Information Leakage Level No(s)
War Game
Level
0
Affected resources:
http://ec2-3-14-88-12.us-east-2.compute.amazonaws.com/level1/level1.php
Description:
The vulnerability witnessed is here is that of information lekage.
Observation:
The observation made revealed the method of attack and relationship to vulnerability In this case,
viewing the page source code exposed the client user name and password for level 1. Therefore, the
obseervatiion revealed that, no effort have been made to conceal the authentication details. Hnece,
the attacker can always view the credentials by right-clicking on the page and selecting “View Page
Source” which displayed the “hidden” credentials for Level 1 in plain text
Screenshot:
Level Credentials:
Level 1 Password:
Domain
Impact Analysis:
The fact that user credentials can be redily available in plain text is a dangerous trend. This
can cause easy access to intruders and cause heavy damage to the resources.
Recommendation:
Credenatials should never be left in plain text and through scrutinity should be done after
development to remove them incase of their presence.
Information Leakage Level No(s)
War Game
Level
1
Affected resources:
Description:
Observation:
The observation made revealed the method of attack and relationship to vulnerability In this case,
viewing the page source code exposed the client user name and password for level 1. Therefore, the
obseervatiion revealed that, no effort have been made to conceal the authentication details. Hnece,
the attacker can always view the credentials by right-clicking on the page and selecting “View Page
Source” which displayed the “hidden” credentials for Level 1 in plain text
Screenshot:
Level Credentials:
Level 2 Password:
Analysis
Impact Analysis:
The fact that user credentials can be redily available in plain text is a dangerous trend. This
can cause easy access to intruders and cause heavy damage to the resources.
Recommendation:
Credenatials should never be left in plain text and through scrutinity should be done after
development to remove them incase of their presence.
Directory Traversal Level No(s)
War Game
Level
2
Affected resources:
Description:
Observation:
Screenshot:
Level Credentials:
Level 3 Password:
Impact Analysis:
Recommendation:
Directory Traversal Level No(s)
War Game
Level
3
Affected resources:
Description:
Observation:
Screenshot:
Level Credentials:
Level 4 Password:
Impact Analysis:
Recommendation:
Weak Encryption Level No(s)
War Game
Level
4
Affected resources:
Description:
Observation:
Screenshot:
Level Credentials:
Level 5 Password:
Impact Analysis:
Recommendation:
Weak Encryption Level No(s)
War Game
Level
5
Affected resources:
Description:
Observation:
Screenshot:
Level Credentials:
Level 6 Password:
Impact Analysis:
Recommendation:
Weak Encryption Level No(s)
War Game
Level
6
Affected resources:
Description:
Observation:
Screenshot:
Level Credentials:
Level 7 Password:
Impact Analysis:
Recommendation:
Cookie Manipulation Level No(s)
War Game
Level
7
Affected resources:
Description:
Observation:
Screenshot:
Level Credentials:
Level 8 Password:
Impact Analysis:
Recommendation:
SQL Injection Level No(s)
War Game
Level
8
Affected resources:
Description:
Observation:
Screenshot:
Level Credentials:
Level 9 Password:
Impact Analysis:
Recommendation:
SQL Injection Level No(s)
War Game
Level
9
Affected resources:
Description:
Observation:
Screenshot:
Level Credentials:
Level 10 Password:
Impact Analysis:
Recommendation:
References
Any research, citations, or work which is not your own should go here.
NOTE: once your report is ready, you should
get feedback from your teacher before you
submit the final copy.