricking the system into accepting any combination of username and password. To prevent these types of attacks, it is critical to use secure coding techniques and to update software regularly.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help