diff options
| author | Alexander Pickering <alex@cogarr.net> | 2020-01-01 22:37:37 -0500 |
|---|---|---|
| committer | Alexander Pickering <alex@cogarr.net> | 2020-01-01 22:37:37 -0500 |
| commit | 9fae5d516012e2c0802105e67c79e2587a22b9dc (patch) | |
| tree | 1c782ad2cd08bd1ecc4f0b42bd042778b4f34c2e /hw7 | |
| download | infsci2620-9fae5d516012e2c0802105e67c79e2587a22b9dc.tar.gz infsci2620-9fae5d516012e2c0802105e67c79e2587a22b9dc.tar.bz2 infsci2620-9fae5d516012e2c0802105e67c79e2587a22b9dc.zip | |
Diffstat (limited to 'hw7')
42 files changed, 23550 insertions, 0 deletions
diff --git a/hw7/hw7.docx b/hw7/hw7.docx Binary files differnew file mode 100644 index 0000000..af72b6d --- /dev/null +++ b/hw7/hw7.docx diff --git a/hw7/index.php@page=pen-test-tool-lookup.php b/hw7/index.php@page=pen-test-tool-lookup.php new file mode 100644 index 0000000..20cb6be --- /dev/null +++ b/hw7/index.php@page=pen-test-tool-lookup.php @@ -0,0 +1,700 @@ + + <!-- I think the database password is set to blank or perhaps samurai. + It depends on whether you installed this web app from irongeeks site or + are using it inside Kevin Johnsons Samurai web testing framework. + It is ok to put the password in HTML comments because no user will ever see + this comment. I remember that security instructor saying we should use the + framework comment symbols (ASP.NET, JAVA, PHP, Etc.) + rather than HTML comments, but we all know those + security instructors are just making all this up. --> +<!-- Bubble hints code --> + +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/1999/REC-html401-19991224/loose.dtd"> +<html> +<head> + <meta content="text/html; charset=us-ascii" http-equiv="content-type"> + + <link rel="shortcut icon" href="favicon.ico" type="image/x-icon" /> + <link rel="stylesheet" type="text/css" href="./styles/global-styles.css" /> + <link rel="stylesheet" type="text/css" href="./styles/ddsmoothmenu/ddsmoothmenu.css" /> + <link rel="stylesheet" type="text/css" href="./styles/ddsmoothmenu/ddsmoothmenu-v.css" /> + + <script type="text/javascript" src="./javascript/bookmark-site.js"></script> + <script type="text/javascript" src="./javascript/ddsmoothmenu/ddsmoothmenu.js"></script> + <script type="text/javascript" src="./javascript/ddsmoothmenu/jquery.min.js"> + /*********************************************** + * Smooth Navigational Menu- (c) Dynamic Drive DHTML code library (www.dynamicdrive.com) + * This notice MUST stay intact for legal use + * Visit Dynamic Drive at http://www.dynamicdrive.com/ for full source code + ***********************************************/ + </script> + <script type="text/javascript"> + ddsmoothmenu.init({ + mainmenuid: "smoothmenu1", //menu DIV id + orientation: 'v', //Horizontal or vertical menu: Set to "h" or "v" + classname: 'ddsmoothmenu', //class added to menu's outer DIV + //customtheme: ["#cccc44", "#cccccc"], + contentsource: "markup" //"markup" or ["container_id", "path_to_menu_file"] + }); + </script> + <script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + $('[CookieTamperingAffectedArea]').attr("title", "Cookies may store system state information"); + $('[CookieTamperingAffectedArea]').balloon(); + }); + </script> +</head> +<body onload="onLoadOfBody(this);"> +<table class="main-table-frame" border="1px" cellspacing="0px" cellpadding="0px"> + <tr> + <td bgcolor="#ccccff" align="center" colspan="7"> + <table width="100%"> + <tr> + <td style="text-align:center;"> + <span style="text-align:center; font-weight: bold; font-size:30px; text-align: center;"> + <img style="vertical-align: middle; margin-right: 10px;" border="0px" width="50px" height="40px" align="top" src="./images/coykillericon.png"/> + NOWASP (Mutillidae): Hack