OWASP Mutillidae II: Web Pwn in Mass Production
|
| Home | | | Login/Register | | | Toggle Hints | | | Show Popup Hints | | | Toggle Security | | | Enforce SSL | | | Reset DB | | | View Log | | | View Captured Data |
-
OWASP 2013
- A1 - Injection (SQL)
-
A1 - Injection (Other)
-
HTML Injection (HTMLi)
- Add to your blog
- Browser Info
- DNS Lookup
- Pen Test Tool Lookup
- Text File Viewer
- User Info (SQL)
- User Info (XPath)
- Set Background Color
- HTML5 Web Storage
- Capture Data Page
- View Captured Data
- Document Viewer
- Arbitrary File Inclusion
- Poll Question
- Register User
- Login
- Those "Back" Buttons
- Styling with Mutilidae
- Password Generator
- HTMLi via HTTP Headers
- HTMLi Via DOM Injection
- HTMLi Via Cookie Injection
- Frame Source Injection
- Command Injection
- JavaScript Injection
- HTTP Parameter Pollution
- Cascading Style Injection
- JavaScript Object Notation (JSON) Injection
- Buffer Overflow
- Parameter Addition
- XML External Entity Injection
- XML Entity Expansion
- XML Injection
- XPath Injection
- Application Log Injection
- CBC-bit Flipping
-
HTML Injection (HTMLi)
- A2 - Broken Authentication and Session Management
-
A3 - Cross Site Scripting (XSS)
-
Reflected (First Order)
- DNS Lookup
- Pen Test Tool Lookup
- Text File Viewer
- User Info (SQL)
- Set Background Color
- HTML5 Web Storage
- Capture Data Page
- Document Viewer
- Arbitrary File Inclusion
- XML Validator
- User Info (XPath)
- Poll Question
- Register User
- Browser Info
- Those "Back" Buttons
- Styling with Mutilidae
- Password Generator
- Client-side Control Challenge
- Persistent (Second Order)
- DOM-Based
- Via "Input" (GET/POST)
- Via HTTP Headers
- Via HTTP Attribute
- Via Misconfiguration
- Against HTML5 Web Storage
- Against JSON
- Via Cookie Injection
- Via XML Injection
- Via XPath Injection
- Via Path Relative Style Sheet Injection
- BeeF Framework Targets
-
Reflected (First Order)
- A4 - Insecure Direct Object References
- A5 - Security Misconfiguration
- A6 - Sensitive Data Exposure
- A7 - Missing Function Level Access Control
- A8 - Cross Site Request Forgery (CSRF)
- A9 - Using Components with Known Vulnerabilities
- A10 - Unvalidated Redirects and Forwards
- OWASP 2010
- OWASP 2007
- Web Services
- HTML 5
- Others
- Documentation
- Resources
Capture DataHints and Videos
Data Capture Page This page is designed to capture any parameters sent and store them in a file and a database table. It loops through the POST and GET parameters and records them to a file named captured-data.txt. On this system, the file should be found at /tmp/captured-data.txt. The page also tries to store the captured data in a database table named captured_data and logs the captured data. There is another page named captured-data.php that attempts to list the contents of this table. The data captured on this request is: page = capture-data.php showhints = 1 usebb_sid = m2dkc4anslj9uf7lta7hgh7o47 PHPSESSID = ph7osd3sj6vko0cppl0tjc5674 Would it be possible to hack the hacker? Assume the hacker will view the captured requests with a web browser.
Back
Help Me!
