[SOLVED] Cs6035 web security project 2025

BACKGROUND:

Welcome to the GA Tech bookstore website. It’s a place where you can read and review all of the classics. The creators of the website were pretty junior but ambitious. They created the website in only 2 days! They knew a few things about security and did their best but left some vulnerabilities behind. Your job is to seek these out and find the problems.

SETUP:

To get set up for the flags, carefully follow the steps below. Log into the VM with the websec user.

The password should be in Canvas.

Run this at the terminal to start the Bookstore Website

./StartContainer.sh

TESTING:

You will need to execute a StudentGrader script to test your exploits for all flags. The StudentGrader is a script that will

Run this at the terminal to test your exploit for a flag

./StudentGrader.sh –flag X –gaTechId Y –filePath Z

Here are the valid parameters for the StudentGrader script

You will be learning about modern web based security vulnerabilities in this project. A majority of the attacks are based on the OWASP Top 10 list which is produced and updated every few years.

In particular we will cover these learning topics:

The final deliverables:

A single JSON formatted file will be submitted to Gradescope.

See Submission Details for more information.

Important Reference Material:

Virtual Machine:

TABLE OF CONTENTS

You’ve stumbled upon a publicly available web page that is not finished. It seems like the developers are still working on it but somehow published it to production by accident. The page does not have a link in the main menu so the developers thought no one would find it. Challenge accepted!

Download the required starter template from the VM using Chrome here:

To earn your flag you must alter the template so that it performs these steps when you open it in a browser or run it using the grader:

HINTS:

FLAG TESTING:

To test your flag1.html file and receive the flag, run this command at the command line. Note: replace the gaTechId with your actual GTID.

./StudentGrader.sh –flag 1 –gaTechId 923456789 –filePath /home/websec/Desktop/flag1.html Your web output will look similar to this:

 

Congratulations, you’ve made it this far! Now you’ve noticed some strange behavior. You were experimenting with reviews and found you can post basic html tags and images in the reviews! The developers of the site wanted reviews to be a rich user experience and not just plain text. With great power comes great responsibility though. You’ve found a way to nefariously inject code that runs when any victim loads a page with your exploited review.

This flag will introduce you to the basics of XSS (Cross-Site Scripting) attacks. Specifically you’ll leverage these:

Download from the WebSec VM the required starter template here:

To earn your flag you must alter the template so that it performs these steps when you open it in a browser or run it using the grader.

HINTS:

FLAG TESTING:

To test your flag2.html file and receive the flag, run this command at the command line. Note: replace the gaTechId with your actual GTID.

./StudentGrader.sh –flag 2 –gaTechId 923456789 –filePath /home/websec/Desktop/flag2.html

Note: The grading script will reset the database before it executes your file. Be prepared as any data you have created will be lost.

Your web output will look similar to this:

Malicious user input can be provided using the same techniques, but through different attack vectors. You’ve already persisted malicious data in a review and want to see if there are any other areas of the site that are susceptible to data manipulation. Using your newly acquired XSS skills, you go hunting for more ways to perform this method of attack.

In order to successfully exploit another XSS attack, you will need to figure out another way the site accepts user input and employ a similar technique to perform what’s called a reflected XSS attack. This means the XSS code does not reside in the webpage and does not persist, but is malicious code input in the request and returned in the response. You notice there is a page that allows the user to search for a book and wonder if this page can be exploited.

Your goal is to display a javascript alert containing the text CS6035 on the search page.

You can use the same XSS resources from the previous flag in addition to reflected XSS resources:

Download from the WebSec VM the required starter template here:

To earn this flag by performing the following steps:

HINTS:

https://github.gatech.edu/pages/cs6035-tools/cs6035-tools.github.io/Projects/Web_Security/Flag3.html               1/2 2/17/25, 2:35 AM               Flag 3 | CS 6035

FLAG TESTING:

To test your flag3.html file and receive the flag, run this command at the command line. Note: replace the gaTechId with your actual GTID.

./StudentGrader.sh –flag 3 –gaTechId 923456789 –filePath /home/websec/Desktop/flag3.html Your web output will look similar to this:

Congratulations on reaching this stage! You’ve already navigated through various challenges, and now it’s time to delve into the intricacies of Cross-Site Request Forgery (CSRF) attacks. CSRF is a type of attack that tricks a user into submitting a request to a web application where they are authenticated without their knowledge or intent. This can lead to unauthorized actions being performed on behalf of the user.

