A4 - Insecure Direct Object References 不安全的直接对象引用
- Insecure DOR (Change Secret)
- Insecure DOR (Reset Secret)
- Insecure DOR (Order Tickets)
- Arbitrary File Access (Samba)
- Cross-Domain Policy File (Flash)
- Cross-Origin Resource Sharing (AJAX)
- Cross-Site Tracing (XST)
- Denial-of- Service (Large Chunk Size)
- Denial-of- Service (Slow HTTP DoS)
- Denial-of- Service (SSL -Exhaustion)
- Denial-of- Service (XML Bomb)
- Insecure FTP Configuration
- Insecure SNMP Configuration
- Insecure WebDAV Configuration
- Local Privilege Escalation (sendpage)
- Local Privilege Escalation (udev)
- Man-in-the-Middle Attack (HTTP)
- Man-in-the-Middle Attack (SMTP)
- Old/Backup & Unreferenced Files
- Robots File
Insecure DOR (Change Secret)
low
页面源码中有一个隐藏的login
可以通过抓包修改login
,secret
medium&high
抓包会发现有了token
验证
high级别的也是
// A random token is generated when the security level is MEDIUM or HIGH
if($_COOKIE["security_level"] == "1" or $_COOKIE["security_level"] == "2")
{
$token = sha1(uniqid(mt_rand(0,100000)));
$_SESSION["token"] = $token;
}
Insecure DOR (Reset Secret)
抓包也可以修改login
,secret
Insecure DOR (Order Tickets)
可以通过抓包修改ticket_price
而medium和high就不能修改了
A5- Security Misconfiguration
- Insecure DOR (Change Secret)
- Insecure DOR (Reset Secret)
- Insecure DOR (Order Tickets)
- Arbitrary File Access (Samba)
- Cross-Domain Policy File (Flash)
- Cross-Origin Resource Sharing (AJAX)
- Cross-Site Tracing (XST)
- Denial-of- Service (Large Chunk Size)
- Denial-of- Service (Slow HTTP DoS)
- Denial-of- Service (SSL -Exhaustion)
- Denial-of- Service (XML Bomb)
- Insecure FTP Configuration
- Insecure SNMP Configuration
- Insecure WebDAV Configuration
- Local Privilege Escalation (sendpage)
- Local Privilege Escalation (udev)
- Man-in-the-Middle Attack (HTTP)
- Man-in-the-Middle Attack (SMTP)
- Old/Backup & Unreferenced Files
- Robots File
Arbitrary File Access (Samba)
老问题了
呃。。还得拖一拖。。
好几个不能演示
Cross-Domain Policy File (Flash)
Cross-Origin Resource Sharing (AJAX)
Cross-Site Tracing (XST)
Denial-of- Service (Large Chunk Size)
Denial-of- Service (Slow HTTP DoS)
Denial-of- Service (SSL -Exhaustion)
Denial-of- Service (XML Bomb)
Insecure FTP Configuration
Insecure SNMP Configuration
Insecure WebDAV Configuration
Local Privilege Escalation (sendpage)
Local Privilege Escalation (udev)
Man-in-the-Middle Attack (HTTP)
在密码学和计算机安全领域中,中间人攻击 ( Man-in-the-middle attack,通常缩写为MITM )是指攻击者与通讯的两端分别建立独立的联系,并交换其所收到的数据,使通讯的两端认为他们正在通过一个私密的连接与对方直接对话,但事实上整个会话都被攻击者完全控制。在中间人攻击中,攻击者可以拦截通讯双方的通话并插入新的内容。
这个可以
A certificate must be configured to fully function!
medium和high会要求证书必须配置为完全功能
尝试登陆会出现个证书无效,继续之后就没了??
呃。。不会。。
看一下师傅的一些总结
【Geeker】中间人攻击(Man-in-the-MiddleAttack)
Man-in-the-Middle Attack (SMTP)
low
if(isset($_POST["action"]))
{
$login = $_SESSION["login"];
// Debugging
// echo $login;
$sql = "SELECT * FROM users WHERE login = '" . $login . "'";
// Debugging
// echo $sql;
$recordset = $link->query($sql);
if(!$recordset)
{
die("Error: " . $link->error);
}
// Debugging
// echo "<br />Affected rows: ";
// printf($link->affected_rows);
$row = $recordset->fetch_object();
// If the user is present
if($row)
{
if($smtp_server != "")
{
ini_set( "SMTP", $smtp_server);
//Debugging
// $debug = "true";
}
$secret = $row->secret;
$email = $row->email;
// Sends a mail to the user
$subject = "bWAPP - Your Secret";
$sender = $smtp_sender;
$content = "Hello " . ucwords($login) . ",\n\n";
$content.= "Your secret: " . $secret . "\n\n";
$content.= "Greets from bWAPP!";
$status = @mail($email, $subject, $content, "From: $sender");
if($status != true)
{
$message = "<font color=\"red\">An e-mail could not be sent...</font>";
// Debugging
// die("Error: mail was NOT send");
// echo "Mail was NOT send";
}
else
{
$message = "<font color=\"green\">An e-mail with your secret has been sent to " . $email . ".</font>";
}
}
}
medium&high
Old/Backup & Unreferenced Files
Robots File
Robots文件会暴露你的路径,列如你后台就是admin目录下的文件
Robots协议(也称为爬虫协议、机器人协议等)的全称是“网络爬虫排除标准”(Robots Exclusion Protocol),网站通过Robots协议告诉搜索引擎哪些页面可以抓取,哪些页面不能抓取。
robots.txt文件是一个文本文件,使用任何一个常见的文本编辑器,比如Windows系统自带的Notepad,就可以创建和编辑它 。robots.txt是一个协议,而不是一个命令。robots.txt是搜索引擎中访问网站的时候要查看的第一个文件。robots.txt文件告诉蜘蛛程序在服务器上什么文件是可以被查看的。
当一个搜索蜘蛛访问一个站点时,它会首先检查该站点根目录下是否存在robots.txt,如果存在,搜索机器人就会按照该文件中的内容来确定访问的范围;如果该文件不存在,所有的搜索蜘蛛将能够访问网站上所有没有被口令保护的页面。百度官方建议,仅当您的网站包含不希望被搜索引擎收录的内容时,才需要使用robots.txt文件。如果您希望搜索引擎收录网站上所有内容,请勿建立robots.txt文件。