Web Application Hacking Techniques Part — 5

Update: This article is part of a series. Check out the full series: Part 1, Part 2, Part 3, Part 4, Part 5!

Welcome to module 5 of the “Web Application Hacking Techniques” workshop. So far, we have presented different methods and techniques to exploit web application vulnerabilities. We have covered SQL Injections and command execution vulnerabilities with hands-on labs and also have explained a couple of other web application vulnerabilities, such as XSS, etc.

Since information security is a very organized field, it has some set standards and frameworks that are consistently followed by security professionals. It’s worthwhile to talk about the top ten web application vulnerabilities, which are considered, accepted and recognized by industry leading organizations. These top ten vulnerabilities are listed by OWASP (Open Web Application Security Project).

It is recommended that you should first complete the previous four modules and then start module 5, otherwise you might not get all the benefits from this module.

Top 10 OWASP Vulnerabilities

In order to strengthen the security of your web application, you need to be aware of the top trends in web application vulnerabilities so that you can ensure that such vulnerabilities don’t exist in your web applications.

OWASP top ten provides the powerful awareness for web application security and underlying vulnerabilities. Following are the latest top ten vulnerabilities as highlighted by OWASP team.

* A1 Injection
* A2 Broken Authentication and Session Management
* A3 Cross-Site Scripting (XSS)
* A4 Insecure Direct Object References
* A5 Security Misconfiguration
* A6 Sensitive Data Exposure
* A7 Missing Function Level Access Control
* A8 Cross-Site Request Forgery (CSRF)
* A9 Using Components with Known Vulnerabilities
* A10 Unvalidated Redirects and Forwards

Although these top ten vulnerabilities details are freely available on the OWASP website, we will present few of these vulnerabilities in a chart format and will demonstrate how you can exploit this in a web application. We will not be able to cover all of these vulnerabilities in execution, however, you can exploit in the lab environment we have shown in the previous module. Since this vulnerable application is the older version you might find some differences in mapping the current top ten and the Mutillidae application listing.

We have already presented how to setup your virtual lab environment in the previous module. Browse through the Metasploitable as shown below and use the following web application.

Now, get to the following web page as shown below. This will take you to the A1 injection vulnerability demonstration page.

SQLi Bypass Authentication

In this attack vector, you can bypass the user login screen and can easily login without any supplied user id or password. Browse the following page on this vulnerable web application.

Use the SQL injection bypass technique as shown below as user and password [‘OR ‘a’=’a] and hit login. You will easily bypass the authentication.

Here you go with bypassing the login authentication, notice the logged in user.

Command Injection DNS Lookup

Now, let’s execute command execution vulnerability as listed in OWASP Top ten vulnerabilities. Browse to the following page.

<h1>Sorry. There has been a system error. <br /> <br /> Please login again </
h1> <br/> Username<input type=”text”> <br/> Password <input type=”text”> <br/> <br/> <input type=”submit” value=”Submit”><h1>&nbsp;</h1>

We will insert this code in the DNS lookup field and you can see the result as shown below.

To proceed further in order to understand each vulnerability in more granular details, it is recommended to go through the OWSAP top 10 vulnerabilities detailed information.

You can visit the following link and continue reading: https://www.owasp.org/index.php/Top_10_2013- A5-Security_Misconfiguration.

Originally published at https://learncybersec.blogspot.com.

Cyber Security Analyst & researcher