# Testphp.vulns ## Testing process 因爲沒有打過,所以對於流程不太熟悉,所以直接就用了自動弱掃工具,然後才知道算是作弊,但是在進行完自動弱掃後還是有進行手動驗證 基本上我只有掃出常見的幾個大方向,沒有後續深入的細打,但是之後可以繼續深入研究 ## Auto Tool * skipfish ### Command ``` skipfish -o /home/kali/test1 URL ``` ### Command Feedback ![](https://hackmd.io/_uploads/rkssf-Rya.png) 以上是作弊 後面是自己手敲 --- ## Vulnerability verification * Improper permission management * sql injection * XSS * path traversal ## Improper permission management 登入驗證只有使用 cookie 進行驗證,可以自己僞造 cookie 在其他地方做登入 ![](https://hackmd.io/_uploads/SJH1u3glT.png) 沒有登入會看不到購物車 ![](https://hackmd.io/_uploads/Hykxthlxp.png) ## SQL Injection ### Authorization Bypass 盲注過的 ![](https://hackmd.io/_uploads/S1pwPbAJT.png) ![](https://hackmd.io/_uploads/B1nOPbCyT.png) ## XSS 也是手打 ``` \<a onmouseover="alert(document.cookie)"\>xxs link\</a\> ``` ![](https://hackmd.io/_uploads/S1enoZRka.png) ## Path Traversal 嚴格來説這個我一開始就用手敲過了,但是忘記截圖 ### Tool Dirsearch ``` ./dirsearch.py -e php,html,js -u http://testphp.vulnweb.com/ ``` ![](https://hackmd.io/_uploads/BkJbBoAk6.png) ![](https://hackmd.io/_uploads/Hk0bSoR1T.png)
×
Sign in
Email
Password
Forgot password
or
By clicking below, you agree to our
terms of service
.
Sign in via Facebook
Sign in via Twitter
Sign in via GitHub
Sign in via Dropbox
Sign in with Wallet
Wallet (
)
Connect another wallet
New to HackMD?
Sign up