If you dont know what is OWASP Mutillidae, you can see and download HERE.
Lets begin..
First time i open it, I take my cursor to this URL:
http://127.0.0.1/mutillidae/index.php?page=home.phpIts like using include or require function. Lets test this page manually.
I change the home.php to /etc/passwd.
http://127.0.0.1/mutillidae/index.php?page=/etc/passwdAnd yes, its vulnerable to LFI ( Local File Inclusion ).
1 vulnerable discovered ( LFI )
Next, I am interested to the LOG word. Yes, Its like something I dont know yet, but Its make me curious what is the content inside this page.
http://127.0.0.1/mutillidae/index.php?page=show-log.phpIt got variable page on index file. But I have already discover it and i dont want to test it again. I found a printed text on the page and its our User Agent. I tried to change my User Agent into this :
<script>alert("IS2C Testing XSS")</script>and revisit the page.
Voila, I got Stored XSS!!
2 vulnerable discovered (Stored XSS )
Ok, now i found a login page. sometime login page which is not filtered enough will be vulnerable to XSS or SQLi. Lets try SQLi
I put a single quotes on form input.
And I got this error. Lets pass this attack to SQLmap.
Yes Its vulnerable!!!
3 vulnerable discovered ( SQL Injection )
I will try to do more from SQLi.
I want to check if the user used in this database is an admin. so i can upload shell.
I want to check if the user used in this database is an admin. so i can upload shell.
Nope, I dont have any privilege to upload shell.
Lets try to collect the admin username and password.
Collecting columns inside the accounts table.
Lets dump all the data inside the accounts table.
We got 2 admin rights here.
admin:adminpassLets try to login to the admin page.
adrian:somepassword
There are no upload forms. But its enough for today. :)
Tidak ada komentar:
Posting Komentar