Syllabus
In this module, we focused on the identification and enumeration of common web application vulnerabilities. We also exploited several common web application vulnerabilities, leveraging a variety of techniques including admin console weaknesses, cross-site scripting, directory traversal, local and remote file inclusion, and SQL injection. These attack vectors are the basic building blocks we will use to construct more advanced attacks.
Web Application Attacks Web Application Assessment Methodology Web Application Enumeration Inspecting URLs Inspecting Page Content Viewing Response Headers Inspecting Sitemaps Locating Administration Consoles
Web Application Assessment Tools DIRB Burp Suite Nikto
Exercise Exploiting Web-based Vulnerabilities Exploiting Admin Consoles
Burp Suite Intruder
Exercises Cross-Site Scripting (XSS) Identifying XSS Vulnerabilities Basic XSS Content Injection Stealing Cookies and Session Information
Exercises Other XSS Attack Vectors Directory Traversal Vulnerabilities
Identifying and Exploiting Directory Traversals
File Inclusion Vulnerabilities
Exercise Identifying File Inclusion Vulnerabilities Exploiting Local File Inclusion (LFI) Contaminating Log Files LFI Code Execution Remote File Inclusion (RFI) Exercises
Exercises
Expanding Your Repertoire PHP Wrappers
Exercises SQL Injection Basic SQL Syntax Identifying SQL Injection Vulnerabilities Authentication Bypass
Exercises Enumerating the Database Column Number Enumeration
Understanding the Layout of the Output Extracting Data from the Database From SQL Injection to Code Execution Automating SQL Injection
¿Qué sigue?
3 Análisis de vulnerabilidades << >> 4 Explotación
> Exit code: 1 █