Scribd
Upload
202 views19 pages

OWASP Mutilidae

The document discusses various web application vulnerabilities, focusing on OWASP Mutillidae, including Broken Access Control, SQL Injection, Cross-Site Scripting, and Security Misconfiguration. It outlines specific attack vectors, affected URLs, and solutions for each vulnerability, emphasizing the importance of proper security measures and testing. The document serves as a guide for conducting vulnerability assessments and penetration testing on web applications.

Uploaded by

abhishekvish36
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
202 views19 pages

OWASP Mutilidae

The document discusses various web application vulnerabilities, focusing on OWASP Mutillidae, including Broken Access Control, SQL Injection, Cross-Site Scripting, and Security Misconfiguration. It outlines specific attack vectors, affected URLs, and solutions for each vulnerability, emphasizing the importance of proper security measures and testing. The document serves as a guide for conducting vulnerability assessments and penetration testing on web applications.

Uploaded by

abhishekvish36
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 19

Name :- Abhishek Vishwakarma

Assignment Date:- 25th October 22


Submission Date :- 01st November 22
Topics :- Web Application Vulnerability Assessment &
Penetration Testing (OWASP Mutillidae)

1. A01:2021-Broken Access Control:-

 This vulnerability occurs when there is broken access to resources, it means


there are some improperly configured missing restrictions on authenticated
users which allows them to access unauthorized functionality or data like
access to others accounts, confidential documents, etc.
 For this attack, attackers take the help of session management and try to
access data from the unexpired session tokens, which gives them access to
many valid IDs and passwords.
 Broken access control attacks can be prevented by:

 Deleting accounts that are no longer needed or are not active


 Shutting down unnecessary services to reduce the burden on servers
 Using penetration testing.

 SQLi Extract Data:-


 Affected Url:- http://192.168.1.12/mutillidae/index.php?
page=user-info.php

 Solution:-
 So first we need to click on OWASP 2013> A1-Injection (SQL) > SQLi
Extract Data > User Info (SQL) you will get the below the output.
 After opening the Url, enter you name & password you will get the below
output.
 Enter the query admin' OR 1=1;-- Select * from account; in the name you

will get the below result.


 SQL Map Practice:-
 Affected Url:- http://192.168.1.12/mutillidae/index.php?
page=login.php

 Solution:-

 So first we need to click on OWASP 2013> A1-Injection (SQL)> SQL Map


Practice > Login you will get the below the output.
 Copy the below request and make a user.request file at /tmp/folder

 Then we check databases by using this sqlmap tool in kali terminal.


 Then we check the Mutillidae Database

 When we run this command we find 11 tables in Mutillidae


 Then we check credit cards table and check it.

 Then we dump the user table

 SQLi Bypass Authentication (Login):-


 Affected Url:- http://192.168.1.12/mutillidae/index.php?
page=login.php

 Solution :-

 So first we need to click on OWASP 2013> A1-Injection (SQL)> SQLi


Bypass Authentication > Login you will get the below the output.
 After opening the URL enter the query ‘OR (1=1 AND username =’john’) --

 Insert Injection (add to your blog):-


 Affected URL:- http://192.168.1.12/mutillidae/index.php?
page=add-to-your-blog.php

 Solution :-

 So first we need to click on OWASP 2013> A1-Injection (SQL)> SQLi Insert


Injection > Add to your blog you will get the below the output.
 Enter the query ‘or 1=1 you will get the below output.

 Now we change the result from John to Admin in Burpsuite.


 Now after changes we are login to John account but through burpsuite we
directly fetch admin blogs.

 Insert Injection (Register):-


 Affected URL:- http://192.168.1.12/mutillidae/index.php?
page=register.php

 Solution:-
 So first we need to click on OWASP 2013> A1-Injection (other) > SQLi
Insert- Injection > Register you will get the below the output.
 Creating username and password both as abhi05 we get the below output.

 Now we login with username & password as abhi05.


2. A01:Injection(Other):-

 HTML Injection (User Info SQL):-


 Affected Url:- http://192.168.1.12/mutillidae/index.php?page=user-
info.php

 Solution:-
 So first we need to click on OWASP 2013> A1-Injection (other)> HTML
Injection (HTMLi)> User Info (SQL) you will get the below the output.

 After opening the Url, enter you name & password you will get the below
output.
 Enter the query admin' OR 1=1;-- Select * from account; in the name you
will get the below result.

 Command Injection(DNS Lookup):-


 Affected Url:- http://192.168.1.12/mutillidae/index.php?page=dns-
lookup.php

 Solution:-
 So first we need to click on OWASP 2013> A1- Injection (Other) >
Command Injection > DNS Lookup you will get the below the output.
 Then we enter the localhost&& cat login.php in the Hostname/IP we get
the below output.

3. A03:2021-Cross Site Scripting:-

 This is also a widespread vulnerability that almost affects 53% of all web
applications.
 XSS vulnerability allows a hacker to inject malicious client-side scripts into a
website and then use the web application as an attack vector to hijack user
sessions, or redirecting the victim to malicious websites.
 Cross-site scripting attacks can be prevented by:
 Using appropriate response headers
 Filtering the input and encoding the output
 Using the content security policy
 Applying a zero-trust approach to user input

 Reflected (First Order) DNS Lookup:-


 Solution:-
 So first we need to click on OWASP 2013> A3-Cross Site Scripting
(XSS)> Reflected (First Order) you will get the below the output.

 Then we enter the <script>alert(“Malware!”)</script> in the


Hostname/IP we get the below output.
 Reflected First Order Background Change:-

 Persistent (Second Order) Add to your blog:-


 Affected Url:- http://192.168.1.12/mutillidae/index.php?page=add-
to-your-blog.php

 Solution:-
 So first we need to click on OWASP 2013> A3-Cross Site Scripting
(XSS)> Persistent (Second Order) you will get the below the output
 After opening the url we will add the blog for admin Professionals Hack
People <script>alert("Hacked!")</script> we get the below result.
4. A05:2021-Security Misconfiguration:-

 It is estimated that up to 95% of cloud breaches are the result of human


errors and this fact leads us to the next vulnerability called security
misconfiguration.
 This vulnerability refers to the improper implementation of security intended
to keep application data safe.
 As we know that developer’s work is basically to work on the functionality of
websites and not on security and this flaw allows hackers to keep track of
the configuration of the security and find new possible ways to enter
websites.
 The most common reason for this vulnerability is not patching or upgrading
systems, frameworks, and components.
 Security misconfiguration attacks can be prevented by

 Using Dynamic application security testing (DAST)


 Disabling the use of default passwords
 Keeping an eye on cloud resources, applications, and servers

 Directory Browsing:-

 Affected Url:- http://192.168.1.12/mutillidae/index.php?


page=directory-browsing.php

 Solution:-
 First we need to check if there is any misconfiguration, and if directory
browsing is allowed so right click on documentation tab> Installation
Instructions (Windows)>copy the link.
 After copying the link open the Url in another tab remove the mutillidae-
installation-on-xampp-win7.pdf, in the Url you will get the below output.

 And as we have entered the index of all the documents and directories,
Hence it shows that Mutillidae is vulnerable to directory browsing.

 Unrestricted File Upload:-


 Affected Url:- http://192.168.1.12/mutillidae/index.php?
page=upload-file.php

 Solution:-
 So to upload the file, first we need to click on OWASP 2013> A5-Security
Misconfiguration> Unrestricted File Upload you will get the below the output.
 After opening the upload page, In this interface we will upload a JPEG file
and get the below result.

You might also like