HackMD
Testphp.vulns
Testing process
因爲沒有打過,所以對於流程不太熟悉,所以直接就用了自動弱掃工具,然後才知道算是作弊,但是在進行完自動弱掃後還是有進行手動驗證
基本上我只有掃出常見的幾個大方向,沒有後續深入的細打,但是之後可以繼續深入研究
Auto Tool
- skipfish
Command
skipfish -o /home/kali/test1 URL
Command Feedback
Image Not Showing
Possible Reasons
- The image was uploaded to a note which you don't have access to
- The note which the image was originally uploaded to has been deleted
以上是作弊 後面是自己手敲
Vulnerability verification
- Improper permission management
- sql injection
- XSS
- path traversal
Improper permission management
登入驗證只有使用 cookie 進行驗證,可以自己僞造 cookie 在其他地方做登入
Image Not Showing
Possible Reasons
- The image was uploaded to a note which you don't have access to
- The note which the image was originally uploaded to has been deleted
沒有登入會看不到購物車
Image Not Showing
Possible Reasons
- The image was uploaded to a note which you don't have access to
- The note which the image was originally uploaded to has been deleted
SQL Injection
Authorization Bypass
盲注過的
Image Not Showing
Possible Reasons
- The image was uploaded to a note which you don't have access to
- The note which the image was originally uploaded to has been deleted
Image Not Showing
Possible Reasons
- The image was uploaded to a note which you don't have access to
- The note which the image was originally uploaded to has been deleted
XSS
也是手打
\<a onmouseover="alert(document.cookie)"\>xxs link\</a\>
Image Not Showing
Possible Reasons
- The image was uploaded to a note which you don't have access to
- The note which the image was originally uploaded to has been deleted
Path Traversal
嚴格來説這個我一開始就用手敲過了,但是忘記截圖
Tool
Dirsearch
./dirsearch.py -e php,html,js -u http://testphp.vulnweb.com/
Image Not Showing
Possible Reasons
- The image was uploaded to a note which you don't have access to
- The note which the image was originally uploaded to has been deleted
Image Not Showing
Possible Reasons
- The image was uploaded to a note which you don't have access to
- The note which the image was originally uploaded to has been deleted
