I am tasked to execute a successful attack (sqli, xss, csrf etc) on dvwa secured with modsecurity and crs v3.3 using encodings/ obfuscation
but i'm stuck!
any help or suggestion ?
Related
i have to write a report based on an a simple SQL injection attack. In this report i have to provide screenshots of my "walkthrough" so i cannot use pictures of other tutorials on the web. Now my question is: can anybody tell me the names of some websites vulnerable to SQL injection attack on which i can test my attack legally? Thanks to Google dorks i have already found some vulnerable websites, but i think that running the attack over them is illegal. I want to avoid the setting up of a personal website for this purpose, but if there are no other solutions i need an help also in setting up this kind of site.
There is a web application called DVWA (Damn Vulnerable Web Application), it's not hosted on the internet. you have to download it and run as localhost on your computer. However it has a range of vulnerabilities, i have used it in the past for trying out a brute force attack. As its localhost its legal. it should be ideal for a walk through tutorial. I know you said that you didn't want to setup your own website, but the setup is a few minutes. Hope this Helps :D
Link: http://www.dvwa.co.uk/
Is there any service, or test suite or something which I can run against my site and expose any major security flaws. I don't expect I'll need to worry about hackers, but I want to eliminate security risks which can easily be exploited. i.e. SQL injection, cross site scripting etc..
You can use skipfish to detect XSS/SQLi vulnerabilities. It can be pretty hard on servers (brute forcing stuff, generating lots of requests), so you may want to read about its options/flags.
For SQL injection, sqlmap is pretty good in finding and exploiting SQL injections. Definitely worth a try.
I regularly use both of these tools for my penetration tests and they are pretty good at finding meaningful stuff.
Try this for sql injection testing, it's the one i prefer
Havij v1.15 Advanced SQL Injection
http://www.itsecteam.com/en/projects/project1.htm
Take a look at the ASafaWeb analyzer for ASP.NET web sites. (If ASP.NET is applicable to you... )
It doesn't do SQL Injection attacks, but nevertheless useful.
It's written by Troy Hunt, and make sure you listen to the Dotnetrocks.com episode 735 where he was interviewed.
I have a suite of Oracle Apex based applications due to have a security test. Does anyone have any tips on what I should look for to tighten things up?
The thing with Apex applications is that the underlying code is all PL/SQL, so it is no surprise that the major class of vulnerability affecting Apex application is SQL Injection.
You need to make sure that you do not use substitution variables (e.g. &P1_TEST.) as these almost always lead to exploitable injection. When they are used within PL/SQL begin/end blocks the injection is very "powerful" as an attacker can specify an arbitrary number of PL/SQL statements.
Many Apex apps use dynamic SQL (where a query is constructed in a string and then executed), either through direct calls to EXECUTE IMMEDIATE or through Apex FUNCTION_RETURNING_SQL blocks. Dynamic SQL is almost always a bad idea.
You'll also find quite a bit of Cross-Site Scripting in Apex apps, where input from users, or from queries run against the database is not escaped. The various Apex reports provide settings to enable escaping but these may not have been chosen when the report was defined.
Also consider the access-control model and ensure all the pages are protected with appropriate authorisation schemes. Do not use the APEX_APPLICATION_FILES table if you're storing uploads as that doesn't protect against unauthenticated downloads.
Hope that helps, and good luck!
i used to code my pages in php, and am new to ror. recently i read this article: http://asciicasts.com/episodes/204-xss-protection-in-rails-3
about the xss protection and im curious, whether this only applies to output like js on a html page, or whether this ruby feature also covers sql injection, <img src="evilpage.php"/> session stealing and others?
Cross-site scripting (XSS) and SQL injection are two entirely different things, but using ActiveRecord properly in Rails 3 will also protect you from SQL injection.
Cross-site request forgery (CSRF, 'session stealing') is something totally different again.
This may sound like a weird question but is there any where I can download a website that is vulnerable to sql injection the url kind not login bypass?
I'm making a vulnerability scanner and I want to learn some SQLi so i can include it in my project.
Thanks, it doesn't need to be fancy. Just enough to practice on.
OWASP WebGoat is the usual example. Includes SQL injection vulnerabilities.
No, you cannot download their site to test for injection vulnerabilities. You need to download their whole DB and configs to do what you are saying. If you want to benevolently go checking the security of various sites, you have to ask them about their system and model it on your own. OWASP works on systems not recently updated with patches, like the comment of tackline-its a first port.
OWAPS's WebGoat is an application that is built to be vulnerable to attack, it is a simulation of real world vulnerabilities. The Whitebox is a collection of real world vulnerabilities, it has 2 web applications that where abandoned because the applications where so insecure. It also has a set of challenges there are vulnerable code snips taken from real world applications. This project has real world sql injection as well more serious vulnerabilities.
Try scanning the vulnerable apps with Wapiti (open source) or Acunetix ($) or NTOSpider($$$). Then try using the applications, create blog posts ect, and then scan it again.
Also check out Damn Vulnerable Linux and Google Jarlsburg.