Cheesebook
15/12/2021
Testers:
The XSS rat - [email protected]
BE0508.999.580
0476876632
We were able to identify several high severity vulnerabilities, some of which can easily lead to account takeover. Security seems to be lacking in a few key areas and it's recommended to go through each item and see if remidiation is required.
In this assignment, we are testing in accordance to the OWASP top 10 web vulnerabilities. We are looking for each item on the list and following the OWASP web testing guide:
https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/07-Input_Validation_Testing/11.1-Testing_for_Local_File_Inclusion
There seems to be a BAC since everyone can open up viewUsers.php and see the contents of the user list.