RPI Labs: OWASP Mutillidae II
-
OWASP 2017
- A1 - Injection (SQL)
-
A1 - Injection (Other)
- Application Log Injection
- Buffer Overflow
- Cascading Style Injection
- CBC-bit Flipping
- Command Injection
- Frame Source Injection
-
HTML Injection (HTMLi)
- Add to your blog
- Browser Info
- DNS Lookup
- Echo Message
- Echo Message (CORS)
- Echo Message (CSP)
- Test Connectivity to Server
- Pen Test Tool Lookup
- Text File Viewer
- User Info (SQL)
- User Info (XPath)
- Set Background Color
- HTML5 Web Storage
- Capture Data Page
- View Captured Data
- Document Viewer
- Arbitrary File Inclusion
- Poll Question
- Register User
- Login
- Those "Back" Buttons
- Styling with Mutilidae
- Password Generator
- HTMLi via HTTP Headers
- HTMLi Via DOM Injection
- HTMLi Via Cookie Injection
- HTTP Parameter Pollution
- JavaScript Injection
- JavaScript Object Notation (JSON) Injection
- LDAP Injection
- Parameter Addition
- XML External Entity Injection
- XML Entity Expansion
- XML Injection
- XPath Injection
- A2 - Broken Authentication and Session Management
- A3 - Sensitive Data Exposure
- A4 - XML External Entities
- A5 - Broken Access Control
- A6 - Security Misconfiguration
-
A7 - Cross Site Scripting (XSS)
-
Reflected (First Order)
- DNS Lookup
- Echo Message
- Echo Message (CORS)
- Echo Message (CSP)
- Test Connectivity to Server
- Pen Test Tool Lookup
- Text File Viewer
- User Info (SQL)
- Set Background Color
- HTML5 Web Storage
- Capture Data Page
- Document Viewer
- Arbitrary File Inclusion
- XML Validator
- User Info (XPath)
- Poll Question
- Register User
- Browser Info
- Those "Back" Buttons
- Styling with Mutilidae
- Password Generator
- Client-side Control Challenge
- Persistent (Second Order)
- DOM-Based
- Cross Site Request Forgery (CSRF)
- Via "Input" (GET/POST)
- Via HTTP Headers
- Via HTTP Attribute
- Via Misconfiguration
- Against HTML5 Web Storage
- Against JSON
- Via Cookie Injection
- Via XML Injection
- Via XPath Injection
- Via Path Relative Style Sheet Injection
-
BeeF Framework Targets
- Add to your blog
- View someone's blog
- Show Log
- DNS Lookup
- Echo Message
- Echo Message (CORS)
- Echo Message (CSP)
- Test Connectivity to Server
- Pen Test Tool Lookup
- Text File Viewer
- User Info (SQL)
- Set Background Color
- HTML5 Web Storage
- Capture Data Page
- Document Viewer
- Arbitrary File Inclusion
- XML Validator
- User Info (XPath)
- Poll Question
- Register User
- Password Generator
-
Reflected (First Order)
- A8 - Insecure Deserialization
- A9 - Using Components with Known Vulnerabilities
- A10 - Insufficient Logging and Monitoring
- OWASP 2010
- Web Services
- Others
-
Labs
- How the Web Works
- SQL Injection
- Command Injection
- Lightweight Directory Access Protocol (LDAP) Injection
- Insecure Direct Object Referece (IDOR)
- Open Redirect
- Cross-site Scripting (XSS)
- Cross-site Request Forgery (CSRF)
- HTML5 Web Storage
- Session Management
- Cookie Management
- Password Management
- Input Validation
- Error Handling
- Logging
- Server Configuration
- Content Security Policy (CSP)
- JSON Web Token (JWT) Security
- Cross-origin Resource Sharing (CORS)
- Software Composition Analysis (SCA)
- Resources
Privilege Escalation
Back
Help Me!
Hints and Videos
|
No Hints Found
|
|
Sorry. No hints found for this page |
| Privilege Escalation |
| Cookies |
|
Some sites keep authentication and/or authorization tokens in the
user-agent (i.e. browser, phone, tablet). This gives the user (and XSS)
large amounts of control over these tokens.
For privilege escalation via cookies, alter the cookie values and monitor the effect. Also, regsiter for two (or more) accounts, log into both, and note any differences between the respective cookies. |
| SQL Injection |
| Login pages can be vulnerable to SQL injection such that a password or possibly a username is required to authenticate. |
| Brute Force |
| THC Hydra (http://www.thc.org/thc-hydra) and Burp Suite can be used to guess usernames and passwords quickly. Both tools can attempt to log into sites and report the result. |
| Secret Adminnistrative Pages |
| Built in pages can sometimes be accessed without a login or using privilege escalation. These pages can grant administrative authority to create other admin accounts. |
PHP Version: 8.1.27