Internet Programming Lab 4: Security
Due: Reports Due Thursday May 7th at 5pm.
Given the information discussed in class. Break into a simple web
application and find the username and password of the privilaged user.
You may work in groups of up to two. If you wish to do so both group members must be present during both the attempts to find
the username and password and during the writing of the report.
Please have both group members of multi person groups sign the report indicating that they have abided by this guideline.
Note, since this lab is posted on the web, I will be deliberatly vague about some things. I will discuss details in class.
You will have access to a small web application that uses authentication. There are two registered
users Student and the one you have to find. Student's password is 'sample'. Your job is to find
out what the priviliged users username password is.
You can find the application at http://csdev02.bridgew.edu:10001/~jsantore/lastProj/
It is quite
possible that this app is not terribly secure. (in fact several of the
security issues we've talked about in class are deliberatly left in) So
I've made it a pretty minimal application.
What you need to hand in:
You will hand in a report which includes
And yes you need to write this properly. Complete sentances and proper grammer are both appropriate.
- Your name(s)
- The usernamen and password for the priviliaged account
- A description of the sucessful method that you used to discover the password.
- A description of any failed attempts.
If you wish to turn the project in at a time that I am not in the
office, just slip the paper under my door - remember to sign the paper
if you are doing more than one student per project.