Lab 3 - Web Application Security

Introduction

The purpose of this assignment is to explore vulnerabilities and protection methods in web applications.

In this lab, you are going to locate and exploit a Cross-Site Scripting (XSS). Using this vector, you will get administrator access to the system by a cookie hijacking attack. Once in the administration pages, you will find and exploit a SQL-injection to gain code execution.

The web application

The web application used in this lab is from PentesterLab and represents a CMS blogging platform. It is a bootable CD in ISO format that you can boot from in your VirtualBox, VMware or QEMU:

Depending of your virtual machine configuration, you might create a port redirection to the virtual host tcp/80 port.

The system includes a PhantomJS script that simulates an administrator visiting every page of the website every minute.

Part 1: Cross-Site Scripting (XSS)

Your objective is to find an XSS vulnerability to perform a Session Hijacking attack and gain administration clearance in the web application.

In the report you should include:

The administration interface is under the admin link on the main page.

Hint:If you need to quickly run a server to capture the leak you can use the command: socat TCP-LISTEN:80,reuseaddr,fork -

Extra: Can you come up with a possible patch for the website code?

Part 2: SQL-Injection

Your objective is to find an SQL-Injection vulnerability in the web application and exploit it to modify the one of your requests in the database so that it is approved.

In the report you should include:

Hint:a possible webshell is <?php system($_GET['c']);?>

Extra:Your admin access might expire in the near future. How can you get future access without changing the administrator password? What do you suggest to mitigate this vulnerability in particular?

Links

Report

Please, submit a report that includes your answers from part 1 & 2.
Submissions with poor discussion of protection will be rejected.