Clik here to view.
Attack A: Stealing Cookie
For an input for in this web: <form name="profileform" method="GET" action="users.php"> <nobr>User: <input type="text" name="user" value="" size=10> <input type="submit"...
View ArticleClik here to view.
Attack B: Cross Site Request Forgery
This attack probably a more suited example for Paypal or EBay. For this example, suppose you have a transfer.php page that looks like this: <form method=POST name=transferform...
View ArticleClik here to view.
Attack C: SQL Injection
In this case, we want to know how to retrieve an attribute that only exists in the database. Suppose we use the user.php on Attack A for querying a user profile. The task is to know the SecretID of a...
View ArticleClik here to view.
Attack D: Profile Worm
In this attack, we are to manipulate a malicious profile to behave whenever a user visits the attacker profile, he will transfer 1 peanut to the attacker account. This attack is actually inspired by...
View ArticleClik here to view.
Attack E: Password Theft
The final task of this project or the “fun part” is to steal someone’s password from the website. The user will initially not logged in to the website. When an attacker creates an HTML file and send it...
View Article
