Assignment on Oracle Virtual Machine Installation

Verified

Added on 2021/11/22

AI Summary

The lack of web security allows various vulnerabilities and threats to the respective system from the attackers, which could be dangerous. For instance, leakage of sensitive data. Thus, it is essential to secure the computer, internet connection, and web browser. The encryption method can be used to safeguard sensitive information. The accounting information system can be used for the collecting of data processing and they are stored in the data that are used by the decision-makers. 

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

869834-website security

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Table of Contents
1 Introduction.................................................................................................................................2
2 Oracle virtual machine installation............................................................................................2
3 Target 1.XSRF.............................................................................................................................3
4 Target 2-XSS Username and Password Theft...........................................................................8
5 Target 3 SQL injection..............................................................................................................12
6 Conclusion..................................................................................................................................14
References..........................................................................................................................................15

1 Introduction
Web security is very essential factor, for every individual or an organization.
Especially, for the banks. Because, the lack of web security allows various vulnerabilities and
threats for the respective system from the attackers, which could be dangerous. For instance,
leakage of sensitive data. Thus, it is essential to secure the computer, internet connection and
web browser. The encryption method can be used to safeguard the sensitive information. The
accounting information system can be used for the collecting of data processing and they are
stored in the data that are used by the decision makers. An accounting information system is
generally used for computer based method for the hacking account activity of the information
technology.
The main objective of this project is to develop the web security on banking and
account information payroll system using virtual machine. The login to the virtual machine to
enter the root name and password information. The software can install it and put and enter
the command on startx, after loading on the payroll webpage and can processing of the each
steps1. They can use for the three targets likewise, XSRF, XSS Username and password
Theft, SQL injection, which will be investigated.
2 Oracle virtual machine installation
1Stuart McClure, Joel Scambray and George Kurtz, Hacking Exposed (McGraw-Hill/Osborne, 2012).

3 Target 1.XSRF
The cross-site request forgery (XSRF or CSRF) refers to a method used to attack the
website, where the intruder impersonates as one of the legitimate and a trusted user. The
XSRF used for the malicious exploit of a website unauthorized commands are transmitted
from a user they can access of the web application they can specified the target state changing
request and to identify vulnerability. The Georgia tech payroll system the user can enter the
user name and password to login on the site, if the user can already login on the system of
Georgia payroll web pages the Alice once visit the webpage and find the redirection of
Georgia payroll system with the account number and routing number is displayed on the
Username of the system.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Open the website URL on http://payroll.gtech.edu is only visiting on the Web Pages
using oracle virtual machine. The payroll accounting information they can fetch the all
information of the website

List of PHP page and lines of vulnerability,
The XSRF attack is occurs on the malicious website on payroll information systems
that are includes email id, account id or program causes. The user can access to the website
can be performed on the unwanted action on a trusted site of which user can login to the
currently authenticated.
The XSRF is attacked to the web site using logged on the victims browser to sending
the forged html request , that are including the accounting session and any automatically
includes and provides the authentication information to the user, it can access to a vulnerable
web application.
The user can login to the website of the link will be sending to attackers to the
accounting session when the user can enter the username and Account ID once login to the
site and user can click on the URL link and once logging to the original website, the data
will be stolen from the web site.
Accounting implication
The user can use the vulnerability as the attackers once can changing to the user
profile information., and changing the account status, the attackers can creating the a new
user or admin behalf, etc.
There are using the vulnerable objects like,
 User profile pages
 User accounting pages
 Transaction page

Example
The user can log into the accounting website using the valid credentials. Once user
can login on the site and sending the verification authenticate mail form the attackers can
saying the user “Please click the valid login”
http://payroll.gatech.edu/account.php"
When the account can be click on it, a valid request will be creating on the URL link on the
particular account details.
Security misconfiguration
The security misconfiguration that can used for the hacking on the website can used
the unauthorized person.
Vulnerability objects are,
 URL
 Form fields,
 Input fields,
 Example,
The application server admin console is automatically installed and not removed. Default
account is not changed. The user can login to the accounting page and the attackers can log
in with and set the default password and can use the unauthorized access.
In our case we have using the PHP session it can be kept active by making the request site
using the session value in the request, and without the web application of the logout session.
The wit outing session value request let us assume assigning the new values of the request
URL. Depending on the web application it can used for many it will discussing on the two
requests as two different users without the login Id. This means if you were to use payroll
banking information and the accounting form the same device (even sharing the same IP and
user login Id) the web application could believe its two different users. Also depending on the
web site application, you may be able to switch between the user can generate the Account
number and routing number as long as they are both still active on correct or wrong on the
web service.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Display the stored account details,
Redirect login web page,
Source code is attached here.

4 Target 2-XSS Username and Password Theft
The order to run malicious JavaScript code in a victim's browser, an attacker must
first find a way to inject a payload into a web page that the victim visits. ... In order for an
XSS attack to take place the vulnerable website needs to directly include user input in its
pages2.
The vulnerability objects are,
 Login page,
 Mailing page,
 URL link page.
Sending mail to request on local host php page,
We can use for the URL link http://hackmail.org/sendmail.php on the website .The
user can send the mail to the local user account and send to the request on the local host web
security on the same page.
2John Covaleski, Hacking (ReferencePoint Press, 2013).

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Source code is attached here.
The php vulnerability, which can used of the mail hacking request on the local host
i. Identify objective of key security,
ii. Create an overview of the application by itemising the important characteristics of
that application.

iii. Application to identify the features and modules that have a security impact, and
that need to be evaluated.
iv. Identify the all threats.
v. User can send the request on the all-mail it will be hacking.
5 Target 3 SQL injection
User can browser and send the request on mail to the input of the server, and it will
stored the all data processing in php vulnerability. In order to run malicious SQL queries
against a database server, an attacker must first find an input within the web application that
is included inside of an SQL query. In order for an SQL Injection attack to take place, the
vulnerable website needs to directly include user input within an SQL statement.
The vulnerable objects includes,
 Application database,
 Login page,
 URL link page
 Data storage page.
Hacking on the email commands targets,

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Source code is attached here.
6 Conclusion
From this report, the importance of web security is understood, especially, for the
banks. As, the lack of web security allows various vulnerabilities and threats for the
respective system from the attackers, which could be dangerous. For instance, leakage of
sensitive data. Thus, it is essential to secure the computer, internet connection and web
browser.It is observed that encryption helps to secure sensitive data. The research of this
project is to develop the web security on banking and account information payroll system
using virtual machine, which is completed successfully. The Oracle virtual machine
installation is completed in this report, which uses the three targets like, XSRF, XSS
Username and password Theft and the SQL injection that are completed.

References
Covaleski, John, Hacking (Reference Point Press, 2013)
McClure, Stuart, Joel Scambray and George Kurtz, Hacking
Exposed (McGraw-Hill/Osborne, 2012)

1 out of 16

Assignment on Oracle Virtual Machine Installation

Contribute Materials

Secure Best Marks with AI Grader

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Related Documents

INFORMATION SYSTEM THREATS, ATTACKS AND DEFENSES.

Computing Technologies Assignment Report

Cross Site Scripting (XSS) and Software Security

Ethical Hacking: Case Study on Virtual Machine with Flags and Techniques

Ethical Hacking: Case Study on Virtual Machine with Flags, Web Server, Web Shells, Password Cracker, TCP Port Scanner and Privilege Escalation

Ways of Attacking a Web Application in PHP: SQL Injection, XSS, Session Hijacking, Directory Traversal, and Remote File Inclusion

+13062052269

info@desklib.com