Difference between revisions of "OWASPBWA Known Vulnerabilites"

From OWASP
Jump to: navigation, search
Line 3: Line 3:
 
= Struts Forms  =
 
= Struts Forms  =
  
{| width="200" cellspacing="1" cellpadding="1" border="1"
+
{| cellspacing="1" cellpadding="1" border="1"
 
|-
 
|-
 
| ID<br>  
 
| ID<br>  
Line 27: Line 27:
 
= OWASP&nbsp;VicNum<br>  =
 
= OWASP&nbsp;VicNum<br>  =
  
{| width="200" cellspacing="1" cellpadding="1" border="1"
+
{| cellspacing="1" cellpadding="1" border="1"
 
|-
 
|-
 
| ID<br>  
 
| ID<br>  
Line 39: Line 39:
 
| Visit http://owaspbwa/vicnum/cgi-bin/vicnum1.pl?player=Foo%3Cscript%3Ealert%281%29%3C%2Fscript%3E to demonstrate this issue.
 
| Visit http://owaspbwa/vicnum/cgi-bin/vicnum1.pl?player=Foo%3Cscript%3Ealert%281%29%3C%2Fscript%3E to demonstrate this issue.
 
|-
 
|-
| 2<br>
+
| 2<br>  
| Reflected XSS<br>
+
| Reflected XSS<br>  
| http://owaspbwa/vicnum/vicnum5.php<br>
+
| http://owaspbwa/vicnum/vicnum5.php<br>  
 
| To illustrate this issue, send a POST request  
 
| To illustrate this issue, send a POST request  
<br>POST http://owaspbwa/vicnum/vicnum5.php
+
<br>POST http://owaspbwa/vicnum/vicnum5.php  
  
player=&lt;script&gt;alert(1)&lt;/script&gt;<br>
+
player=&lt;script&gt;alert(1)&lt;/script&gt;<br>  
  
 
|-
 
|-

Revision as of 01:38, 22 October 2010

This page is a test of how we may catalog vulnerabilities in the OWASP BWA project.

Contents

Struts Forms

ID
Type
URL
Details
1
Reflected XSS
http://owaspbwa:8080/mandiant-struts-form-vulnerable/submitname.do
Visit http://owaspbwa:8080/mandiant-struts-form-vulnerable/submitname.do?name=%3Cscript%3Ealert%281%29%3C/script%3E&submit=Submit to demonstrate this issue.
2




Simple ASP.NET Forms

OWASP VicNum

ID
Type
URL
Details
1
Reflected XSS
http://owaspbwa/vicnum/cgi-bin/vicnum1.pl
Visit http://owaspbwa/vicnum/cgi-bin/vicnum1.pl?player=Foo%3Cscript%3Ealert%281%29%3C%2Fscript%3E to demonstrate this issue.
2
Reflected XSS
http://owaspbwa/vicnum/vicnum5.php
To illustrate this issue, send a POST request


POST http://owaspbwa/vicnum/vicnum5.php

player=<script>alert(1)</script>

3
State Manipulation

When playing the game, the "correct" answer is stored in Base64 encoded form in a hidden form field named VIEWSTATE. An attacker can decode this value in order to determine the correct answer to the game or manipulate it.

WordPress version 2.0.0

phpBB version 2.0.0

Yazd version 1.0