Exploiting and fixing security vulnerabilities of an old version of E-Class. Project implemented as part of the class YS13 Cyber-Security.

Overview

Open eClass 2.3

Development of XSS, CSRF, SQLi, RFI attacks/defences of an older,vulnerable version of eclass. Project implemented as part of the class YS13 Cyber-Security.

Docker Usage

# create and start (the first run takes time to build the image)
docker-compose up -d
@@ -19,34 +16,25 @@ docker-compose start
docker-compose down -v

Hit http://localhost:8001/ in your browser. If this is your first visit you must run the site installer in the browser.

Eclass Settings

  • Database
    • Host : db
    • User : root
    • Password : 1234
  • System Settings
    • URL of Open eClass : http://localhost:8001/
    • Admin's username : drunkadmin

2020 Project 1

Assignment readings: https://ys13.chatzi.org/assets/projects/project1.pdf

Team Members

  • 1115201800154, Αρίστη Παπασταύρου
  • 1115201800156, Νικόλαος Πασσάκος Χατζηορίδης
You might also like...
Friendly open source CMS forged on Codeigniter 3. FI v1.x uses the old lite theme and all modules.
Friendly open source CMS forged on Codeigniter 3. FI v1.x uses the old lite theme and all modules.

ForgeIgniter v1.x - CI-3.x Friendly open source CMS forged on Codeigniter 3 This version is now discontinued, please check version 2 or 3 for updates.

Examples of some common design patterns implemented in php

What is a Design Pattern? Design patterns are typical solutions to common problems in software design. Each pattern is like a blueprint that you can c

Automatically delete old SiteTree page versions from Silverstripe

Version truncator for Silverstripe An extension for Silverstripe to automatically delete old versioned DataObject records from your database when a re

Group of projects completed by me as a part of Intern at LGM
Group of projects completed by me as a part of Intern at LGM

LGMVIP-Projects Group of projects completed by me as a part of Intern at LGM Author Details: Name : MAINAK CHAUDHURI Position : Web Developer Intern,

A lightweight framework-agnostic library in pure PHP for part-of-speech tagging

N-ai php pos tagger A lightweight framework-agnostic library in pure PHP for part-of-speech tagging. Can be used for chatbots, personal assistants, ke

Staged Payloads from Kali Linux - Part 1,2 of 3
Staged Payloads from Kali Linux - Part 1,2 of 3

PT Phone Home As penetration testers, we often come up with creative methods to deliver and execute our payloads, such as staged payloads. A staged pa

Roach-example-project - Example project to demonstrate how to use RoachPHP in a Laravel project.

Example repository to illustrate how to use roach-php/laravel in a Laravel app. Check app/Spiders/FussballdatenSpider.php for an example spider that c

Get mobile app version and other related data from Google Play Store, Apple App Store and Huawei AppGallery

Mobile App Version Get mobile app version and other related data from Google Play Store, Apple App Store and Huawei AppGallery. Installation Add to co

This is the US hardened version of PHP-Nuke Titanium and is secure and safe
This is the US hardened version of PHP-Nuke Titanium and is secure and safe

This is the US hardened version of PHP-Nuke Titanium and is secure and safe. Built on PHP Version 7.4.30 - Forums - Blogs - Projects - Advanced Site Map - Web Links - Groups - Advanced Theme Support - Downloads - Advertising - Network Advertising - Link Back System - FAQ - Bookmark Vault - Private Virtual Cemetery - Loan Amortization - Image Hosting

Owner
Aristi_Papastavrou
Undergrad of D.I.T at University of Athens (UoA)
Aristi_Papastavrou
A story about SQLinject and a demonstration of some vulnerabilities and tools

Предысловие Если не умру,буду дальше развивать эту тему Идея которая пришла мне в голову,<<А почему бы не рассказать об уязвимостях SQL?>>.Поэтому я б

null 0 Jun 11, 2022
Polonium is a world class old school ✍️ blog website made with Php and Tailwind 🌀

Polonium Polonium is a world class old school ✍️ blog website made with Php and Tailwind ?? to write dump articles about... Yeah I know, you should pr

Youness Idbakkasse 2 Jan 10, 2022
FUGIO: Automatic Exploit Generation for PHP Object Injection Vulnerabilities

FUGIO FUGIO is the first automatic exploit generation (AEG) tool for PHP object injection (POI) vulnerabilities. When exploiting a POI vulnerability,

KAIST Web Security and Privacy Lab 53 Dec 23, 2022
CaraCracha - a captive portal project made for ISPs on my old city

CaraCracha - a captive portal project made for ISPs on my old city, Sobradinho, state of Bahia, Brazil. I found its code recently and hope it could be useful for someone.

Laudivan Freire de Almeida 2 Mar 9, 2022
Applies a patch from a local or remote file to any package that is part of a given composer project.

Applies a patch from a local or remote file to any package that is part of a given composer project. Patches can be defined both on project and on package level in package config or separate JSON file. Declaration-free mode (using embedded info within patch files) is available as well.

Vaimo 245 Dec 15, 2022
The Current US Version of PHP-Nuke Evolution Xtreme v3.0.1b-beta often known as Nuke-Evolution Xtreme. This is a hardened version of PHP-Nuke and is secure and safe. We are currently porting Xtreme over to PHP 8.0.3

2021 Nightly Builds Repository PHP-Nuke Evolution Xtreme Developers TheGhost - Ernest Allen Buffington (Lead Developer) SeaBeast08 - Sebastian Scott B

Ernest Buffington 7 Aug 28, 2022
Version is a library that helps with managing the version number of Git-hosted PHP projects

Version Version is a library that helps with managing the version number of Git-hosted PHP projects. Installation You can add this library as a local,

Sebastian Bergmann 6.3k Dec 26, 2022
Tars is a high-performance RPC framework based on name service and Tars protocol, also integrated administration platform, and implemented hosting-service via flexible schedule.

TARS - A Linux Foundation Project TARS Foundation Official Website TARS Project Official Website WeChat Group: TARS01 WeChat Offical Account: TarsClou

THE TARS FOUNDATION PROJECTS 9.6k Jan 1, 2023
The game is implemented as an example of scalable and high load architecture combined with modern software development practices

Crossword game The game is implemented as an example of scalable and high load architecture combined with modern software development practices Exampl

Roman 56 Oct 27, 2022
This is a port of the original WireGuard UI bits as implemented by Netgate in pfSense 2.5.0 to a package suitable for rapid iteration and more frequent updating on future releases of pfSense.

This is a port of the original WireGuard*** UI bits as implemented by Netgate in pfSense 2.5.0 to a package suitable for sideloading and more frequent updating on future releases of pfSense. This also includes some improvments such as a proper status page (found under Status / WireGuard Status) and improved assigned interface handling.

R. Christian McDonald 195 Dec 23, 2022