Like You Mean It + </span> + </td> + </tr> + </table> + </td> + </tr> + <tr> + <td bgcolor="#ccccff" align="center" colspan="7"> + <span class="version-header">Version: 2.3.10</span> + <span id="idSecurityLevelHeading" class="version-header" style="margin-left: 40px;">Security Level: 0 (Hosed)</span> + <span id="idHintsStatusHeading" CookieTamperingAffectedArea="1" class="version-header" style="margin-left: 40px;">Hints: Disabled (0 - I try harder)</span> + <span id="idSystemInformationHeading" ReflectedXSSExecutionPoint="1" class="version-header" style="margin-left: 40px;">Not Logged In</span> + </td> + </tr> + <tr> + <td colspan="2" class="header-menu-table"> + <table class="header-menu-table"> + <tr> + <td><a href="index.php?page=home.php">Home</a></td> + <td>|</td> + <td> + <a href="./index.php?page=login.php">Login/Register</a> + </td> + <td>|</td> + <td><a href="./index.php?do=toggle-hints&page=pen-test-tool-lookup.php">Toggle Hints</a></td><td>|</td> <td><a href="./index.php?do=toggle-security&page=pen-test-tool-lookup.php">Toggle Security</a></td> + <td>|</td> + <td><a href="set-up-database.php">Reset DB</a></td> + <td>|</td> + <td><a href="./index.php?page=show-log.php">View Log</a></td> + <td>|</td> + <td><a href="./index.php?page=captured-data.php">View Captured Data</a></td> + <td>|</td> + <td><a href="./index.php?do=toggle-bubble-hints&page=pen-test-tool-lookup.php">Hide Popup Hints</a></td> + </tr> + </table> + </td> + </tr> + <tr> + <td style="vertical-align:top;text-align:left;background-color:#ccccff;width:10%"> + <div id="smoothmenu1" class="ddsmoothmenu"> + <ul> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">Core Controls</a> + <ul> + <li><a href="index.php?page=home.php">Home</a></li> + <li> + <a href="./index.php?page=login.php">Login/Register</a> </li> + <li><a href="./index.php?do=toggle-hints&page=pen-test-tool-lookup.php">Toggle Hints</a></li> <li><a href="./index.php?do=toggle-security&page=pen-test-tool-lookup.php">Toggle Security</a></li> + <li><a href="set-up-database.php">Setup/Reset the DB</a></li> + <li><a href="./index.php?page=show-log.php">Show Log</a></li> + <li><a href="./index.php?page=credits.php">Credits</a></li> + <li><a href="./index.php?do=toggle-bubble-hints&page=pen-test-tool-lookup.php">Hide Popup Hints</a></li> + </ul> + </li> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">OWASP Top 10</a> + <ul> + <li> + <a href="">A1 - SQL Injection</a> + <ul> + <li> + <a href="">SQLi - Extract Data</a> + <ul> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">SQLi - Bypass Authentication</a> + <ul> + <li><a href="./index.php?page=login.php">Login</a></li> + </ul> + </li> + <li> + <a href="">SQLi - Insert Injection</a> + <ul> + <li><a href="./index.php?page=register.php">Register</a></li> + </ul> + </li> + <li> + <a href="">Blind SQL via Timing</a> + <ul> + <li><a href="./index.php?page=login.php">Login</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">SQLMAP Practice Target</a> + <ul> + <li><a href="./index.php?page=view-someones-blog.php">View Someones Blog</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">Via JavaScript Object Notation (JSON)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href="">A1 - Other Injection</a> + <ul> + <li> + <a href="">HTML Injection (HTMLi)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + </ul> + </li> + <li> + <a href="">HTMLi via HTTP Headers</a> + <ul> + <li><a href="./index.php?page=site-footer-xss-discussion.php">Site Footer</a><li> + <li><a href="">HTTP Response Splitting (Hint: Difficult)</a></li> + </ul> + </li> + <li> + <a href="">HTMLi Via DOM Injection</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">HTMLi Via Cookie