amitab / cse545-ss Goto Github PK

Vulnerable module: org.yaml:snakeyaml
Introduced through: org.springframework.boot:[email protected], org.springframework.boot:[email protected] and others
Exploit maturity: No known exploit
Fixed in: 1.26

Overview
org.yaml:snakeyaml is a YAML 1.1 parser and emitter for Java.

Affected versions of this package are vulnerable to Denial of Service (DoS). The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.

Note: While the Maintainer acknowledges the existence of the issue, they believe it should be solved by sanitizing the inputStream to the parser

• Include virtual keyboard on OTP page for forgot password;
• disable right clicks, back button and ctrl/cmd shortcuts

Vulnerable module: javax.servlet:jstl
Introduced through: javax.servlet:[email protected]
Exploit maturity: No known exploit

Detailed paths

• Introduced through: bankApp:[email protected] › javax.servlet:[email protected]
• Remediation: No remediation path available.

Overview
javax.servlet:jstl is a collection of useful JSP tags which encapsulates the core functionality common to many JSP applications.

Affected versions of this package are vulnerable to XML External Entity (XXE) Injection. The package allows processing of untrusted XML documents to utilize external entity references, which could access resources on the host system and, potentially, allow arbitrary code execution.

The server is currently not configured to access static resources. Including css/js files in web pages causes an authentication failure.

1. /Download should download all rows from the transaction for a user
   The username should be taken from the session's security context

2. /Update should be renamed to /EmployeeUpdate or something, since it may clash with `/UserUpdate, unless we use the same controller for updating both

3. Uncomment code for /Update.

4. /ChangeValue can update any user, so maybe rename the controller from EmployeeController to UserController or something
   Also,/ChangeValue sounds like you're changing just one value.

5. Remove URLs from permitAll()

6. Remove all those spaces in between lines :D

The username field in the login page is case-insensitive. Let's change it to be case sensitive.

Change error page such that we don't give away any information.

Keep it as vague as possible.

When the Tier 1 employee issues a Cashier Cheque, it's generated successfully but the Cheque Number/ ID isn't shown on dashboard. Add that.

The Approve/ Decline transaction page for Tier 2 employee lists transactions <1000$ as well. This shouldn't be the case.