Limited Time OfferFLAT 20% off & $20 bonus sign up. Order Now
Save Time and Improve Grade - Get Professional Help Now!
New! Hire Essay Assignment Writer Online and Get Flat 20% Discount!!Order Now
ISEC4001
AU
Curitn University
Your task is to produce a simple online shop web application that will allow users to buy and sell items (similar to gumtree). The application will involve a simple LAMP based stack which is one of the popular options for PHP based applications. Your website has to both be functional but also contain exploitable vulnerabilities which you must document and demonstrate how to successfully exploit.
There is no set theme regarding your web application, merely that it does what is re- quired. As such you are free to give your application its own name, logo etc. Just have some fun with it!
For this assignment you will be provided with a virtual machine that will already have a LAMP stack setup and ready for you. LAMP is a software stack commonly used for web applications that employ a PHP back-end. LAMP is defined as the following:
L: Linux
A: Apache Web Server M: MYSQL Database P: PHP
As third year students you should be strong enough programmers that learning a new language shouldnt be to much of an obstacle.
The application needs to allow the following features:
1 Create accounts
2 Additions of funds for users 3 Search for items by name
3 Search for items by name
4 Search for items by seller 5 Put item up for purchase
6 Purchase items using funds 7 Disable/lock regular users 8 Remove items up for sale
The application needs to support the following two types of users: 1 Regular user
2 Administrator user
Regular users need to be able to only perform operations 1-6 and administrators need to be able to perform all operations.
Users and items information will be stored in the database and must be edited when operations are done on the website. Your application should not be performing real money transactions. Instead just emulate such transactions with virtual funds. When an item is purchased, the funds are to be transferred from the buyer to the seller.
As noted above, you will be provided a virtual machine already configured for you to host the website on. The machine has the following version details
Linux Ubuntu Server 18.04 Apache 2.4.29
MySQL 14.14
PHP 7.2.19
The machine has been configured with a static IP address of 192.168.56.150 for a host only adapter. This can be changed by editing the configuration file in /etc/netplan/ to have a different address.
Credentials = student:CCSEP2019 (this is for everything)
The VM has also been setup to run a samba server that you can use to access the files from your main device, and also allows remote connection to the mysql database (i suggest using a tool such as MySQL Workbench).
Some extra resources has already been included in the VM for making the website easier to create if you wish to use them. These are:
bootstrap – A set of pre-made styling rules that make things look nice jquery – Makes basic javascript stuff easier
fontawesome – For a collection of glyphs (They’re pretty sweet) webfonts – a folder that fontawesome uses.
While your web application needs to be perform the tasks noted above, it also needs to have vulnerabilities built into it. Note that these vulnerabilities must be apart of your functional implementation and as such a feature that is purely designed to be bad will not be counted as valid. ie. a button that runs ”DROP TABLES”
You are required to have at least 1 vulnerability in the following categories:
Choose 2 more vulnerabilities from the following list to implement.
15,000+ happy customers and counting!