Assume that there is a function in a web application that allows users to change their current email address to a new one. The following is an example of a HTTP POST request that will be sent to the vulnerable web application when the user tries to perform email change action: POST usr/emailchange.php HTTP/1.1 Host: example.com Connection: Keep-Alive Cookie: session=abcwsdagePkBZzeR9hGhTlvxyHfsZf1 The following is the parameter for the email in the POST request: Form Data email=example@utas.edu.au (a) Design an CSRF attack to exploit the existing vulnerability by creating an HTML page with the required method, URL, parameters and action to change the email when the victim hits the URL of this webpage. Assume that there are no prevention techniques implemented. (b) What will happen if the victim hits your code in (a) when he/she authenticated already? (c) What will happen if the victim hits your code in (a) when he/she not authenticated already?

Assume that there is a function in a web application that allows users to change their current email address to a new one. The following is an example of a HTTP POST request that will be sent to the vulnerable web application when the user tries to perform email change action: POST usr/emailchange.php HTTP/1.1 Host: example.com Connection: Keep-Alive Cookie: session=abcwsdagePkBZzeR9hGhTlvxyHfsZf1 The following is the parameter for the email in the POST request: Form Data email=example@utas.edu.au (a) Design an CSRF attack to exploit the existing vulnerability by creating an HTML page with the required method, URL, parameters and action to change the email when the victim hits the URL of this webpage. Assume that there are no prevention techniques implemented. (b) What will happen if the victim hits your code in (a) when he/she authenticated already? (c) What will happen if the victim hits your code in (a) when he/she not authenticated already?

A+ Guide To It Technical Support

10th Edition

ISBN:9780357108291

Author:ANDREWS, Jean.

Publisher:ANDREWS, Jean.