Injection</a> + <ul> + <li><a href="index.php?page=capture-data.php">Capture Data Page</a></li> + </ul> + </li> + <li> + <a href="">Frame Source Injection</a> + <ul> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Injection</a> + <ul> + <li><a href="./index.php">Those "Back" Buttons</a></li> + <li> + <a href="./index.php?page=password-generator.php&username=anonymous"> + Password Generator + </a> + </li> + <li><a href="./index.php?page=browser-info.php">Browser Info</a></li> + </ul> + </li> + <li> + <a href="">HTTP Parameter Pollution</a> + <ul> + <li><a href="./index.php?page=user-poll.php">Poll Question</a></li> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">Cascading Style Injection</a> + <ul> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Object Notation (JSON) Injection</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + <li> + <a href="">Buffer Overflow</a> + <ul> + <li><a href="./index.php?page=repeater.php">Repeater</a></li> + </ul> + </li> + <li> + <a href="">Parameter Addition</a> + <ul> + <li><a href="./index.php?page=repeater.php">Repeater</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href="">A2 - Cross Site Scripting (XSS)</a> + <ul> + <li> + <a href="">Reflected (First Order)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + <li><a href="./index.php?page=html5-storage.php">HTML5 Storage</a></li> + <li><a href="./index.php?page=capture-data.php">Capture Data Page</a></li> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">Persistent (Second Order)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="?page=view-someones-blog.php">View someone's blog</a></li> + <li><a href="?page=show-log.php">Show Log</a><li> + </ul> + </li> + <li> + <a href="">DOM Injection</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Via "Input" (GET/POST)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="?page=view-someones-blog.php">View someone's blog</a></li> + <li><a href="?page=show-log.php">Show Log</a><li> + <li><a href="?page=user-info.php">User Info</a></li> + <li><a href="./index.php">Missing HTTPOnly Attribute</a></li> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + </ul> + </li> + <li> + <a href="">Via HTTP Headers</a> + <ul> + <li><a href="./index.php?page=browser-info.php">Browser Info</a></li> + <li><a href="./index.php?page=show-log.php">Show Log</a><li> + <li><a href="./index.php?page=site-footer-xss-discussion.php">Site Footer</a><li> + <li><a href="./index.php?page=html5-storage.php">Those "BACK" Buttons</a></li> + </ul> + </li> + <li> + <a href="">Via Misconfiguration</a> + <ul> + <li><a href="./index.php">Missing HTTPOnly Attribute</a></li> + </ul> + </li> + <li> + <a href="">Against HTML 5 Storage</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Against JSON</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + </ul> + </li> + <li> + <a href="">Via Cookie Injection</a> + <ul> + <li><a href="index.php?page=capture-data.php">Capture Data Page</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href=""> + A3 - Broken Authentication and Session Management + </a> + <ul> + <li><a href="index.php">Cookies</a></li> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=view-user-privilege-level.php&iv=6bc24fc1ab650b25b4114e93a98f1eba">View User Privileges</a></li> + </ul> + </li> + <li> + <a href="">A4 - Insecure Direct Object References</a> + <ul> + <li><a href="index.php?page=source-viewer.php">Source Viewer</a></li> + <li><a href="index.php?page=credits.php">Credits</a></li> + <li><a href="index.php">Cookies</a></li> + <li><a href="index.php?page=arbitrary-file-inclusion.php">Arbitrary File Inclusion</a></li> + </ul> + </li> + <li> + <a href="">A5 - Cross Site Request Forgery (CSRF)</a> + <ul> + <li><a href="index.php?