Review (Part 1)
- Download and install secrets.zip in the root of your public_html directory.
- View secrets in Firefox. This stores a list of secrets in
a database as well as stores the users last secret in their session.
Now store a secret on the server. Open Chrome to and see all of the secrets.
Find the cookie in Firefox, login to cp3101b-1 and issue an HTTP/1.1 request using telnet
which retrieves the last secret that this Firefox user placed in the system.
Write your solution in http.txt.
- Do a security audit of my application. Is it SQL Injectable? Is it Cross Site Scriptable?
How do you know? Play nice! We are all sharing the same database etc.
Write your answer in audit.txt.
- Finish your copy of my applcation.
- Make sure that your version of the application is more secure than mine. Consider XSS, SQL Injection, file permissions.
- Write CSS to make your version look like the screen shots below.
- Add Javascript to your version of show.php so that it updates every second with the latest collection of secrets.
- Zip up and submit everything here
Screenshots