Professional Documents
Culture Documents
Exam Ajay 201573004101
Exam Ajay 201573004101
Exam Ajay 201573004101
201573004101
Web Penetration Testing Internals
23-02-2022
Attacker IP :-192.168.200.8
Victim IP :- 192.168.75.105
1. Purschase all the four items for the price of Zero Bypassing client side
validation to get 100% discount using coupon code SILVER Path:-> Webgoat
-> AJAX Security -> Insecure Client Storage
Now let’s make the price 0 dollars. Click on purchase button and intercept
request in burpsuite
Send to repeater
But the request body is encoded. Let’s decode it using smart decode option in
decoder
Now change grand total to zero in repeater and send
See the response in browser, we can buy for zero dollars.
2. Fetch profile details of Jerry Mouse user by logging into Curly Stooge user,
using Indirect Object Reference Path:-> Webgoat -> Access Control Flaws ->
LAB: Role Based Access Control
Enter the path Webgoat -> Access Control Flaws -> LAB: Role Based Access
Control and log in as curly stooge
Go to path Webgoat -> AJAX Security -> LAB: Client Side Filtering and choose
larry
Send to repeater and change user ID to * and send
We get neville’s salary along with other employee’s salaries
4. Fetch /etc/passwd details of the server using Xml External Entities XXE
Path:- Mutillidae -> Others -> XML External Entity Injection -> XML Validator
Exit webgoat and go to location Mutillidae -> Others -> XML External Entity
Injection -> XML Validator
Enter the XML code and click validate XML
6. Login with credentials user:user and escalte the user privileges to admin using
Privilege escalation Path:- Mutillidae -> OWASP 2013 -> A1 Injection ->
SQLi Bypass Authentication -> Login
7. Send 4000 from the user without his knowledge using CSRF attack Path:->
Webgoat -> Cross-Site Scripting (XSS) -> LAB: Cross Site Scripting ->
Stage 1
Before going onto the location, go to XSS->CSRF tab and copy the url location
192.168.75.105/WebGoat/attack?Screen=52&menu=900&transferFunds=4000
log in as larry and edit profile, in street tab enter the code :
<script>window.location="http://192.168.75.105/WebGoat/attack?Screen=52&
menu=900&transferFunds=4000" </script>
4000 is transferred without user’s knowledge.