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="./index.php?page=register.php">Register User</a></li> + </ul> + </li> + <li> + <a href="">A6 - Security Misconfiguration</a> + <ul> + <li><a href="index.php?page=directory-browsing.php">Directory Browsing</a></li> + <li><a href="./index.php?page=user-info.php">Method Tampering (GET for POST)</a></li> + </ul> + </li> + <li> + <a href="">A7 - Insecure Cryptographic Storage</a> + <ul> + <li><a href="index.php?page=user-info.php">User Info</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">A8 - Failure to Restrict URL Access</a> + <ul> + <li><a href="index.php?page=source-viewer.php">Source Viewer</a></li> + <li><a href="index.php?page=secret-administrative-pages.php">"Secret" Administrative Pages</a></li> + <li><a href="index.php?page=robots-txt.php">Robots.txt</a></li> + </ul> + </li> + <li> + <a href="">A9 - Insufficient Transport Layer Protection</a> + <ul> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">A10 - Unvalidated Redirects and Forwards</a> + <ul> + <li><a href="?page=credits.php">Credits</a></li> + <a href="#">Setup/reset the DB (Disabled: Not Admin)</a></li> + + </ul> + </li> + </ul> + </li> + <li style="border-color: #ffffff; border-style: solid;border-width: 1px"> + <a href="#">HTML 5</a> + <ul> + <li> + <a href="">HTML 5 Web Storage</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Object Notation (JSON)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + <li> + <a href="">Asyncronous JavaScript and XML (AJAX)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + </ul> + </li> + <li style="border-color: #ffffff; border-style: solid;border-width: 1px"> + <a href="#">Others</a> + <ul> + <li> + <a href="">OWASP 2007 A3 - Malicious File Execution</a> + <ul> + <li><a href="?page=source-viewer.php">Source Viewer</a></li> + </ul> + </li> + <li> + <a href="">OWASP 2007 A6 - Information Leakage and Improper Error Handling</a> + <ul> + <li><a href="index.php">Cache Control</a></li> + <li><a href="index.php">X-Powered-By HTTP Header</a></li> + <li><a href="index.php">HTML/JavaScript Comments</a></li> + <li><a href="index.php?page=framing.php">Click-Jacking</a></li> + <li><a href="framer.html">Cross-Site Framing (Third-Party Framing)</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Denial of Service</a> + <ul> + <li><a href="?page=show-log.php">Show Web Log</a><li> + </ul> + </li> + <li> + <a href="">JavaScript "Security"</a> + <ul> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=user-info.php">User Info</a></li> + <li><a href="index.php?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="index.php?page=user-agent-impersonation.php">User-Agent Impersonation</a> + </li> + <li> + <a href="">Data Capture Pages</a> + <ul> + <li><a href="index.php?page=capture-data.php">Data Capture</a></li> + <li><a href="index.php?page=captured-data.php">View Captured Data</a></li> + </ul> + </li> + + </ul> + </li> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">Documentation</a> + <ul> + <li><a href="index.php?page=documentation/vulnerabilities.php">Listing of Vulnerabilities</a></li> + </ul> + </li> + </ul> + <br style="clear: left" /> + </div> + + <div class="label" style="text-align: center;">Developed by Adrian "Irongeek" Crenshaw and Jeremy Druin</div> + </td> + +<td valign="top"> + <blockquote> + <!