Занятие 3. Основные атаки и паттерны

# Занятие 3. Основные атаки и паттерны ### SQL-injection ![](https://i.imgur.com/bcSbWog.png) смог провести SQL-injection ![](https://i.imgur.com/8ugJMGE.png) ![](https://i.imgur.com/fQZoIlM.png) атака url SQL-injection ![](https://i.imgur.com/5f5Vu5U.png) добавим '+OR+1=1-- к category ![](https://i.imgur.com/YvgeDvm.png) Lab: SQL injection UNION attack, retrieving data from other tables ![](https://i.imgur.com/sOD1cqp.png) ![](https://i.imgur.com/bygUCIt.png) ![](https://i.imgur.com/UhLLPb3.png) Lab: SQL injection attack, querying the database type and version on MySQL and Microsoft ![](https://i.imgur.com/3A3QkOC.png) ![](https://i.imgur.com/4LCn9pC.png) ![](https://i.imgur.com/dgoiy5v.png) XSS уязвимости: ![](https://i.imgur.com/QgPW95W.png) ![](https://i.imgur.com/GQUR5Ge.png) 2 лаба ![](https://i.imgur.com/vYXX4jE.png) ![](https://i.imgur.com/M25LnLl.png) 3 лаба ![](https://i.imgur.com/kZzMFQt.png) ![](https://i.imgur.com/SwFOdzu.png) 4 лаба ![](https://i.imgur.com/ztW3okq.png) ![](https://i.imgur.com/XX9qpTE.png) чтобы защититься от этой атаки можно использовать функцию String(value) и тогда все будет str CSRF: ![](https://i.imgur.com/9zZNPDg.png) ![](https://i.imgur.com/DUy8sJ2.png) ![](https://i.imgur.com/HE7m1Fn.png) ![](https://i.imgur.com/Trxe0bR.png) ![](https://i.imgur.com/dlyvCAo.png) Lab: CSRF where token validation depends on request method ![](https://i.imgur.com/5v3KXY6.png) ![](https://i.imgur.com/UIHkc60.png) SSRF: лаба 1 ![](https://i.imgur.com/awEzKOF.png) ![](https://i.imgur.com/c7TZmnT.png) ![](https://i.imgur.com/yw92upV.png) ![](https://i.imgur.com/N2RjUva.png) ![](https://i.imgur.com/S8NcZZ5.png) ![](https://i.imgur.com/Uduk2K4.png) Lab: SSRF with filter bypass via open redirection vulnerability ![](https://i.imgur.com/h3vuLrI.png) ![](https://i.imgur.com/oEVboLo.png) лаба получилась ![](https://i.imgur.com/DdJ8QYJ.png) RCE ![](https://i.imgur.com/eYgl3HH.png) ![](https://i.imgur.com/TolIHzz.png) ![](https://i.imgur.com/OVFYCPx.png) лаба получилась ![](https://i.imgur.com/1qaJf0C.png) Path traversal Lab: File path traversal, simple case ![](https://i.imgur.com/hAQ5cvM.png) ![](https://i.imgur.com/2Fhzy8z.png) ![](https://i.imgur.com/a5eS3aG.png) ![](https://i.imgur.com/PMfXnWV.png) лаба выполнилась ![](https://i.imgur.com/QWBbUYJ.png) Lab: File path traversal, traversal sequences blocked with absolute path bypass ![](https://i.imgur.com/f7TN2qW.png) ![](https://i.imgur.com/ZHYTbhD.png) лаба получилась