HIGHER COLLEGE OF TECHNOLOGY

DEPARTMENT: Information Technology

Final Assignment
Semester: 2 A. Y.: 2019/2020

Course Code ITSY303 | ITDB4109

Course Name Web Applications Security | Web Application and Database Security
Level Advanced Diploma | Bachelor

Student Name
Student ID
Exam Set (A, B, C, etc.) Set A

Instructions:
1. Make sure to read and understand the General College Guidelines and Student Declaration Terms and
Conditions found in the Cover Page.

2. Send the scanned SIGNED COPY of the Declaration Form along with this answer scripts to the Lecturer.
The Lecturer will NEVER mark any answer scripts without this signed Declaration Form. [If printer is not
available, write the Declaration Form in A4 paper and affix your signature.]

3. Upload the ANSWER SCRIPTS ALONG WITH THE DECLARATION FORM in the appropriate
platform/tool as written on the exam paper.

Obtained Marks Max. Marks Section

33 A

7 B

40 Total

First Marker : Second Marker:

Signature: Signature:

Date : Date :

Higher College of Technology

1 Page
 Information Technology Department

STUDENT DECLARATION FORM

FOR ASSIGNMENT

DEPARTMENT GUIDELINES: TERMS AND CONDITIONS

1. Never share or post the test questions or answer scripts for any purpose.

2. Starting from the posting of the question test papers online, the students are given exactly 48 hours to submit their
answers.

At the end of the 48 hours, the submission link shall be deleted or deactivated. NO EXTENSION WILL BE
GIVEN. Failure to submit the answer within the 48-hour period will result to ZERO mark.

3. In case of technical problems, inform the Lecturer immediately through the HCT Email or through chat message in
MS Teams, at least two (2) hours before the expiration of the 48-hour period.

4. For IT exams, there is a separate Answer Script Template where students should type their answers.

For Math exams, handwritten answers are allowed. Make sure to include Student Name on each page and the
question number to avoid confusion.

5. Do the proper citation in every answer taken from other sources, if applicable.

6. For handwritten answers, submit a SCANNED COPY of the answers IN SINGLE FILE. [You can use any available
mobile app scanner if in case you do not have a scanner device.]

7. Send the scanned SIGNED COPY of this Declaration Form along with the answer scripts to the Lecturer. The
Lecturer will NEVER mark any answer scripts without this signed Declaration Form. [If printer is not available, write
this Declaration Form in A4 paper and affix the signature.]

8. Upload the ANSWER SCRIPTS ALONG WITH THE DECLARATION FORM in the appropriate platform/tool
as written on the exam paper.

9. Always abide by the College Academic Integrity and Honesty Policy found at
https://www.hct.edu.om/pdf/pms/academic-integrity-and-honesty-policy.pdf.

10. Abide by the guidelines mentioned above and any violation of the same will be subjected for a disciplinary action or
get ZERO mark, as the case may be.

STUDENT DECLARATION

I, (Student’s Name)…… …………….……………………………………………… with (Student’s ID): ……………. of

……………. (Level)………………….. and who belongs to (Section)……… of the (Course Code/Course Title)
………………………..…………………………………. offered by the (Department)………. department, hereby declare that
my submission of Assignment is a result of my own original work except for source materials explicitly acknowledged by
.proper citations

I also understand that plagiarism and cheating are offenses that can lead to disciplinary action and GRADE OF ZERO, as the
.case may be

..………………………………………… :Signature
.…………………………… :Date (dd-mm-yyyy)

Analyze the scenario and answer the following questions: (33 marks)

2 Page
I: Case Scenario:

1. A Customer is shopping online at www.gadgetwisdom.com. He reached up to the below page to

review his order cart selection before he proceeds with the payment.
Cookie values and Some Code snippets of the source code given below. [7 Marks]

Cookie values:

Tracking: 3457842253454757834434569823081726

Prod_Status: 3456127456788356464233245234543543

Code snippets:

3 Page
 i. What is the maximum quantity allowed for the product Mackbook Air? [1]

<form method=”post” action=“selection.php”>

<b>You have 2 item(s) in your cart.</b><br>
------------------------------------------------------------------------------------------------
--<br>

MacBook Air

<input type=”text” name =”itemcount1” maxlength=”2”> $1998.00 <br>

……………………………………………………………

MacBook

<input type=”text” name =”itemcount2” maxlength=”1”> $1998.00 <br>

……………………………………………………………

……………………………………………………………

<input type = “hidden” name = “Price” value = “1998”>

<input type = “submit” value = “Submit”>
</form>

ii. How a hacker can bypass the restriction imposed on the Item Counts? ( Explain two methods
of exploitation for this vulnerability). Suggest a security solution to this problem. [3]

iii. Identify other vulnerability found in the above scenario than what is identified in Q1.ii.?
Suggest a security solution the security solution for the identified vulnerability. [2]

4 Page
 iv. In your point of view, is it advisable to store the price as a cookie along with cookie values to
improve the security? Justify your answer [1]

Tracking: 3457842253454757834434569823081726

Prod_Status: 3456127456788356464233245234543543

Price: 1998

2. Analyze the following scenario and answer the questions. [5 marks]

- Assume that changepass.aspx shown in the above can only be accessible after a successful login.

i. Identify the three design vulnerabilities in the above scenario. [3]

ii. Explain or Draw the Correct design of the change password page. [2]

5 Page
3. Analyze the scenario given below and answer the questions. [3 Marks]

i. Find any three vulnerabilities in the above scenario.