-- Begin Content --> + + +<script type="text/javascript"> + $(function() { + $('[JSONInjectionPoint]').attr("title", "User input is incorporated into the JSON returned from the server"); + $('[JSONInjectionPoint]').balloon(); + }); +</script> + +<div class="page-title">Pen Test Tool Lookup</div> + + + +<script type="text/javascript"> + $(function() { + $('[HTMLEventReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[HTMLEventReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div style="margin: 5px;"> + <span style="font-weight: bold;" HTMLEventReflectedXSSExecutionPoint="1"> + <a onclick="document.location.href='';" + style="cursor:pointer;"> + <img src="./images/back-button-128px-by-128px.png" + alt="Back" + width="64px" + height="64px" + align="middle" + /> + + Back + </a> + </span> +</div> +<!-- BEGIN HTML OUTPUT --> +<script type="text/javascript"> + + var gUseJavaScriptValidation = "FALSE"; +var gDisplayError = "FALSE"; +try{ + var gPenTestToolsJSON = ( ); + }catch(e){ + alert("Error trying to evaluate JSON: " + e.message); + }; + + + var addRow = function(pRowOfData){ + try{ + var lDocRoot = window.document; + var lTBody = lDocRoot.getElementById("idDisplayTableBody"); + var lTR = lDocRoot.createElement("tr"); + + //tool_id, tool_name, phase_to_use, tool_type, comment + + var lToolIDTD = lDocRoot.createElement("td"); + var lToolNameTD = lDocRoot.createElement("td"); + var lPhaseTD = lDocRoot.createElement("td"); + var lToolTypeTD = lDocRoot.createElement("td"); + var lCommentTD = lDocRoot.createElement("td"); + + //lKeyTD.addAttribute("class", "label"); + lToolIDTD.setAttribute("class","sub-body"); + lToolNameTD.setAttribute("class","sub-body"); + lToolNameTD.setAttribute("style","color:#770000"); + lPhaseTD.setAttribute("class","sub-body"); + lToolTypeTD.setAttribute("class","sub-body"); + lCommentTD.setAttribute("class","sub-body"); + lCommentTD.setAttribute("style","font-weight: normal"); + + lToolIDTD.appendChild(lDocRoot.createTextNode(pRowOfData.tool_id)); + lToolNameTD.appendChild(lDocRoot.createTextNode(pRowOfData.tool_name)); + lPhaseTD.appendChild(lDocRoot.createTextNode(pRowOfData.phase_to_use)); + lToolTypeTD.appendChild(lDocRoot.createTextNode(pRowOfData.tool_type)); + lCommentTD.appendChild(lDocRoot.createTextNode(pRowOfData.comment)); + + lTR.appendChild(lToolIDTD); + lTR.appendChild(lToolNameTD); + lTR.appendChild(lPhaseTD); + lTR.appendChild(lToolTypeTD); + lTR.appendChild(lCommentTD); + + lTBody.appendChild(lTR); + }catch(/*Exception*/ e){ + alert("Error trying to add row in function addRow(): " + e.name + "-" + e.message); + }// end try + };//end JavaScript function addRow + + var initializePage = function(){ + try{ + document.getElementById("idToolSelect").focus(); + }catch(/*Exception*/ e){ + alert("Error trying to initialize page: " + e.message); + }// end try + };// end function + + var displayError = function(){ + try{ + if(gDisplayError == "TRUE"){ + document.getElementById("id-invalid-input-tr").style.display=""; + }// end if + }catch(/*Exception*/ e){ + alert("Error trying to display error: " + e.message); + }// end try + };// end function + + var displayPenTestTools = function(){ + try{ + var laTools = gPenTestToolsJSON.query.penTestTools; + if(laTools && laTools.length > 0){ + document.getElementById("idDisplayTable").style.display=""; + for (var i=0; i<laTools.length; i++){ + addRow(laTools[i]); + }//end for i + }// end if + }catch(/*Exception*/ e){ + alert("Error trying to parse JSON: " + e.message); + }// end try + };// end function +</script> +<span> + <a style="text-decoration: none; cursor: pointer;" href="http://localhost/mutillidae/index.php?page=pen-test-tool-lookup-ajax.php"> + <img style="vertical-align: middle;" src="./images/ajax_logo-285x300.jpg" height="75px" width="78px" /> + <span style="font-weight:bold;">Switch to AJAX Version of page</span> + </a> +</span> +<fieldset style="width: 500px;"> + <legend>Pen Test Tools</legend> + <form action="index.php?page=pen-test-tool-lookup.php" + method="post" + enctype="application/x-www-form-urlencoded" + onsubmit="" + id="idForm"> + <table> + <tr