You must hand in by using
Send a mail to
handin <subjectname>' in the subject line of your mail
Back in the section called “PHP Prerequisites, OOPHP” we had a
page 1 that only an authenticated user had access to.
Now let that page create entries into
a table named
abstract. It might look like
create table abstract ( id int unsigned not null auto_increment, entered datetime not null, enteredby varchar(16) not null, authors varchar(128) not null, reftitle varchar(64) not null, abstract varchar(4096) not null, primary key(id), foreign key(enteredby) references user(uid) );
Once the above is tested, this means once you can insert
abstracts into the database from page 1,
use the insert form to inject
a script into the
abstract column. This
script must snatch the cookies from the browser where
the abstract is displayed, and send them to a page
your own server. This page could add them to a textfile
The above requires, of course, that the
declaration inserting the abstract into the database is not
protected by prepared statements.
Hand in the repo including the previous and this solution as one.
There is of course an element of own research in this.
I suggest you look at the
Back in the section called “PHP Prerequisites, OOPHP” we also had an authentication free page 2. Now in that page the code should create some, let's say 3, three, cookies:
After the tests, clear cookies from the domain, and then activate the page. Use your browser preferences to reveal all three cookies. Put the content into a textfile, and hand in the textfile.
When everything works, and you have cookies placed in the browser, you may run the previous assignment, to check if the malicious script gets the cookies.
You may combine the hand in of this assignment with the next such that everything is in one repo.