WebGoat
文章平均质量分 51
fallinsky
不可揣测~
展开
-
HTTP Response Splitting攻击探究
学习WebGoat第一章General第一小节:HTTP Basics:使用Proxy软件(例如Webscarab)来截断浏览器(客户端)和Server之间的HTTP通信,之后任意篡改得到预期结果即可。第二小节:HTTP Splitting:(其实应该为HTTP Response Splitting)分为两步——1、HTTP Splitting;2、Cache PoisoningHTTP Response Splitting介绍:“HTTP Response Splitting” is a new appl原创 2010-10-27 15:14:00 · 4020 阅读 · 1 评论 -
Cross Cite Scripting
白盒状态下,检测源码中用户输入的地方和变量是否对长度和对”〈”,”〉”,”;”,”’”等字符进行过滤。黑盒测试时,有时输入〈script〉alert(‘test’)〈/script〉,代码没有被执行的,因为在源代码里,可能有其它的标签未闭合,如少了一个〈/script〉,这个时候,只要闭合一个〈/script〉,代码就会执行,如:在标题处输入〈/script〉〈script〉alert(‘test’)〈/script〉,这样就可以弹出一个test的框。html标签中 属性onerror和onload可以被用原创 2010-10-29 11:53:00 · 396 阅读 · 0 评论 -
Client Side Filtering
<br />这个练习的目的在于认识到将数据存储于客户端时,对于访问控制绕过的可能性!<br /> <br />用Tamper Data监测browser和server间的数据包交换。当在下拉菜单中选中任意员工,网页就会自动在下方显示其资料,但是TamperData没有捕获到任何通信,这说明其员工及员工的信息的显示没有进过服务端处理,所以所以信息都应该在客户端。查看HTML代码,找到其储存信息的点,就可以进行任意的不被允许的访问!!原创 2010-10-29 11:58:00 · 319 阅读 · 0 评论 -
Silent Transactions Attacks
<br /><br />How the attacks works:<br />Any system that silently processes transactions using a single submission is dangerous to the client. <br />For example, if a normal web application allows a simple URL submission, a preset session attack will allow原创 2010-11-16 17:53:00 · 546 阅读 · 0 评论 -
Insecure Client Storage
<br />学习完最大的收获是学会了怎样用firebug调试js脚本,十分强大^_^<br /> <br />It is always a good practice to validate all input on the server side. Leaving the mechanism for validation on the client side leaves it vulnerable to reverse engineering. Remember, anything on the cli原创 2010-11-17 12:26:00 · 425 阅读 · 0 评论 -
Forgot Password
<br />Web applications frequently provide their users the ability to retrieve a forgotten password. Unfortunately, many web applications fail to implement the mechanism properly. The information required to verify the identity of the user is often overly s原创 2010-11-17 17:43:00 · 636 阅读 · 2 评论 -
Code Quality
<br />一些程序员在编程时会因各种原因在源码中留下诸如FIXME's, TODO's, Code Broken, Hack等注释,这些注释信息可能会在某些情况下暴漏在用户眼前。如web应用,查看页面source就有可能从中发现敏感信息,从而达到认证绕过,造成信息泄露!<br /> <br />攻击时可以查看在源文件中搜索注释信息中的passwords, backdoors或者something doesn't work right这些字样,还可以搜索hidden,FIXME's, TODO's,或者注释原创 2010-11-18 17:50:00 · 320 阅读 · 0 评论 -
从Basic Authentication认知cookie和session
HTTP Basic Authentication查看wikipedia的解释,http://en.wikipedia.org/wiki/Basic_authentication_schemeHTTP Basic Authentication即Basic access authentication概念:In the context of an HTTP transaction, the basic access authentication is a method designed to allow a w原创 2010-11-18 14:10:00 · 1609 阅读 · 0 评论