id="id-invalid-input-tr" style="display: none;"> + <td class="error-message" colspan="2"> + Error: Invalid Input - Please choose a tool to lookup. + </td> + </tr> + <tr><td> </td></tr> + <tr> + <td class="form-header" colspan="2">Select Pen Test Tool</td> + </tr> + <tr><td> </td></tr> + <tr> + <td class="label" style="text-align: right;">Pen Test Tool</td> + <td> + <select id="idToolSelect" JSONInjectionPoint="1" name="ToolID"> + <option value="0923ac83-8b50-4eda-ad81-f1aac6168c5c" selected="selected">Please Choose Tool</option> + <option value="c84326e4-7487-41d3-91fd-88280828c756">Show All</option> + <option value="1">WebSecurify</option> +<option value="2">Grendel-Scan</option> +<option value="3">Skipfish</option> +<option value="4">w3af</option> +<option value="5">Burp-Suite</option> +<option value="6">Netsparker Community Edition</option> +<option value="7">NeXpose</option> +<option value="8">Hailstorm</option> +<option value="9">Tamper Data</option> +<option value="10">DirBuster</option> +<option value="11">SQL Inject Me</option> +<option value="12">XSS Me</option> +<option value="13">GreaseMonkey</option> +<option value="14">NSLookup</option> +<option value="15">Whois</option> +<option value="16">Dig</option> +<option value="17">Fierce Domain Scanner</option> +<option value="18">host</option> +<option value="19">zaproxy</option> +<option value="20">Google intitle</option> + </select> + </td> + </tr> + <tr><td> </td></tr> + <tr> + <td colspan="2" style="text-align: center;"> + <input name="pen-test-tool-lookup-php-submit-button" type="submit" value="Lookup Tool" class="button" /> + </td> + </tr> + </table> + </form> +</fieldset> + +<table id="idDisplayTable" style="display:none;"> + <tr><td> </td></tr> + <tr> + <td class="sub-header" colspan="5">Pen Testing Tools</td> + <td> </td> + </tr> + <tr> + <td class="sub-header">Tool ID</td> + <td class="sub-header">Tool Name</td> + <td class="sub-header">Tool Type</td> + <td class="sub-header">Phase Used</td> + <td class="sub-header">Comments</td> + </tr> + <tbody id="idDisplayTableBody" style="font-weight:bold;"></tbody> + <tr><td> </td></tr> +</table> + +<script type="text/javascript"> +<!-- + initializePage(); + displayError(); + displayPenTestTools(); +//--> +</script> + + <!-- End Content --> + </blockquote> + </td> + </tr> + </table> + + +<!-- Bubble hints code --> + +<script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div ReflectedXSSExecutionPoint=\"1\" class="footer">Browser: Wget/1.20.3 (msys)</div><div class="footer">PHP Version: 5.3.28</div></body> +</html><script type="text/javascript"> + try{ + window.localStorage.setItem("LocalStorageTarget","This is set by the index.php page"); + window.sessionStorage.setItem("SessionStorageTarget","This is set by the index.php page"); + }catch(e){ + alert(e); + }; + </script><script type="text/javascript" src="./javascript/jQuery/jquery-1.7.2.js"></script><script type="text/javascript" src="./javascript/jQuery/jquery.balloon.js"></script>
\ No newline at end of file diff --git a/hw7/index.php@page=pen-test-tool-lookup.php.1 b/hw7/index.php@page=pen-test-tool-lookup.php.1 new file mode 100644 index 0000000..c79cbf2 --- /dev/null +++ b/hw7/index.php@page=pen-test-tool-lookup.php.1 @@ -0,0 +1,700 @@ + + <!-- I think the database password is set to blank or perhaps samurai. + It depends on whether you installed this web app from irongeeks site or + are using it inside Kevin Johnsons Samurai web testing framework. + It is ok to put the password in HTML comments because no user will ever see + this comment. I remember that security instructor saying we should use the + framework comment symbols (ASP.NET, JAVA, PHP, Etc.) + rather than HTML comments, but we all know those + security instructors are just making all this up. --> +<!