Assignment Questionnaire========================NOTE: DO NOT DELETE –> and <--, and place your answers within the marks. Example: --> https://cs6262.gtisc.gatech.edu <--Info====Example: Your GT Username: kpark21-->username Your Username: <--Task 1 (5%)=======1. Which of the following options can adjust iframe’s width and height correctly? A. B. C. D. All of aboveExample: Answer: A–>task_1_1 Answer: D<--2. In order for the tag to open a new tab/window when clicked, what value should you set for the target attribute? (The answer should only contain the value itself). This is necessary for task 5.3.Example: Answer: something–>task_1_2 Answer: _blank<--3. You will see three alerts after running the code below. What numbers you will see in sequence?The answer should be 3 numbers separated by commas with no space, e.g. 1,1,1. Think about why that is the case. You will use this technique in task 5.2.for (var i = 0; i < 3; i++) { const promise = new Promise((resolve, reject) => { setTimeout(resolve, 1000 + i*1000) }); promise.then(() => alert(i));}Example: Answer: 1,1,1–>task_1_3 Answer: 3,3,3<--4. Which of the following can set jsScript to string correctly? Understanding how HTML code is parsed is important.This question is related to task 3. A B ' C ' D None of aboveExample: Answer: A–>task_1_4 Answer: C<--5. Fetch is an api which makes use of promises to send web requests. It is supported by most major web browsers.Study the use of fetch api and try to make a POST request to your Message Receiver Endpoint with payload body being {username: your-GT-username}, e.g. {username: abc123}. What is the hash string you get after POSTing to your endpoint?Example: Answer: ahashstring1235...-->task_1_5 Answer: 11b85d6bc966d2d623800002efb58aa11248d519e4847ab03d24b5f965163f0f9ece4d2fb18505cf0b1d300fa80157847e031cc586986300e44ddf36cd7f7290<--Task 2 (10%)=======1. What is the URL that you can use to exploit the reflected-XSS vulnerability?Example: URL: https://cs6262.gtisc.gatech.edu/vulnerable/endpoint/?payload-->task_2 URL: https://cs6262.gtisc.gatech.edu/search?keyword=%3Cscript%3Ealert%28%27XSS%27%29%3C%2Fscript%3E<--Task 3 (15%)=======1. What is the URL that you can use to exploit the persistent-client XSS vulnerability?Example: URL: https://cs6262.gtisc.gatech.edu/vulnerable/endpoint/?payload-->task_3 URL:<--Task 4 (20%)=======1. What is the hash string you get as admin Example: Hash: 0c307979...-->task_4_1 Hash: <--2. What is the endpoint to retrive the hash?Example: URL: https://cs6262.gtisc.gatech.edu/vulnerable/endpoint-->task_4_2 URL: <--3. Your injected payload. The whole thing you submitted to the backend.It's ok to put it in multi-lines.Example: Payload : whatever whatever–>task_4_3 Payload: <--Task 5 (45%)=======1.1 What is the hash string you see by a successful ReDoS attack?Example: Hash: fdsaf23vcx3r23...-->task_5_1_1 Hash: ae77bdd49bf7a784d147bb7800ace68e5e0ba9c05a8b0b4b1edaa0af70042a9846213d2ed65fa576baeda43dad0aabf99c4eada6e6d319eb065a0afb4ce6cf4d<--1.2. What is the username and password used for such a ReDoS attack?Example: Username: user Password: password-->task_5_1_2 Username: Password: <--2. What are the local web server's IP addresses? Report them in the format ofip1,ip2,ip3,...Example: IP Addresses: 123.123.123.1,123.123.123.2,...-->task_5_2 IP Addresses: <--3.1 What is the URL you used to launch a tabnabbing attack?Example: URL: https://cs6262.gtisc.gatech.edu/vulnerable/endpoint/?payload-->task_5_3_1 URL: <--3.2 What is the hash string you see by a successful tabnabbing attack?Example: Hash: fdsaf23vcx3r23...-->task_5_3_2 Hash: <--
Recent Comments