Share
## https://sploitus.com/exploit?id=E1901A15-B34E-5DD1-9A7C-817CEF598442
# Sankofa Digital โ€” Web Application Penetration Test

## Stage 2: Web Application Security

This project documents a paper-based penetration test of Sankofa's `/legacy-admin/` application, proving an attack chain that resulted in the exfiltration of 312 customer records.

---

## ๐Ÿ” Investigation Summary

| Aspect | Details |
| :--- | :--- |
| **Target** | `/legacy-admin/` application |
| **Vulnerabilities Found** | 10 critical and high-severity |
| **Attack Chain** | 5 hops from initial access to exfiltration |
| **Data Exfiltrated** | 312 customer records |

---

## ๐Ÿ“ Repository Structure
๐Ÿ“ sankofa-web-application-penetration-test/
โ”œโ”€โ”€ ๐Ÿ“„ README.md
โ”œโ”€โ”€ ๐Ÿ“„ Findings-Catalogue.docx
โ”œโ”€โ”€ ๐Ÿ“„ Exploit-Chain-Impact.docx
โ”œโ”€โ”€ ๐Ÿ“„ Sankofa-Pentest-Report.docx
โ”œโ”€โ”€ ๐Ÿ“„ Ethics-Stance-Pressure-Call.docx
โ”œโ”€โ”€ ๐Ÿ“ artefacts/
โ”‚ โ”œโ”€โ”€ ๐Ÿ“„ 01-legacy-admin-login.php
โ”‚ โ”œโ”€โ”€ ๐Ÿ“„ 02-attacker-http-capture.txt
โ”‚ โ”œโ”€โ”€ ๐Ÿ“„ 03-legacy-admin-tokens.txt
โ”‚ โ”œโ”€โ”€ ๐Ÿ“„ 04-import-xxe.xml
โ”‚ โ””โ”€โ”€ ๐Ÿ“„ 05-exfil-sample.csv
โ””โ”€โ”€ ๐Ÿ“ certificates/
โ””โ”€โ”€ ๐Ÿ“„ cert-2.txt

---

## ๐Ÿšจ Critical Vulnerabilities

| Finding | CVSS | Impact |
| :--- | :---: | :--- |
| SQL Injection | **9.8** | Complete authentication bypass |
| JWT `alg:none` | **9.1** | Token forgery โ€” any admin account |
| Hardcoded JWT Secret | **9.1** | Token forgery โ€” guessable secret |
| Stored XSS | **8.8** | Session theft โ€” all viewing users |
| XXE | **8.6** | System file read โ€” `/etc/passwd` |
| Path Traversal | **7.5** | System file read |

---

## ๐Ÿ”— Attack Chain

| Hop | Time | Action | Evidence |
| :---: | :--- | :--- | :--- |
| 1 | 02:14:08 | Found login page | HTTP capture |
| 2 | 02:15:31 | SQL injection bypassed login | `admin' OR '1'='1` |
| 3 | 02:18:47 | Planted XSS in comments | Session-stealing script |
| 4 | 02:24:02 | Read system files | `/etc/passwd` via path traversal |
| 5 | 02:16:04 | Stole 312 customer records | Exfil sample CSV |

---

## ๐Ÿ› ๏ธ Tools Used

- Burp Suite
- OWASP Top 10
- CVSS 3.1

---

## ๐Ÿ“ Remediation Priority

| Rank | Finding | Fix | Effort |
| :---: | :--- | :--- | :---: |
| 1 | SQL Injection | Parameterize login query | 2 hours |
| 2 | JWT `alg:none` | Remove acceptance; require valid signatures | 1 hour |
| 3 | Hardcoded JWT Secret | Rotate secret; move to environment variable | 1 hour |
| 4 | No JWT Expiration | Add `exp` claim with 1-hour expiry | 2 hours |

---

## ๐Ÿ“Š Business Impact

| Metric | Value |
| :--- | :--- |
| Customer Records Exfiltrated | **312** |
| Exposed Customer Balances | **โ‚ฆ84,240,000** |
| NDPC Fine Exposure | **โ‚ฆ250,000,000** |

---

## ๐Ÿ“œ Certificates

![Certificate](certificates/your-certificate-image.png)

---

## ๐Ÿ‘จโ€๐Ÿ’ป Author

**Olaniyan Sodiq Abiodun** (UBI-2026-0085)

Ubuntu Bridge Initiatives Cybersecurity Internship (2026)

---

## ๐Ÿ”— Connect

- [LinkedIn](https://www.linkedin.com/in/olaniyan-sodiq)
- [GitHub](https://github.com/Olaniyansodiq1234)

---

## ๐Ÿ“… Last Updated

July 2026