Security Shepherd is a Flagship project of OWASP. It is made as a web and mobile application security training platform. As it is a famous framework for Web Application Pen Testing Traing, I want to start to write down my practice & solutions on the lessons and challenges of Security Shepherd for tracking. The Official website: https://www.owasp.org/index.php/OWASP_Security_Shepherd My Practice & Solutions ======================================================================== Top 10 2013-A1-Injection Top 10-2017 A1-Injection My Practice: SQL Injection Lesson Injection Challenge - NoSQL Injection One - SQL Injection 1 - SQL Injection 2 - SQL Injection 3 - SQL Injection 4 - SQL Injection 5 - SQL Injection 6 - SQL Injection 7 - SQL Inje...
Challenge Solution First step, let's try to input Mary Martin . Then, let's try 1'or'1'='1 . Well, maybe that's because 1 isn't a valid character for Name? Let's try a'or'a'='a . Not bad, we get the user list. However, our purpose is to get credit card number. We must try to UNION SELECT the credit card number field! The first thing comes to my mind is how can I get the table name and column names of this application database. Try ' UNION SELECT TABLE_NAME FROM INFORMATION_SCHEMA.TABLES WHERE '1'='1 => Try ' UNION SELECT COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='customer => Now, we are sure that the application doesn't have the privilege to access information_schema... Try to use GROUP BY to guess column name. Input ' group by name having '1'='1 => An error was detected! com...
留言
張貼留言
Welcome to share your comments or questions : -)
Enjoy life!