Burp Suite

Question 1.    
You try 'admin' for username and 'password' for password. It gives an error. What type of attack are you attempting?

Question 2.    
After several tries, you successfully log in using "testuser" and "testpass". You notice the URL in the browser has a parameter like id=123. Changing that number to id=456 shows another user's ticket information. What vulnerability is likely present?

Question 3.     
In the new ticket submission form, you enter the following in the description field: <script>alert('XSS')</script>. Upon submitting the ticket and viewing it, you get an alert box. What type of vulnerability did you exploit?

Question 4.    
In the profile edit page, there is a field to change your email address. You enter the following: [email protected]' --. The application returns an error related to the database. What type of attack did you attempt?

Question 5.     
When examining the cookies, you notice a cookie called "sessionid" with a long string of characters. What attack involves trying to guess or predict session IDs to gain unauthorized access?

Question 6.     
In the login form, you enter "admin" for the username and "password' OR '1'='1" for the password. You successfully log in as admin. What type of injection is this?

Question 7.    
When you view the page source you find a comment <!-- Database password = P@$$wOrd123 --> What type of insecure storage is this?

Question 8.     
On the ticket creation page, you upload a file named "malware.php". The application accepts the file without validation. What vulnerability did you exploit?

Question 9.    
What is the OWASP's list of the ten most critical web application security risks called?

Question 10.    
You use a tool to automatically scan the application and it reports that several libraries being used by the web application have known exploits. What is this type of vulnerability known as?