A website contains the following code which sends a message, user name and password to a server 1 c form action message php method get 2 c p Message input type text name message p 3 c p Username input type text name user p 4 c p Password input type text name pass p 5 c p input type submit p and on the server the message php page processes this data 1 s php 2 s $user $ REQUEST user 3 s $pass $ REQUEST pass 4 s $message $ REQUEST message 5 s $result mysqli multi query ( $con, UPDATE messages SET 6 s message $message WHERE user $user ) 7 s $row mysqli fetch array ( $result ) 8 s if ( empty ( $row ) ) 9 s echo Your message $message has been added 1 0 s 1 1 s Describe four security weaknesses in this website, how they might be exploited and rank them in order of severity 8 marks

The Answer is in the image, click to view ...

Question: A website contains the following code which sends a message, user name and password to a server: 1 c form action = message . php

A website contains the following code which sends a message, user name and password to a server:

1

form action

=

message

.

php

method

=

get

2

Message:

input type

=

text

name

=

message

/ /

3

Username:

input type

=

text

name

=

user

/ /

4

Password:

input type

=

text

name

=

pass

/ /

5

input type

=

submit

/ /

and on the server the message.php page processes this data:

1

?

php

2

s $user

=

REQUEST

[

user

]

;

3

s $pass

=

REQUEST

[

pass

]

;

4

s $message

=

REQUEST

[

message

]

;

5

s $result

=

mysqli

multi

query

(

$con,

UPDATE messages SET

6

s message

= .

$message.

WHERE user

= .

$user.

)

;

7

s $row

=

mysqli

fetch

array

(

$result

)

;

8

s if

(!

empty

(

$row

)) 9

s echo

Your message:

.

$message.

has been added

;

10

11

?

Describe four security weaknesses in this website, how they might be exploited and rank them in order of severity.

[8

marks

]

Step by Step Solution

There are 3 Steps involved in it

1 Expert Approved Answer

Step: 1 Unlock blur-text-image

Question Has Been Solved by an Expert!

Get step-by-step solutions from verified subject matter experts

Step: 2 Unlock

Step: 3 Unlock

Students Have Also Explored These Related Databases Questions!

i want help with my project , here is my project , can you write the part of ( add Task and Search ) plzz in web ... plzz asab and precisely IMPORTANT NOTES - You should not in any case use any...

QUESTION 1 An HTML form tag should contain _____ attribute which gives the path to the page on the web server that will process form data submitted by the user. an action a method a name a size 4...

HTML/JS/PHP I have created a contact form for my website. I have JS code that loops through the information submitted and if all correct sends it to PHP to make connection. If it is all correct I am...

Basic Content You will copy the existing ( " sessions " ) project and paste it into a NEW folder called "hashbrown". Modify the newly copied version as described below: Create a brand new table...

In public key encryption a server can publish a public key KS, any browser can then send a message M containing private information to it that has been encrypted using KS:[M]KS. This is essentially a...

PHP ASSIGNMENT #2Part 1: Create a simple form for logging in You can use additional framework like Bootstrap Create a form with action and method attributes. Between form tags, you should add 2...

php Part 1: Create a simple form for logging in - You can use additional framework like Bootstrap 1. Create a form with action and method attributes 2. Between form tags, you should add 2 fields -...

So iv uploaded this before and got a answer and i was going over what the person had given to me but then the post just vanished. So onece again this is a PHP server side code that im trying to setup...

La b Assignments for Chapter 2 We have created six lab assignments for this chapter: Lab2-1 to Lab2-6. We have also included six lab-report sheets, which means that each lab assignment needs to be...

Create a web application called MyLogin . Add two servlets to this application. LoginServlet : Handles all authentication and creation/destruction of sessions. doGet() displays a login form...

John and Lucy Miegel (dates of birth: December 18, 1971 and September 14, 1971, respectively) are married with three children: Jason, MaryJane and Sally (dates of birth: July 22, 2000, June 6, 2002...

The main purpose of the Bank of Canada is to Select one: a. bail out banks like the Northland and CCB. b. deregulate the banking industry. C. assist in the merger of troubled banks with healthier...

Chen, Korhonen, Lebuca, and Swid are partners who share profits and losses on a \ ( 4 : 3 : 2 \ cdot 1 \ ) basis, respectively. They are beginning to liquidate the business. At the start of this...

A random sample of 43 biology students in a science program are selected for a study. Of those selected, only 27 passed the mid term exam. At the 5% significance level, is there sufficient evidence...

3. Visit the Center for Communication and Civic Engagement, which can be accessed by going to the books online resources for this chapter and clicking on WebLink 1.7. At this site, youll fi nd...

1. What would you say next to Toya? How would you meet your ethical responsibilities as her mentor and also adapt to her need for reassurance? Apply what youve learned in this chapter by analyzing...

4. Survey the last three editions of your campus newspaper for announcements of opportunities for community service and civic engagement. Can you identify one that interests you? If so, use the...