Removing Dup Cheat Sheet Entry

OWASP · May 15, 2015 · 86ff6af · 86ff6af
1 parent 80ec826
commit 86ff6af
Showing 1 changed file with 0 additions and 1 deletion.
diff --git a/SecurityShepherdCore/database/coreSchema.sql b/SecurityShepherdCore/database/coreSchema.sql
@@ -1455,7 +1455,6 @@ CALL cheatsheetCreate('2ab09c0c18470ae5f87d219d019a1f603e66f944', "The key is st
 CALL cheatsheetCreate('f16bf2ab1c1bf400d36330f91e9ac6045edcd003', "The key is stored in the source code of the App, get dex2jar and use it to turn the apk to a jar file, then open the jat. The key is present within a conditional statement in the class called Triangle.");
 CALL cheatsheetCreate('9e46e3c8bde42dc16b9131c0547eedbf265e8f16', "The key is not present in the code, however a check for the key is. This can be reverse engineered and the code extracted and run as a java class. Running this java class after changing the check to print the key will reveal it.");
 CALL cheatsheetCreate('1506f22cd73d14d8a73e0ee32006f35d4f234799', 'Logs are stored insecurely on the App. These contain the key. The logs can be found in a directory called \"files\" within the app package in the data/data directory. Every time the app is interacted with, new logs are generated. ');
-CALL cheatsheetCreate('831cea34ab83d523cf04cf2d3fc1b908361fa42f', 'Logs, however this time the user has revealed the answers to their secret questions in order to reset the password. Investigate the logs, get the secret questions and reset the password to login. The answers are \"Chicken\" and \"Meade\". Once logged in, the key will be revealed.');
 CALL cheatSheetCreate('ed732e695b85baca21d80966306a9ab5ec37477f', "In this challenge you must craft a HTTP request to reset an admin accounts password. The HTTP request is described in the javascript contained in the challenge page (The last function in the script). The token value in this request must be a base 64 encoded date time value such as the following;<br><br> <b>Thu Aug 28 18:48:10 BST 2014</b><br><br> The token value must be less than 10 minutes from the servers time.");
 CALL cheatSheetCreate('cfbf7b915ee56508ad46ab79878f37fd9afe0d27', "To complete this challenge a user must craft a CSRF attack that sends a POST request, to the request described in the challenge write up, with their CSRF token. This CSRF Token will work on any user.");
 CALL cheatSheetCreate('9294ba32bdbd680e3260a0315cd98bf6ce8b69bd', "The first step in completing this challenge is to get an admin user's email address. Try to sign in as 'root' or 'superuser' to get one. To complete this challenge a user must use SQL Injection in the email Parameter in the GET request to the SecretQuestion servlet. The following email submission will achieve the response of the users secret answer (This example is URL Encoded)<br><br/>&quot;UNION+SELECT+secretAnswer+FROM+users+WHERE+userName=&quot;<b>root</b><br><br>You can then use this answer along with a user email address to complete the level.");