Question 1 You review a PHP application that interacts with an MySQL database server. (a) You come across the following piece of code, where pw contains the password as entered by the user in a web form and the variable score contains an integer, and is set based on calculations done in the PHP script. 1 $scoreDir= ”/var/www/scores”; 2 $user = $˙GET[”user”]; 3 $pw = $˙GET[”pw”]; 4 $result = mysqli˙query(”SELECT * FROM users WHERE user = ’$user’ 5 AND password = ’$pw’”); 6 if ($mysqli˙num˙rows($result) ¿ 0) – 7 // Logic successful 8 // calculate score and store result in $score 9 system (”echo $score ¿ $scoreDir/$user.txt”); 10 echo ”New score $score added”; 11 ˝ Which vulnerabilities are present in this code? Explain how these vulnerabilities can be exploited. 7 marks Explain why the way the passwords are stored in the database is very bad practice, and describe a way to securely store the passwords in the database. 6 marks You inspect the server and find that some security-critical settings have been disabled through the admin web interface. There is a well-known URL that could lead to this if invoked by a user with admin rights. The administrator recalls that they have visited some potentially malicious websites, but are pretty sure that no actual malware has been installed. Is there still a way that these modifications could have been made by the malicious website? Explain your answer. [7 marks]
Welcome to Legit Writing
