Difference between revisions of "OWASPBWA Known Vulnerabilites"

From OWASP
Jump to: navigation, search
Line 13: Line 13:
 
| Reflected XSS<br>  
 
| Reflected XSS<br>  
 
| http://owaspbwa:8080/mandiant-struts-form-vulnerable/submitname.do<br>  
 
| http://owaspbwa:8080/mandiant-struts-form-vulnerable/submitname.do<br>  
| Visit http://owaspbwa:8080/mandiant-struts-form-vulnerable/submitname.do?name=%3Cscript%3Ealert%281%29%3C/script%3E&submit=Submit to demonstrate this issue.
+
| Visit http://owaspbwa:8080/mandiant-struts-form-vulnerable/submitname.do?name=%3Cscript%3Ealert%281%29%3C/script%3E&amp;submit=Submit to demonstrate this issue.
 
|-
 
|-
 
| 2<br>  
 
| 2<br>  
Line 24: Line 24:
  
 
= Simple ASP.NET Forms  =
 
= Simple ASP.NET Forms  =
 +
 +
= OWASP&nbsp;VicNum<br>  =
 +
 +
{| width="200" cellspacing="1" cellpadding="1" border="1"
 +
|-
 +
| ID<br>
 +
| Type<br>
 +
| URL<br>
 +
| Details<br>
 +
|-
 +
| 1<br>
 +
| Reflected XSS<br>
 +
| http://owaspbwa/vicnum/cgi-bin/vicnum1.pl<br>
 +
| Visit http://owaspbwa/vicnum/cgi-bin/vicnum1.pl?player=Foo%3Cscript%3Ealert%281%29%3C%2Fscript%3E to demonstrate this issue.
 +
|-
 +
| 2<br>
 +
| Reflected XSS<br>
 +
| http://owaspbwa/vicnum/vicnum5.php<br>
 +
| To illustrate this issue, send a POST request
 +
<br>POST http://owaspbwa/vicnum/vicnum5.php
 +
 +
player=&lt;script&gt;alert(1)&lt;/script&gt;<br>
 +
 +
|-
 +
| 3<br>
 +
| State Manipulation<br>
 +
| <br>
 +
| When playing the game, the "correct" answer is stored in Base64 encoded form in a hidden form field named VIEWSTATE. An attacker can decode this value in order to determine the correct answer to the game or manipulate it.<br>
 +
|}
  
 
= WordPress version 2.0.0  =
 
= WordPress version 2.0.0  =
  
== phpBB version 2.0.0  ==
+
= phpBB version 2.0.0  =
  
== Yazd version 1.0  ==
+
= Yazd version 1.0  =
  
 
[[Category:OWASPBWA]]
 
[[Category:OWASPBWA]]

Revision as of 01:36, 22 October 2010

This page is a test of how we may catalog vulnerabilities in the OWASP BWA project.

Contents

Struts Forms

ID
Type
URL
Details
1
Reflected XSS
http://owaspbwa:8080/mandiant-struts-form-vulnerable/submitname.do
Visit http://owaspbwa:8080/mandiant-struts-form-vulnerable/submitname.do?name=%3Cscript%3Ealert%281%29%3C/script%3E&submit=Submit to demonstrate this issue.
2




Simple ASP.NET Forms

OWASP VicNum

ID
Type
URL
Details
1
Reflected XSS
http://owaspbwa/vicnum/cgi-bin/vicnum1.pl
Visit http://owaspbwa/vicnum/cgi-bin/vicnum1.pl?player=Foo%3Cscript%3Ealert%281%29%3C%2Fscript%3E to demonstrate this issue.
2
Reflected XSS
http://owaspbwa/vicnum/vicnum5.php
To illustrate this issue, send a POST request


POST http://owaspbwa/vicnum/vicnum5.php

player=<script>alert(1)</script>

3
State Manipulation

When playing the game, the "correct" answer is stored in Base64 encoded form in a hidden form field named VIEWSTATE. An attacker can decode this value in order to determine the correct answer to the game or manipulate it.

WordPress version 2.0.0

phpBB version 2.0.0

Yazd version 1.0