Description
Please ask any questions you may have. Please ask me any questions and also the attached file is added.
Unformatted Attachment Preview
Prompt 1
Questions
1. (10 points) Intercepting a login request with the credentials of “joe” and “pass” displays the
following URL:
http://www.wahh-app.com/app?action=login&uname=joe&password=pass
What three vulnerabilities can be diagnosed by simply looking at this URL?
2. (2.5 x 8 = 20 points) You log in to an application at the following URL:
https://app.news24hours.com/login/home.php
After successful authentication, the server sets the following cookie:
Set-cookie: sessionId=1498172056438227; domain=app.news24hours.com; path=/login;
HttpOnly;
To which of the following URLs will the sessionId cookie be submitted? Explain why or why not.
a) https://app.news24hours.com
b) https://app.news24hours.com/login/myaccount.php
c) https://web.news24hours.com/login
d) https://raw.app.news24hours.com/login/home.php
e) http://app.news24hours.com/login/myaccount.php
f) http://app.news24hours.com/logintest/login.php
g) https://app.news24hours.com/logout
h) https://testapp.news24hours.com/login/myaccount.php
Note: The HttpOnly flag does not determine whether cookies are transmitted via HTTP or HTTPS
connections. It only
specifies that cookies are not accessible via client-side scripts.
Purchase answer to see full
attachment
