Download the lab instructions.
XSS Lab:
WE WRITE PAPERS FOR STUDENTS
Tell us about your assignment and we will find the best writer for your project.
Write My Essay For MeSQL Injection Lab:
CSRF Lab:
Youtube Lessons
The following Youtube lessons can guide you through the SEED Lab instructions shared above. Recommended for those who need more clarifications on the topics.
XSS Lab:
SQL Injection Lab:
CSRF Lab:
Lab Environment
Use Franklin University’s netlab environment to complete the lab. Please refer to the Netlab Reservation Instructions.
Instructions
Explore an XSS attack
1. Click on the “SEED”.
2. Open the Firefox browser.
3. Click on the “Sites for Labs” folder on the bookmarks bar.
4. Click the “XSS Lab Site” shortcut which will load the vulnerable web application: www.xsslabelgg.com
5. Login with the credentials: samy as username and seedsamy as the password
Think about this scenario:
· www.xsslabelgg.com is a social media or e-commerce platform. Members have public profiles, and they can see each other’s profiles.
Samy (You) is a malicious actor. Samy wants to steal session cookies from other members and to change their profiles. You will perform a proof of concept XSS attack in this lab.
This attack will not allow you to change other user’s profiles; however, the mechanisms of doing this will be the same and a matter of writing a different code. If you want to change other user’s profiles or even write an XSS worm, you can refer to XSS Lab instructions.
6. Click on the small square at the top left corner to enter your profile on www.xsslabelgg.com.
7. Click the Edit profile button below the user profile image.
8. On the About me box, click Edit HTML link which will turn off the Visual Editor.
9. Type this JavaScript code <script>alert(document.cookie)</script> as shown below.
10. Click Save.
Think about this scenario:
Alice (victim) visits the profile of Samy. (Samy may send the URL of his profile to Alice. There are many ways of distributing this “malicious” website.)
As easy as Alice visits the Samy’s profile, she will be the victim of this XSS attack.
11. Log out from Samy’s account.
12. Log in to the platform by using Alice’s account. Username: alice; Password: seedalice
13. Visit the profile of Samy. Take a screenshot of the alert box.
14. Log in to the platform by using another member’s account. Username: boby; Password: seedboby
15. Visit Samy’s profile. Take a screenshot of the alert box.
Explore a SQL Injection attack
1. Open another Firefox browser on SEED virtual machine.
2. Click on the “Sites for Labs” folder on the bookmarks bar.
3. Click the “SQL Injection Site” shortcut which will load the URL www.seedlabsqlinjection.com
4. Refer to the SQL Injection Lab instructions. Analyze the code snippet showing how users are authenticated in this document (Page 3-4)
5. Complete Task 2.1 at the page 4 of the SEED Lab Instruction. Take a screenshot of the screen that shows the information of all employees.
6. If you need a hint, contact your professor.
Questions
1. Submit screenshots.
2. Summarize what you’ve done in the XSS lab as if you are explaining it to a non-technical person. Describe at least one method that prevent XSS attacks.
3. Which part of the code snippet causes the SQL injection attack? How do you fix the SQL injection vulnerability on www.seedlabsqlinjection.com login page?
Order Original and Plagiarism-free Papers Written from Scratch:
