From 965c74706bc56f5eab974b08b9d5dd62f9d991ee Mon Sep 17 00:00:00 2001 From: "Achim D. Brucker" Date: Tue, 28 Aug 2018 00:11:38 +0100 Subject: [PATCH] Fixed item numbering. --- doc/exercises/01-static-analysis-with-breakman.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/doc/exercises/01-static-analysis-with-breakman.md b/doc/exercises/01-static-analysis-with-breakman.md index 500c4c8..7f3608a 100644 --- a/doc/exercises/01-static-analysis-with-breakman.md +++ b/doc/exercises/01-static-analysis-with-breakman.md @@ -32,10 +32,10 @@ Brakeman will report two possible cross-site scripting vulnerabilities *in DVGM itself*. We will look more closely at the one that possibly affects logged-in lecturers. -1. In which file and line is the possible XSS vulnerability located? -2. What action in what part of the app triggers the flagged line? -3. Is the vulnerability exploitable? If yes, write an exploit and test it. -4. If it is exploitable, how would a possible fix look like? Try the fix by +5. In which file and line is the possible XSS vulnerability located? +6. What action in what part of the app triggers the flagged line? +7. Is the vulnerability exploitable? If yes, write an exploit and test it. +8. If it is exploitable, how would a possible fix look like? Try the fix by changing the source code of DVGM (the changes are automatically picked up). See if your exploit still works. Do not forget to revert all changes afterwards, as we will also use other tools. @@ -45,5 +45,5 @@ lecturers. Brakeman will also report (at least) two possible Cross-Site Scripting vulnerabilities in dependencies. -1. Which dependencies are affected? -2. Is DVGM likely to be affected by the reported CVEs? + 9. Which dependencies are affected? +10. Is DVGM likely to be affected by the reported CVEs?