Add diagrams ex4 and 5, markdown format ex6 and 7

exercise-4/README.md

@@ -1,14 +1,32 @@
 # Exercise 4 - Persisted XSS
 
-Persisted XSS (Cross-Site Scripting) is a type of web vulnerability where an attacker injects malicious code into a website's database, which is then served to all users who access the affected page. 
+Persisted XSS (Cross-Site Scripting) is a type of web vulnerability where an attacker injects malicious code into a website's database, which is then served to all users who access the affected page.
 
 The main difference between persisted and reflected XSS is that in persisted XSS, the malicious code is stored in the website's database, while in reflected XSS, the code is only temporarily reflected back to the user's browser. This means that persisted XSS can affect many users over an extended period, while reflected XSS is typically limited to individual users who interact with the vulnerable webpage.
 
 Persisted XSS attacks can be especially dangerous because they can persist over long periods of time and affect many users.
 
-## 4.1 - Exploiting the comment section 
+```mermaid
+sequenceDiagram
+    participant Attacker
+    participant Website
+    participant Database
+    participant Victim
 
-Someone has been thoughful and added a comment section, so that there can be an open discussion about the candidates. How nice! 
+    Attacker->>Website: Submit malicious script as input
+    Website->>Database: Store input in database
+    Database-->>Website: Confirm stored data
+    Victim->>Website: Request page with stored data
+    Website->>Database: Fetch stored data
+    Database-->>Website: Return data (including script)
+    Website-->>Victim: Render page with malicious script
+    Victim->>Victim: Executes malicious script (Persisted XSS)
+    Victim->>Attacker: Sends stolen data
+```
+
+## 4.1 - Exploiting the comment section
+
+Someone has been thoughful and added a comment section, so that there can be an open discussion about the candidates. How nice!
 
 :pencil2: Exploit the comment field to inject some javascript code that is run on the voting page.
 
@@ -20,6 +38,7 @@ Someone has been thoughful and added a comment section, so that there can be an
   ```html
 <script>alert("Hacked!")</script>
   ```
+
 </details>
 
 :question: What are the consequences of a persisted XSS vulnerability in a part of our application that is available for multiple users?

exercise-5/README.md

@@ -1,11 +1,29 @@
 # Exercise 5 - Parameter tampering and XSS
 
-Parameter tampering is a type of web vulnerability where an attacker modifies input parameters in a URL or form submission to gain unauthorized access or perform malicious actions on a web application. 
+Parameter tampering is a type of web vulnerability where an attacker modifies input parameters in a URL or form submission to gain unauthorized access or perform malicious actions on a web application.
 
 By altering parameters such as account numbers, transaction amounts, or user IDs, an attacker can manipulate the application to perform actions that were not intended by the application's designers, such as accessing other users' data or bypassing authentication checks.
 
+Combined with persistent XSS, and attacker can subtly change the websites behavior and rewrite URLs on the fly.
+
 Parameter tampering attacks can be prevented by implementing strong input validation and using secure encryption and authentication measures.
 
+```mermaid
+sequenceDiagram
+    participant Attacker
+    participant Website
+    participant Server
+    participant Database
+
+    Attacker->>Website: Access page with parameters (e.g., ?user=123&amount=10)
+    Attacker->>Website: Modify parameters (e.g., ?user=456&amount=1000)
+    Website->>Server: Submit request with tampered parameters
+    Server->>Database: Process request with modified data
+    Database-->>Server: Confirm transaction with tampered parameters
+    Server-->>Website: Response based on tampered data
+    Website-->>Attacker: Confirms successful operation with modified parameters
+```
+
 ## 5.1 - Tampering with the comment field
 
 :pencil2: Open your browsers inspector and look at the comment form. Tamper with parameters, and try to submit a comment on behalf of someone else.
@@ -22,7 +40,6 @@ Parameter tampering attacks can be prevented by implementing strong input valida
   Open Chrome Dev Tools and use the Elements tab to edit the userId input field in the comment form.
 </details>
 
-
 ## 5.2 - How to rig an election
 
 :pencil2: Try to exploit the comment field by submitting a persistent XSS attack that forces the all users to vote for the candidate Eleanor Wheeler.
@@ -37,9 +54,9 @@ Parameter tampering attacks can be prevented by implementing strong input valida
   for(el of document.getElementsByName("candidateId")) { el.setAttribute("value", "2") }
 });</script>
   ```
+
 </details>
 
 :star: Can you hide your tracks using your XSS attack, by having the script remove itself after executing the malicious vote?
 
-
 ### [Go to exercise 6 :arrow_right:](../exercise-6/README.md)

exercise-6/README.md

@@ -1,26 +1,25 @@
 # Exercise 6 - SQL injection continued
 
-In this exercise, we will look at some more complicated examples of SQL injection. 
+In this exercise, we will look at some more complicated examples of SQL injection.
 
 ## 6.1 - Extract the user table schema
 
 :pencil2: Log out and log in using with the following username
 
-```
+```sql
 ' UNION ALL SELECT GROUP_CONCAT(sql) as id FROM sqlite_schema--
 ```
 
-:pencil2: Inspect the source of the voting page. Do you see anything questionable? 
+:pencil2: Inspect the source of the voting page. Do you see anything questionable?
 
 :pencil2: Look at the source code. Try to reason on how we are able to extract table schemas using SQL injection.
 
 :star: Bonus: Can you change the login query to execute some arbitrary SQL to steal information?
 
 ## Get a users password
 
-The developers of this solution has not followed any good practices, and has stored the passwords as clear text! 
-
-:pencil2: Try to use a similar technique as in the previous task to extract a users password. 
+The developers of this solution has not followed any good practices, and has stored the passwords as clear text!
 
+:pencil2: Try to use a similar technique as in the previous task to extract a users password.
 
 ### [Go to exercise 7 :arrow_right:](../exercise-7/README.md)

exercise-7/README.md

@@ -1,6 +1,6 @@
 # Exercise 7 - Bonus exercises
 
-If you have come this far; **great job**! 
+If you have come this far; **great job**!
 
 ## 7.1 - Find new vulnerabilities
 
@@ -14,9 +14,8 @@ Suggestions:
 
 ## 7.2 - Fix vulnerabilities
 
-:pencil2: Open the application and try to fix the vulnerabilties that we have uncovered during the exercises. 
+:pencil2: Open the application and try to fix the vulnerabilties that we have uncovered during the exercises.
 
-:book: Prepared statements in the `sqlite3` library: https://github.com/TryGhost/node-sqlite3/wiki/API#preparesql--param---callback
-
-:book: Example of santizing input in Express.js: https://express-validator.github.io/docs/guides/getting-started/#sanitizing-inputs
+:book: Prepared statements in the `sqlite3` library: <https://github.com/TryGhost/node-sqlite3/wiki/API#preparesql--param---callback>
 
+:book: Example of santizing input in Express.js: <https://express-validator.github.io/docs/guides/getting-started/#sanitizing-inputs>