Web_Basic Практическая работа №3

# Web_Basic Практическая работа №3 Выполнил Лавров Павел Владимирович ## Задание к практической работе 3 – ### SQL-injection уязвимости 1) Use Burp Suite to intercept and modify the login request. Modify the username parameter, giving it the value: administrator’– ![](https://i.imgur.com/MxqeIbr.png) ![](https://i.imgur.com/isgpfyG.png) 2) Use Burp Suite to intercept and modify the request that sets the product category filter. Modify the category parameter, giving it the value '+OR+1=1– ![](https://i.imgur.com/kAFNTc4.png) ![](https://i.imgur.com/Ph90CK9.png) 3) Use Burp Suite to intercept and modify the request that sets the product category filter. Determine the number of columns that are being returned by the query and which columns contain text data. Verify that the query is returning two columns ![](https://i.imgur.com/4gxPywx.png) ![](https://i.imgur.com/rlOgQEx.png) ![](https://i.imgur.com/jxDjoeS.png) 4) Use Burp Suite to intercept and modify the request that sets the product category filter.Determine the number of columns that are being returned by the query and which columns contain text data. Verify that the query is returning two columns ![](https://i.imgur.com/D7N0uW6.png) ![](https://i.imgur.com/v1bR7Ju.png) ![](https://i.imgur.com/b2fA5WQ.png) ![](https://i.imgur.com/BnznZup.png) ### XSS уязвимости: 1) Enter the following into the comment box: <script>alert(1)</script> Enter a name, email and website.Click “Post comment”. ![](https://i.imgur.com/Mj4ieZw.png) ![](https://i.imgur.com/aVSGQlm.png) ![](https://i.imgur.com/qeY0FV5.png) 2) Enter a random alphanumeric string into the search box. Right-click and inspect the element, and observe that your random string has been placed inside an img src attribute. ![](https://i.imgur.com/WRUHucJ.png) ![](https://i.imgur.com/anavQme.png) ![](https://i.imgur.com/2ZIk25f.png) ![](https://i.imgur.com/daONjmi.png) 3) Submit a random alphanumeric string in the search box, then use Burp Suite to intercept the search request and send it to Burp Repeater. ![](https://i.imgur.com/zaeGAPJ.png) ![](https://i.imgur.com/S3706V9.png) ![](https://i.imgur.com/5iIoRy0.png) ![](https://i.imgur.com/5v2ImHS.png) 4) In Burp Suite, go to the Proxy tool and make sure that the Intercept feature is switched on. Back in the lab, go to the target website and use the search bar to search for a random test string, such as “XSS”. ![](https://i.imgur.com/F3RgXPU.png) ![](https://i.imgur.com/ph140pn.png) ![](https://i.imgur.com/gfNDk42.png) ![](https://i.imgur.com/FzfIW7C.png) ### CSRF: 1) Open Burp’s browser and log in to your account. Submit the “Update email” form, and find the resulting request in your Proxy history. ![](https://i.imgur.com/eJeBnGi.png) ![](https://i.imgur.com/1jMzCEk.png) ![](https://i.imgur.com/IjFD7hr.png) ![](https://i.imgur.com/hKt34qo.png) ![](https://i.imgur.com/4wcUYPh.png) ![](https://i.imgur.com/sh0pOWh.png) 2) Open Burp’s browser and log in to your account. Submit the “Update email” form, and find the resulting request in your Proxy history. Send the request to Burp Repeater and observe that if you change the value of the csrf parameter then the request is rejected. ![](https://i.imgur.com/tFkGzH2.png) ![](https://i.imgur.com/5UmU0dW.png) ![](https://i.imgur.com/lcPrCQo.png) ![](https://i.imgur.com/rqyiwLD.png) ![](https://i.imgur.com/ZCabwal.png) ### SSRF: 1) Browse to /admin and observe that you can’t directly access the admin page. ![](https://i.imgur.com/3Y3vHgQ.png) ![](https://i.imgur.com/9UxQ0rq.png) ![](https://i.imgur.com/DMDi5Js.png) ![](https://i.imgur.com/9YZmnjh.png) ![](https://i.imgur.com/Ei9GE2c.png) 2) Click “next product” and observe that the path parameter is placed into the Location header of a redirection response, resulting in an open redirection. ![](https://i.imgur.com/rHJsgU1.png) ![](https://i.imgur.com/jBFdDfL.png) ![](https://i.imgur.com/jIWOYx2.png) ![](https://i.imgur.com/lsatRpB.png) ### RCE: 1) Use Burp Suite to intercept and modify a request that checks the stock level. Modify the storeID parameter, giving it the value 1|whoami ![](https://i.imgur.com/n7MXe9d.png) ![](https://i.imgur.com/FxlMoMV.png) ![](https://i.imgur.com/uJ5LHUT.png) ### Path traversal: 1) Use Burp Suite to intercept and modify a request that fetches a product image. Modify the filename parameter, giving it the value: …/…/…/etc/passwd ![](https://i.imgur.com/nnQUdHC.png) ![](https://i.imgur.com/kIINqQH.png) ![](https://i.imgur.com/4tnz1M1.png) 2) Use Burp Suite to intercept and modify a request that fetches a product image. ![](https://i.imgur.com/b4PXHeS.png) ![](https://i.imgur.com/OFglIQi.png) ![](https://i.imgur.com/ET2DOSS.png) ![](https://i.imgur.com/8vURw1P.png) ИТОГ ![](https://i.imgur.com/CiXil68.png)