Pentesting : Vulnerable Web Application (OWASP)
What is Vulnerable-Web-Application?
Vulnerable-Web-Application is a website that is prepared for people who are interested in web penetration and who want to have information about this subject or to be working. In fact, the website is quite simple to install and use.
Vulnerable-Web-Application categorically includes Command Execution, File Inclusion, File Upload, SQL and XSS. For database-requiring categories, it creates a database under localhost with one button during setup. In case of corrupted or changed databases, you can create a database again.
Download File?
Download Vulnerable Web Application (OWASP) on "https://github.com/OWASP/Vulnerable-Web-Application" or click "OWASP/Vulnerable-Web-Application: OWASP Vulnerable Web Application Project https://github.com/hummingbirdscyber"
Main Page
Vuln Action:
1. SQL Injection
SQL Injection level 1
Note:
In the case of an injection using ' or '1'='1, the first condition is the condition that is validated by the web application. This condition is usually a username or password. The second condition is the condition that is added by the attacker. In this case, the second condition is 1=1.
Because 1=1 always evaluates to true, the overall condition will also evaluate to true. This causes the web application to believe that the condition that is validated by the web application also evaluates to true, even though it actually does not.
For example, if a web application has a login page that requires users to enter a username and password, an attacker can enter the following injection:
username=admin' or '1'='1
SQL Injection level 2
In here, we use Burpsuite Software for scanning
And we found 1 vulnerable, and we used Sqlmap to look for that Vuln
sqlmap tool
and finally we get the database with the parameter number
There is another way to get another vuln like this;
I will copy that result and change into the file to injection with sqlmap to get more vuln
No comments:
Post a Comment