Scribd
Upload
9 views

Activity 5

Uploaded by

218410654
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
9 views

Activity 5

Uploaded by

218410654
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

CYS402 – ACTIVITY 5 – CHAPTER 5

Part A:

There are several types of injection attacks:

• SQL injection,
• LDAP injection
• mail command injection
• null byte injection
• SSI injection
• XPath injection
• XML injection
• XQuery injection

ACTIVITY
Define each type of the injection attack and explain with an example. Don’t forget to use the resources
you used to understand these injection attacks.

Part B:

The purpose of this activity is to get you acquainted with the overall
layout of several web applications.

SETUP
You may want to do the activity in IE/Edge since Chrome has some built-in protection mechanisms.

WHAT IS XAMPP?
XAMPP is a PHP development environment.

XAMPP is a free and open-source cross-platform web server solution stack package developed by
Apache Friends, consisting mainly of the Apache HTTP Server, MariaDB database, and interpreters for
scripts written in the PHP and Perl programming languages. Since most actual web server deployments
use the same components as XAMPP, it makes transitioning from a local test server to a live server
possible.

WHAT IS DVWA?
DVWA is a PHP/MySQL web application that is damn vulnerable. It is a safe and legal platform for
penetration testers to test their skills and tools. And if you are a web developer you can use this damn
vulnerable web application to understand the process of securing your web applications.

DVWA allows you to learn more about some of the most common web vulnerabilities. Using various
difficulty levels, you can measure your skill level and improve yourself.

Note: Damn Vulnerable Web Application (DVWA) contains both documented and undocumented
vulnerabilities. This is intentional. You are encouraged to try and discover as many issues as possible
(Full path Disclosure, Authentication bypass, and some others).
ACTIVITY
1. Prior to the activity, download our XAMPP portable installation. Unzip it using 7-zip by right
clicking on the file. You may also use the standard zip file extractor, but this can take 10 minutes.
2. Go to your unzipped XAMPP directory, and run setup-xampp.bat. This will go through a couple
of tests, and will eventually ask you if you want to "refresh" (option 1). Take that option, and the
setup will finish.
3. Create a document called "Web Application Vulnerabilities".

4. Run the following. Note: some of these may ask for administrator privileges to open up the
firewall, do not allow! Even if you are on your own machine, you don't want to expose your local
machine as a server to vulnerable web applications.

▪ apache_start.bat. As it runs, XAMPP will ask for administrator access - hit Cancel to that
(even if you are on your own machine - no need to expose yourself as a server on the
network).
▪ catalina_start.bat - this starts the Tomcat server for Java web applications
▪ mysql_start.bat - this starts the MySQL relational database system
5. Start up a browser and go to http://127.0.0.1 (http://localhost will not always work with this
setup).
6. Log in to Damn Vulnerable Web Application. This is an interactive tutorial for learning how to
exploit various web application vulnerabilities.

7. Go to DVWA Security, and change the security level to "low".

8. Go to Setup, and hit "Create/Reset Database"

9. Go to SQL Injection, and construct an exploit for returning all user names in the table. Here are
a few hints:

▪ Start by just trying to guess one user ID to get this function to work properly
▪ If you get stuck, the source code is in: htdocs\dvwa\vulnerabilities\sqli\source (but try not
to look straight there immediately - challenge yourself to get it to work first!)
10. In your document, answer the following:

▪ As a tester, how would you know that a potential SQL injection vulnerability exists?
▪ Construct an exploit that does more than just lists usernames. Provide that exploit in your
document
▪ Switch the DVWA to "medium". Does your exploit still work? Make another one that does
work.
▪ Take a look at the solution for "high" security. Under what conditions might SQL injection
still work?
11. Switch the security level back to "low".

12. Now let's practice XSS. Go to XSS reflected and attempt a simple XSS

13. Answer the following in your document:

▪ How might a tester recognize a XSS vulnerability?


▪ Switch the security level to "medium". Construct a XSS exploit that will work under
"medium" security. Put this into your document.
▪ Now construct a phishing exploit that creates an extra form on the page that submits to an
external site. Note: this will not require scripting per se, but some HTML knowledge. Ask
around if you need a refresher on HTML. Put your XSS phishing exploit in your document.
14. Construct an exploit for Command Execution. Log that into your document.

Submit the final document to LMS. You have to put your team members name and IDs on the
document.

You might also like