CYBE230 Lab 8 - Traditional Web Vulnerabilities

In class, we had begun to talk about different websites, and how there can be a variety of different stacks that a website can be built on. With one of the oldest and open source variants being the LAMP (Linux, Apache, MySQL, and PHP) stack. After getting it installed we got the default install up and running, we created a simple Hello World page that we could visit.

To talk about potential vulnerabilities in the LAMP stack we downloaded a pre-made login and user page, and created a SQL database with the user information. The first issue that we showed was how the Apache web server does not force HTTPS, and allows HTTP for all pages by default. With this we logged into the website while logging traffic, and saw the username and password sent in plaintext to the server. To remedy this issue, we created a self-signed SSL certificate, and set up Apache to force usage of HTTPS.

The next vulnerability we talked about was an SQL injection vulnerability. On the login page we were told that the password field is vulnerable to SQL injection. We were given an example of password' OR '1' = '1 would log in the user even without the correct password. As the SQL statement sees the end of the string with the first single quote, and interprets the rest of the command as SQL code, which will always evaluate as true since 1 does equal 1. We then changed the password for the user we logged in as to show we did have control as that user. This issue is caused by not properly escaping the input that a user provides. If the user enters a string it should be sanitized before being used in a SQL statement.