Write Peer Response:
Hello class,
The three web server vulnerabilities I saw were SQL Injection, Cross Site Scripting, and Insecure Direct Object References.
SQL Injection: This type of vulnerability allows an attacker to alter back end SQL statements through the manipulation of user supplied data. Because it tricks the interpreter, an attacker can make it execute unintended commands and access unauthorized data. Additionally, this type of attack can expose the back end database. The objects vulnerable to this type of attack are input fields and interacting URLs.
Cross Site Scripting: This attack, also known as XSS, targets scripts embedded in a page that are executed on the client side. This is possible when the application takes untrusted data and sends it to the web browser without proper validation. This enables the attacker to execute malicious scripts on the browser which can then hijack the session, or redirect the user to another malicious site.
Insecure Direct Object References: This type of attack happens when a developer exposes a reference to an internal implementation object in the URL or as a FORM parameter. The attacker can then use this information to access other objects which basically opens access to potentially unauthorized data. I personally have messed around with this (Not in a malitious way) by putting in common terms at the end of a URL such as /files or /admin. Its rare to find sites with this open, but the are out there. Another way is to use /robots.txt to see if they happen to have a URL directory on there.
-Rafael