Fixed item numbering.
This commit is contained in:
parent
dadda68b9b
commit
965c74706b
|
@ -32,10 +32,10 @@ Brakeman will report two possible cross-site scripting vulnerabilities *in DVGM
|
|||
itself*. We will look more closely at the one that possibly affects logged-in
|
||||
lecturers.
|
||||
|
||||
1. In which file and line is the possible XSS vulnerability located?
|
||||
2. What action in what part of the app triggers the flagged line?
|
||||
3. Is the vulnerability exploitable? If yes, write an exploit and test it.
|
||||
4. If it is exploitable, how would a possible fix look like? Try the fix by
|
||||
5. In which file and line is the possible XSS vulnerability located?
|
||||
6. What action in what part of the app triggers the flagged line?
|
||||
7. Is the vulnerability exploitable? If yes, write an exploit and test it.
|
||||
8. If it is exploitable, how would a possible fix look like? Try the fix by
|
||||
changing the source code of DVGM (the changes are automatically picked up).
|
||||
See if your exploit still works. Do not forget to revert all changes afterwards,
|
||||
as we will also use other tools.
|
||||
|
@ -45,5 +45,5 @@ lecturers.
|
|||
Brakeman will also report (at least) two possible Cross-Site Scripting
|
||||
vulnerabilities in dependencies.
|
||||
|
||||
1. Which dependencies are affected?
|
||||
2. Is DVGM likely to be affected by the reported CVEs?
|
||||
9. Which dependencies are affected?
|
||||
10. Is DVGM likely to be affected by the reported CVEs?
|
||||
|
|
Loading…
Reference in New Issue