Tasks. Your task is to perform the following security tests on this web application.
Part A: Personal Private Information Security Test
In this part, your aim is to do security testing of the personal private information part of the web app.
For this, you are given member 1’s password, namely:
Ro4mvSemq45xfepvaEr24
(1) Here, we consider an attack against member 1 by some outsider (non-member) attacker. Try
logging in with the given member 1 password, and examining that member’s private information.
Based on the application behavior, where on this page could there be a possible point where a
reflected XSS vulnerability might exist? Why? Perform a test to see if an XSS vulnerability exists
for an attack against member 1, and explain your test, its results, and conclusion on why/why not
such a vulnerability exists and can be exploited. (1 mark)
(2) Test the application against an attacker who is one of the authorized group members, in particular
the member with ID number 1. Can that member gain unauthorized access to another member’s
personal private data? If so, explain the vulnerability you found and how member 1 can exploit
it, show any private member data exposed by the attack, and briefly explain how the vulnerability
could be eliminated. In any case, explain the tests you did, the results, and your interpretation of
them.