Exploiting and fixing security vulnerabilities of an old version of E-Class. Project implemented as part of the class YS13 Cyber-Security.

Aristi_Papastavrou

Last update: Apr 23, 2022

Related tags

Miscellaneous E-Class_PenTesting

Overview

Open eClass 2.3

Development of XSS, CSRF, SQLi, RFI attacks/defences of an older,vulnerable version of eclass. Project implemented as part of the class YS13 Cyber-Security.

Docker Usage

# create and start (the first run takes time to build the image)
docker-compose up -d
@@ -19,34 +16,25 @@ docker-compose start
docker-compose down -v

Hit http://localhost:8001/ in your browser. If this is your first visit you must run the site installer in the browser.

Eclass Settings

Database
- Host : db
- User : root
- Password : 1234
System Settings
- URL of Open eClass : http://localhost:8001/
- Admin's username : drunkadmin

2020 Project 1

Assignment readings: https://ys13.chatzi.org/assets/projects/project1.pdf

Team Members

1115201800154, Αρίστη Παπασταύρου
1115201800156, Νικόλαος Πασσάκος Χατζηορίδης

You might also like...

Staged Payloads from Kali Linux - Part 1,2 of 3

PT Phone Home As penetration testers, we often come up with creative methods to deliver and execute our payloads, such as staged payloads. A staged pa

14 Dec 19, 2022

Friendly open source CMS forged on Codeigniter 3. FI v1.x uses the old lite theme and all modules.

ForgeIgniter v1.x - CI-3.x Friendly open source CMS forged on Codeigniter 3 This version is now discontinued, please check version 2 or 3 for updates.

1 Jan 28, 2022

Tars is a high-performance RPC framework based on name service and Tars protocol, also integrated administration platform, and implemented hosting-service via flexible schedule.

TARS - A Linux Foundation Project TARS Foundation Official Website TARS Project Official Website WeChat Group: TARS01 WeChat Offical Account: TarsClou

9.6k Jan 1, 2023

Automatically delete old SiteTree page versions from Silverstripe

Version truncator for Silverstripe An extension for Silverstripe to automatically delete old versioned DataObject records from your database when a re

35 Dec 7, 2022

The game is implemented as an example of scalable and high load architecture combined with modern software development practices

Crossword game The game is implemented as an example of scalable and high load architecture combined with modern software development practices Exampl

56 Oct 27, 2022

This is a port of the original WireGuard UI bits as implemented by Netgate in pfSense 2.5.0 to a package suitable for rapid iteration and more frequent updating on future releases of pfSense.

This is a port of the original WireGuard*** UI bits as implemented by Netgate in pfSense 2.5.0 to a package suitable for sideloading and more frequent updating on future releases of pfSense. This also includes some improvments such as a proper status page (found under Status / WireGuard Status) and improved assigned interface handling.

195 Dec 23, 2022

Examples of some common design patterns implemented in php

What is a Design Pattern? Design patterns are typical solutions to common problems in software design. Each pattern is like a blueprint that you can c

4 Feb 11, 2022

Roach-example-project - Example project to demonstrate how to use RoachPHP in a Laravel project.

Example repository to illustrate how to use roach-php/laravel in a Laravel app. Check app/Spiders/FussballdatenSpider.php for an example spider that c

11 Dec 15, 2022

Get mobile app version and other related data from Google Play Store, Apple App Store and Huawei AppGallery

Mobile App Version Get mobile app version and other related data from Google Play Store, Apple App Store and Huawei AppGallery. Installation Add to co

11 Mar 15, 2022

Owner

Aristi_Papastavrou

Undergrad of D.I.T at University of Athens (UoA)

GitHub

A PHP dependency vulnerabilities scanner based on the Security Advisories Database.

Enlightn Security Checker The Enlightn Security Checker is a command line tool that checks if your application uses dependencies with known security v

242 Dec 26, 2022

Polonium is a world class old school ✍️ blog website made with Php and Tailwind 🌀

Polonium Polonium is a world class old school ✍️ blog website made with Php and Tailwind ?? to write dump articles about... Yeah I know, you should pr

2 Jan 10, 2022

Applies a patch from a local or remote file to any package that is part of a given composer project.

Applies a patch from a local or remote file to any package that is part of a given composer project. Patches can be defined both on project and on package level in package config or separate JSON file. Declaration-free mode (using embedded info within patch files) is available as well.

245 Dec 15, 2022

A story about SQLinject and a demonstration of some vulnerabilities and tools

Предысловие Если не умру,буду дальше развивать эту тему Идея которая пришла мне в голову,<<А почему бы не рассказать об уязвимостях SQL?>>.Поэтому я б

0 Jun 11, 2022

CaraCracha - a captive portal project made for ISPs on my old city

CaraCracha - a captive portal project made for ISPs on my old city, Sobradinho, state of Bahia, Brazil. I found its code recently and hope it could be useful for someone.

2 Mar 9, 2022

FUGIO: Automatic Exploit Generation for PHP Object Injection Vulnerabilities

FUGIO FUGIO is the first automatic exploit generation (AEG) tool for PHP object injection (POI) vulnerabilities. When exploiting a POI vulnerability,

53 Dec 23, 2022

The Current US Version of PHP-Nuke Evolution Xtreme v3.0.1b-beta often known as Nuke-Evolution Xtreme. This is a hardened version of PHP-Nuke and is secure and safe. We are currently porting Xtreme over to PHP 8.0.3

2021 Nightly Builds Repository PHP-Nuke Evolution Xtreme Developers TheGhost - Ernest Allen Buffington (Lead Developer) SeaBeast08 - Sebastian Scott B

7 Aug 28, 2022

Exploiting and fixing security vulnerabilities of an old version of E-Class. Project implemented as part of the class YS13 Cyber-Security.

Related tags

Overview

Open eClass 2.3

Docker Usage

Eclass Settings

2020 Project 1

Team Members

You might also like...

Staged Payloads from Kali Linux - Part 1,2 of 3

Friendly open source CMS forged on Codeigniter 3. FI v1.x uses the old lite theme and all modules.

Tars is a high-performance RPC framework based on name service and Tars protocol, also integrated administration platform, and implemented hosting-service via flexible schedule.

Automatically delete old SiteTree page versions from Silverstripe

The game is implemented as an example of scalable and high load architecture combined with modern software development practices

This is a port of the original WireGuard UI bits as implemented by Netgate in pfSense 2.5.0 to a package suitable for rapid iteration and more frequent updating on future releases of pfSense.

Examples of some common design patterns implemented in php

Roach-example-project - Example project to demonstrate how to use RoachPHP in a Laravel project.

Get mobile app version and other related data from Google Play Store, Apple App Store and Huawei AppGallery

Owner

Aristi_Papastavrou

A PHP dependency vulnerabilities scanner based on the Security Advisories Database.

Polonium is a world class old school ✍️ blog website made with Php and Tailwind 🌀

Applies a patch from a local or remote file to any package that is part of a given composer project.

A story about SQLinject and a demonstration of some vulnerabilities and tools

CaraCracha - a captive portal project made for ISPs on my old city

FUGIO: Automatic Exploit Generation for PHP Object Injection Vulnerabilities

The Current US Version of PHP-Nuke Evolution Xtreme v3.0.1b-beta often known as Nuke-Evolution Xtreme. This is a hardened version of PHP-Nuke and is secure and safe. We are currently porting Xtreme over to PHP 8.0.3

Version is a library that helps with managing the version number of Git-hosted PHP projects

Group of projects completed by me as a part of Intern at LGM

A lightweight framework-agnostic library in pure PHP for part-of-speech tagging