Chapter18: Macos, Linux, And Scripting

Section: Chapter Questions

Problem 14TC

See similar textbooks

Similar questions

Suppose you are writing JavaScript code to send an asynchronous GET request to the action.pl file on the server. You have written code that defines your request. Which statement should you use next to send it to the server? a. httpReq.send("id=41088"); b. httpReq.XMLHttpRequest("get", "action.pl&id=41088"); c. httpReq.send(null); d. httpReq.open("get", "action.pl&id=41088");
What would be the output of the following code be? import requests url = 'https://httpbin.org/' try: response = requests.get(url) # If the response was successful, no Exception will be raised response.raise_for_status() except Exception as err: print('Error occurred') else: print('Success!')
Modify the server code so that it prints the client’s IP and port number when it receive a new connection. from socket import * serverName = 'localhost' serverPort = 12000 clientSocket = socket(AF_INET, SOCK_STREAM) clientSocket.connect((serverName,serverPort)) sentence = input('Input lowercase sentence:') byteToSend = str.encode (sentence) clientSocket.send(byteToSend) modifiedSentence = clientSocket.recv(1024) print('From Server:', modifiedSentence) clientSocket.close() from socket import * serverPort = 12000 serverSocket = socket(AF_INET,SOCK_STREAM) serverSocket.bind(('',serverPort)) serverSocket.listen(1) print ('The server is ready to receive') while 1: connectionSocket, addr = serverSocket.accept() sentence = connectionSocket.recv(1024) capitalizedSentence = sentence.upper() connectionSocket.send(capitalizedSentence) connectionSocket.close() from socket import * serverName = 'localhost' serverPort = 12000 clientSocket = socket(AF_INET,…
In this task, you should: create a CustomHTTPServer class inherited from the HTTPServer class. In the constructor method, the CustomHTTPServer class sets up the server address and port received as a user input. In the constructor, your web server's RequestHandler class has been set up. Every time a client is connected, the server handles the request according to this class. The RequestHandler defines the action to handle the client's GET request. It sends an HTTPheader (code 200) with a success message Hello from server! using the write() method.
Suppose you are writing JavaScript code to send an asynchronous GET request to the action.pl file on the server. You have instantiated an XHR object and saved it to the variable httpReq. Which statement should you use to begin the request? a. httpReq.open("get", "action.pl&id=41088"); b. httpReq.XMLHttpRequest("get", "action.pl&id=41088"); c. httpReq.send("get", "action.pl&id=41088"); d. httpReq.send(null);
Consider a TaskRabbit application, where a client submits a job for execution. The clientsubmits the job to an agent, who then delegatesit to a worker. The overall protocol goes asfollows: the client sends the description of the task to an agent. The latter then forwardsthe description to a worker. When the task is completed sends the notification back to theagent, who then forwards it to the client. The three (3) participants use two (2) socket-basedprotocols. Betweenthe client and the agent is a UDP-based socket, while the agent and theworker use a TCP-based socket.Extend the TCP-based and UDP-based socket diagrams presented in class to represent theoverall protocol.
USING UBUNTU! Show me all code for each step! Be detailed please. * Apache running * All user html directories named pub. Therefore http://googee.nmu.edu/~fred gets mapped to /home/fred/pub. * Make a new user named WWW. The "/" gets mapped to /home/WWW/pub. Therefore http://googee.nmu.edu gets mapped to /home/WWW/pub/ * A basic index.html file in /home/WWW/pub * Setting such that there are no directory listings and no cgis runnable * The URL http://googee.nmu.edu/icons mapped to /home/WWW/Pictures/icons * Logs stored in /var/log/my_wb_logs in combined logfile format * A web analyzer (webalizer = 0.5, analog = 1.0) that shows activity stats accessable via the web. * The user 'someone' is unable to make web pages in his home directory tree, even if he's tricky. No hand written and fast answer with explanation
n this assignment, you will develop a simple Web server in Python that is capableof processing only one request. Specifically, your Web server will(i) Create a connection socket when contacted by a client (browser)(ii) Receive the HTTP request from this connection(iii) Parse the request to determine the specific file being requested(iv) Get the requested file from the server’s file system(v) Create an HTTP response message consisting of the requested filepreceded by header lines(vi) Send the response over the TCP connection to the requesting browser.If a browser requests a file that is not present in your server, your server shouldreturn a “404 Not Found” error message.Your job is to code the steps above, run your server, and then test your server bysending requests from browsers running on different hosts. If you run your serveron a host that already has a Web server running on it, then you should use a differentport than port 80 for your Web server. Make sure to test your program…
PLEASE USE MULTITHREADING IN THIS PROGRAM SO THAT MANY CLIENTS CONNECTED TO THE SERVER AND EACH CLIENT CAN SEND MESSAGE TO SERVER AND SERVER MESSAGE SHOWN TO ALL CLIENTS AND ONE CLIENT MESSAGE SHOWN TO ALL CLIENTS.PLEASE MAKE CHANGINGS IN THIS CODE. SERVER #include <stdio.h>#include <stdlib.h>#include <string.h>#include <unistd.h>#include <sys/socket.h>#include <sys/types.h>#include <netinet/in.h>#include <arpa/inet.h>#include <pthread.h>#define PORT 5500 void func(int connfd){ char buffer[1024]; int n; while(1) { bzero(buffer, 1024); read(connfd, buffer, sizeof(buffer)); printf("From client: %s\t To client : ", buffer); bzero(buffer, 1024); n = 0; while ((buffer[n++] = getchar()) != '\n'); write(connfd, buffer, sizeof(buffer)); if (strncmp("exit", buffer, 4) == 0){ printf("Server Exit...\n"); break; } }}int main(){ int sockfd, connfd, len; struct…
this is for javaScriptDisplay "bad request" if the response's status is 400. Otherwise, display "not bad request". function responseReceivedHandler() { } var xhr = new XMLHttpRequest();xhr.addEventListener("load", responseReceivedHandler);xhr.addEventListener("error", responseReceivedHandler);xhr.open("GET", "https://wp.zybooks.com/weather.php?zip=90210");xhr.send();
private static Message prepareMessage(Session session, String myAccountEmail, String recepient) { try { Message message = new MimeMessage(session); message.setFrom(new InternetAddress(myAccountEmail)); message.setRecipient(Message.RecipientType.TO, new InternetAddress(recepient)); message.setSubject("Email sent at "); message.setText("Hey There"); return message; } catch (Exception ex) { Logger.getLogger(JavaMailUtil.class.getName()).log(Level.SEVERE, null, ex); } return null; } } ** How would I include current date and current time to show after "Email sent at" in the email subject? ***
Write a program to create a new key pair, and then use the new key pair to launch an EC2 instance, which has 20GB EBS attached, and allows public http request.