#1 Vulnerability:

#2 Vulnerability:

6 Page
 #3 Vulnerability:

4. In this scenario, the pages shown below are from an online training website. As a White Hat
hacker, you have identified that there are SQL injection vulnerabilities in these pages. [7 Marks]
Login Page

7 Page
 Search for Training Details Page

Analyze the pages (Login page and Search for Training Details page) above and answer the following questions.

i. Suggest the SQL injection code for the two scenarios below where a normal user can login as admin

from the Login page.

a. Scenario1: If the user knows userid of the admin as “admin” but doesn’t know the password.
[1]

b. Scenario2: If the user doesn’t know both the userid of the admin and the password. Assume that
here in this scenario, the system even blocks the comment symbol from the input.
[1]

ii. Suppose you have decided to use the UNION operator to display another table contains confidential
data like password or credit card details. Write down the steps involved to show the userid and
password within the search result? [5]

8 Page
5. Analyze the Guestbook page shown below and answer the following questions.

9 Page
 [7 Marks]

i. Identify the type of Cross-Site Scripting vulnerability that can be in the above scenario. [1]

ii. Demonstrate the steps for stealing the session token of a user by exploiting the above vulnerability.
Also, write any Javascript code snippets for stealing the cookie values. [6]

10 Page
6. Below is a page from shoppingwebsite.com called bill.php which has input controls to be filled
by the user. [4 Marks]

11 Page
 Identify the kind of Input Handling approach that is used for the following scenarios:

i. Allow using only ‘Oman’ as a Country input.

ii. Remove special characters from the 1st Line Address input before processing it.

iii. Not allowed to use any number in Full Name input.

iv. The system verifies the Phone submitted belongs to the user who owns it.

II: Application based ( 7 × 1 = 7 marks )

7. Below are the two cases from the Burp suite proxy for intercepting the web traffic.

12 Page
Case1: Request and Response messages :-

GET / HTTP/1.1
Host: ebay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:75.0) Gecko/20100101 Firefox/75.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: close
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 -------------

Location: https://www.ebay.com/

Case2: Request and Response messages:-

GET / HTTP/1.1
Host: www.ebay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:75.0) Gecko/20100101 Firefox/75.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: close
Upgrade-Insecure-Requests: 1

13 Page
HTTP/1.1 200 OK
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
content-security-policy: default-src 'self' blob: wss: data: https:; img-src 'self' data: https:; script-src
'self' 'unsafe-eval' 'unsafe-inline' blob: data: https:; style-src 'self' 'unsafe-inline' data: https:;
Content-Type: text/html;charset=utf-8
rlogid: t6klaook%60b0%3D%3C%3Dosuojbnkmcc4%3B(5030%3E%3E%3A-172221f9924-0x303
strict-transport-security: max-age=31536000
x-envoy-upstream-service-time: 28
Server: ebay-proxy-server
X-EdgeConnect-MidMile-RTT: 52
X-EdgeConnect-Origin-MEX-Latency: 38
Date: Sun, 17 May 2020 10:13:15 GMT
Connection: close
Set-Cookie: dp1=bbl/OM6283753b^; Domain=.ebay.com; Path=/; Expires=Tue, 17 May 2022
10:13:15 GMT
Set-Cookie: nonsession=BAQAAAXAiGIjaAAaAADMAAWZlZjllNd99OBJnwcH4eFl67ujODIjgomJk*;
Domain=.ebay.com; Path=/; Expires=Tue, 17 May 2022 10:13:15 GMT
Set-Cookie: s=CgAD4ACBewl+7MjIxZjk5MzAxNzIwYWE2NjM2YTZlZjVlZmVmOWU1MGW0OOx8;
Domain=.ebay.com; Path=/; HttpOnly
Set-Cookie: ebay=%5Esbf%3D%23000000%5E; Domain=.ebay.com; Path=/
Content-Length: 190201

<!DOCTYPE html>
<!--[if IE 9 ]>
<html class="ie9"> <![endif]-->
<html lang="en">
-----------------------------
-----------------------------
-----------------------------

14 Page
- Analyze the messages in each case above to answer the following questions.

i. Does the Client request accept the Arabic page from the server? Justify your answer from the
given messages.

ii. What error is identified in Case1?

iii. Will the server maintain the TCP connection even after the client request is processed? Justify.

iv. What is the size of the body (in Bytes) of the response message in Case2?

v. What is meant by the Date shown as?:-

Date: Sun, 17 May 2020 10:13:15 GMT

vi. Identify the below statement is true about the messages above? Justify your answer.

“The Client sends a Cookie value ( eBay=%5Esbf%3D%23000000%5E; ) to the Server.”

vii. Identify the Web Server used in the above scenario.

15 Page