RPI Labs: OWASP Mutillidae II
-
OWASP 2017
- A1 - Injection (SQL)
-
A1 - Injection (Other)
- Application Log Injection
- Buffer Overflow
- Cascading Style Injection
- CBC-bit Flipping
- Command Injection
- Frame Source Injection
-
HTML Injection (HTMLi)
- Add to your blog
- Browser Info
- DNS Lookup
- Echo Message
- Echo Message (CORS)
- Echo Message (CSP)
- Test Connectivity to Server
- Pen Test Tool Lookup
- Text File Viewer
- User Info (SQL)
- User Info (XPath)
- Set Background Color
- HTML5 Web Storage
- Capture Data Page
- View Captured Data
- Document Viewer
- Arbitrary File Inclusion
- Poll Question
- Register User
- Login
- Those "Back" Buttons
- Styling with Mutilidae
- Password Generator
- HTMLi via HTTP Headers
- HTMLi Via DOM Injection
- HTMLi Via Cookie Injection
- HTTP Parameter Pollution
- JavaScript Injection
- JavaScript Object Notation (JSON) Injection
- LDAP Injection
- Parameter Addition
- XML External Entity Injection
- XML Entity Expansion
- XML Injection
- XPath Injection
- A2 - Broken Authentication and Session Management
- A3 - Sensitive Data Exposure
- A4 - XML External Entities
- A5 - Broken Access Control
- A6 - Security Misconfiguration
-
A7 - Cross Site Scripting (XSS)
-
Reflected (First Order)
- DNS Lookup
- Echo Message
- Echo Message (CORS)
- Echo Message (CSP)
- Test Connectivity to Server
- Pen Test Tool Lookup
- Text File Viewer
- User Info (SQL)
- Set Background Color
- HTML5 Web Storage
- Capture Data Page
- Document Viewer
- Arbitrary File Inclusion
- XML Validator
- User Info (XPath)
- Poll Question
- Register User
- Browser Info
- Those "Back" Buttons
- Styling with Mutilidae
- Password Generator
- Client-side Control Challenge
- Persistent (Second Order)
- DOM-Based
- Cross Site Request Forgery (CSRF)
- Via "Input" (GET/POST)
- Via HTTP Headers
- Via HTTP Attribute
- Via Misconfiguration
- Against HTML5 Web Storage
- Against JSON
- Via Cookie Injection
- Via XML Injection
- Via XPath Injection
- Via Path Relative Style Sheet Injection
-
BeeF Framework Targets
- Add to your blog
- View someone's blog
- Show Log
- DNS Lookup
- Echo Message
- Echo Message (CORS)
- Echo Message (CSP)
- Test Connectivity to Server
- Pen Test Tool Lookup
- Text File Viewer
- User Info (SQL)
- Set Background Color
- HTML5 Web Storage
- Capture Data Page
- Document Viewer
- Arbitrary File Inclusion
- XML Validator
- User Info (XPath)
- Poll Question
- Register User
- Password Generator
-
Reflected (First Order)
- A8 - Insecure Deserialization
- A9 - Using Components with Known Vulnerabilities
- A10 - Insufficient Logging and Monitoring
- OWASP 2010
- Web Services
- Others
-
Labs
- How the Web Works
- SQL Injection
- Command Injection
- Lightweight Directory Access Protocol (LDAP) Injection
- Insecure Direct Object Referece (IDOR)
- Open Redirect
- Cross-site Scripting (XSS)
- Cross-site Request Forgery (CSRF)
- HTML5 Web Storage
- Session Management
- Cookie Management
- Password Management
- Input Validation
- Error Handling
- Logging
- Server Configuration
- Content Security Policy (CSP)
- JSON Web Token (JWT) Security
- Cross-origin Resource Sharing (CORS)
- Software Composition Analysis (SCA)
- Resources
Capture Data
Back
Help Me!
Hints and Videos
| Data Capture Page |
| This page is designed to capture any parameters sent and store them in a file and a database table. It loops through the POST and GET parameters and records them to a file named captured-data.txt. On this system, the file should be found at /tmp/captured-data.txt. The page also tries to store the captured data in a database table named captured_data and logs the captured data. There is another page named captured-data.php that attempts to list the contents of this table. |
| The data captured on this request is: page = capture-data.php fikker-61vm-nk2N = MgPGRI6oXLV7DSLWJk4y6wNi63F1ZE0E |
|---|
| Would it be possible to hack the hacker? Assume the hacker will view the captured requests with a web browser. |
PHP Version: 8.1.27