RPI Labs: OWASP Mutillidae II
-
OWASP 2017
- A1 - Injection (SQL)
-
A1 - Injection (Other)
- Application Log Injection
- Buffer Overflow
- Cascading Style Injection
- CBC-bit Flipping
- Command Injection
- Frame Source Injection
-
HTML Injection (HTMLi)
- Add to your blog
- Browser Info
- DNS Lookup
- Echo Message
- Echo Message (CORS)
- Echo Message (CSP)
- Test Connectivity to Server
- Pen Test Tool Lookup
- Text File Viewer
- User Info (SQL)
- User Info (XPath)
- Set Background Color
- HTML5 Web Storage
- Capture Data Page
- View Captured Data
- Document Viewer
- Arbitrary File Inclusion
- Poll Question
- Register User
- Login
- Those "Back" Buttons
- Styling with Mutilidae
- Password Generator
- HTMLi via HTTP Headers
- HTMLi Via DOM Injection
- HTMLi Via Cookie Injection
- HTTP Parameter Pollution
- JavaScript Injection
- JavaScript Object Notation (JSON) Injection
- LDAP Injection
- Parameter Addition
- XML External Entity Injection
- XML Entity Expansion
- XML Injection
- XPath Injection
- A2 - Broken Authentication and Session Management
- A3 - Sensitive Data Exposure
- A4 - XML External Entities
- A5 - Broken Access Control
- A6 - Security Misconfiguration
-
A7 - Cross Site Scripting (XSS)
-
Reflected (First Order)
- DNS Lookup
- Echo Message
- Echo Message (CORS)
- Echo Message (CSP)
- Test Connectivity to Server
- Pen Test Tool Lookup
- Text File Viewer
- User Info (SQL)
- Set Background Color
- HTML5 Web Storage
- Capture Data Page
- Document Viewer
- Arbitrary File Inclusion
- XML Validator
- User Info (XPath)
- Poll Question
- Register User
- Browser Info
- Those "Back" Buttons
- Styling with Mutilidae
- Password Generator
- Client-side Control Challenge
- Persistent (Second Order)
- DOM-Based
- Cross Site Request Forgery (CSRF)
- Via "Input" (GET/POST)
- Via HTTP Headers
- Via HTTP Attribute
- Via Misconfiguration
- Against HTML5 Web Storage
- Against JSON
- Via Cookie Injection
- Via XML Injection
- Via XPath Injection
- Via Path Relative Style Sheet Injection
-
BeeF Framework Targets
- Add to your blog
- View someone's blog
- Show Log
- DNS Lookup
- Echo Message
- Echo Message (CORS)
- Echo Message (CSP)
- Test Connectivity to Server
- Pen Test Tool Lookup
- Text File Viewer
- User Info (SQL)
- Set Background Color
- HTML5 Web Storage
- Capture Data Page
- Document Viewer
- Arbitrary File Inclusion
- XML Validator
- User Info (XPath)
- Poll Question
- Register User
- Password Generator
-
Reflected (First Order)
- A8 - Insecure Deserialization
- A9 - Using Components with Known Vulnerabilities
- A10 - Insufficient Logging and Monitoring
- OWASP 2010
- Web Services
- Others
-
Labs
- How the Web Works
- SQL Injection
- Command Injection
- Lightweight Directory Access Protocol (LDAP) Injection
- Insecure Direct Object Referece (IDOR)
- Open Redirect
- Cross-site Scripting (XSS)
- Cross-site Request Forgery (CSRF)
- HTML5 Web Storage
- Session Management
- Cookie Management
- Password Management
- Input Validation
- Error Handling
- Logging
- Server Configuration
- Content Security Policy (CSP)
- JSON Web Token (JWT) Security
- Cross-origin Resource Sharing (CORS)
- Software Composition Analysis (SCA)
- Resources
Secret Administrative Pages
Back
Help Me!
Hints and Videos
| "Secret" administrative or configuration pages |
| Showing server configurations on pages allowed through the firewall is a bad idea. "Hiding" pages by not linking to them so you believe you are the only one who knows the URL doesnt work. There are tools to brute force the URL, shoulder surfing, log history, browser history, router-firewall-proxy history, scanners, guessing and other methods can get these URLs. or admin functions, create a second site inside the firewall to segregate these pages from the Internet facing site. |
| I wonder what clever name the server admin would give to a PHP page that shows server configuration information? Hint: What is the function in PHP that dumps server configuration information into a nice table? Enable hints if you need more help. |
PHP Version: 8.1.27