For further exploration and a deeper understanding of CSRF and its prevention, consider the following resources:

You’ve learned of a vulnerability that exists on the bookstore website. It appears you can craft an html file that resets a user’s password to one of your choosing when they open it. You plan to embed this file in an email and see who actually clicks on it. They’ll never know!

Download from the WebSec VM the required starter template here:

You must reset an unsuspecting user’s password to HanSolo77 Note: You will not know who the user is so your crafted html file should work for any user of the website.

Earn this flag by performing the following steps:

Hints:                                                                                                                                

FLAG TESTING:

To test your flag4.html file and receive the flag, run this command at the command line. Note: replace the gaTechId with your actual GTID.

./StudentGrader.sh –flag 4 –gaTechId 923456789 –filePath /home/websec/Desktop/flag4.html Your web output will look similar to this:

The developers built an Admin page for power users of the site. Obviously, they couldn’t just let everyone have access to this page so they built a simple RBAC (Role-based access control) system and put it into place. Unfortunately for them, they didn’t do the best job of building these permissions and it can be bypassed! Your job is to bypass any security checks and gain access to this Admin page.

The Admin page can be accessed by clicking the link at the top right of the page. In order for this to work correctly in your html file, you may need to write a little JavaScript and find a place where this can be XSS injected. Knowing these developers, I bet they left some clues. Maybe some files they should have removed before production.

Download from the WebSec VM the required starter template here:

To earn your flag you must alter the template so that it performs these steps when you open it in a browser or run it using the grader:

1 Bypass all permissions checks and open the Admin page fully loaded a Note: You must do all of this in the html template and it must automatically load/open the page

b The URL must start with http://localhost:7149/admin

Hints:

https://github.gatech.edu/pages/cs6035-tools/cs6035-tools.github.io/Projects/Web_Security/Flag5.html               1/2 2/17/25, 2:36 AM               Flag 5 | CS 6035

FLAG TESTING:

To test your flag5.html file and receive the flag, run this command at the command line. Note: replace the gaTechId with your actual GTID.

./StudentGrader.sh –flag 5 –gaTechId 923456789 –filePath /home/websec/Desktop/flag5.html Your web output will look similar to this:

Congratulations on making it this far! You’ve already overcome several obstacles, and now it’s time to dive into Cross-Origin Resource Sharing (CORS). CORS is a security feature in web browsers that allows applications to request resources from domains other than the one hosting the application.

To complete this task, we’ll be working with a different flavour to CORS. Specifically, we will explore how CORS can limit the type of requests that can be made and how expanding on the allowed access control methods will help accomplish this task.

Download the required starter template here:

Your goal is to update the title of book 6 to “Let the fun begin!” and redirect to its Detail View. This needs to be done using JavaScript only. Use this endpoint to make the update:

PUT api/book/{bookId}

Body:

{

“newTitle”: “Title 2” }

Did the attempt fail? Investigate and troubleshoot—think about what might have gone wrong.

Ensure your script addresses the issue and updates the book title. Once you’ve successfully updated the book title, submit the script and earn your flag!

Hint:

Identify an endpoint that can assist you in configuring the CORS allowed methods.

FLAG TESTING:

https://github.gatech.edu/pages/cs6035-tools/cs6035-tools.github.io/Projects/Web_Security/Flag6.html               1/2 2/17/25, 2:36 AM               Flag 6 | CS 6035

To test your flag6.html file and receive the flag, run this command at the command line. Note: replace the gaTechId with your actual GTID.

./StudentGrader.sh –flag 6 –gaTechId 923456789 –filePath /home/websec/Desktop/flag6.html Your web output will look similar to this:

The grader from the output will look similar to this. Copy the flag to flag6 in project_websecurity.json.

Disclaimer: You are responsible for the information on this website. The content is subject to change at any time. © 2024 Georgia Institute of Technology. All rights reserved.

https://github.gatech.edu/pages/cs6035-tools/cs6035-tools.github.io/Projects/Web_Security/Flag6.html                                                                       2/2