-- Bubble hints code --> + +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/1999/REC-html401-19991224/loose.dtd"> +<html> +<head> + <meta content="text/html; charset=us-ascii" http-equiv="content-type"> + + <link rel="shortcut icon" href="favicon.ico" type="image/x-icon" /> + <link rel="stylesheet" type="text/css" href="./styles/global-styles.css" /> + <link rel="stylesheet" type="text/css" href="./styles/ddsmoothmenu/ddsmoothmenu.css" /> + <link rel="stylesheet" type="text/css" href="./styles/ddsmoothmenu/ddsmoothmenu-v.css" /> + + <script type="text/javascript" src="./javascript/bookmark-site.js"></script> + <script type="text/javascript" src="./javascript/ddsmoothmenu/ddsmoothmenu.js"></script> + <script type="text/javascript" src="./javascript/ddsmoothmenu/jquery.min.js"> + /*********************************************** + * Smooth Navigational Menu- (c) Dynamic Drive DHTML code library (www.dynamicdrive.com) + * This notice MUST stay intact for legal use + * Visit Dynamic Drive at http://www.dynamicdrive.com/ for full source code + ***********************************************/ + </script> + <script type="text/javascript"> + ddsmoothmenu.init({ + mainmenuid: "smoothmenu1", //menu DIV id + orientation: 'v', //Horizontal or vertical menu: Set to "h" or "v" + classname: 'ddsmoothmenu', //class added to menu's outer DIV + //customtheme: ["#cccc44", "#cccccc"], + contentsource: "markup" //"markup" or ["container_id", "path_to_menu_file"] + }); + </script> + <script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + $('[CookieTamperingAffectedArea]').attr("title", "Cookies may store system state information"); + $('[CookieTamperingAffectedArea]').balloon(); + }); + </script> +</head> +<body onload="onLoadOfBody(this);"> +<table class="main-table-frame" border="1px" cellspacing="0px" cellpadding="0px"> + <tr> + <td bgcolor="#ccccff" align="center" colspan="7"> + <table width="100%"> + <tr> + <td style="text-align:center;"> + <span style="text-align:center; font-weight: bold; font-size:30px; text-align: center;"> + <img style="vertical-align: middle; margin-right: 10px;" border="0px" width="50px" height="40px" align="top" src="./images/coykillericon.png"/> + NOWASP (Mutillidae): Hack Like You Mean It + </span> + </td> + </tr> + </table> + </td> + </tr> + <tr> + <td bgcolor="#ccccff" align="center" colspan="7"> + <span class="version-header">Version: 2.3.10</span> + <span id="idSecurityLevelHeading" class="version-header" style="margin-left: 40px;">Security Level: 0 (Hosed)</span> + <span id="idHintsStatusHeading" CookieTamperingAffectedArea="1" class="version-header" style="margin-left: 40px;">Hints: Disabled (0 - I try harder)</span> + <span id="idSystemInformationHeading" ReflectedXSSExecutionPoint="1" class="version-header" style="margin-left: 40px;">Not Logged In</span> + </td> + </tr> + <tr> + <td colspan="2" class="header-menu-table"> + <table class="header-menu-table"> + <tr> + <td><a href="index.php?page=home.php">Home</a></td> + <td>|</td> + <td> + <a href="./index.php?page=login.php">Login/Register</a> + </td> + <td>|</td> + <td><a href="./index.php?do=toggle-hints&page=pen-test-tool-lookup.php">Toggle Hints</a></td><td>|</td> <td><a href="./index.php?do=toggle-security&page=pen-test-tool-lookup.php">Toggle Security</a></td> + <td>|</td> + <td><a href="set-up-database.php">Reset DB</a></td> + <td>|</td> + <td><a href="./index.php?page=show-log.php">View Log</a></td> + <td>|</td> + <td><a href="./index.php?page=captured-data.php">View Captured Data</a></td> + <td>|</td> + <td><a href="./index.php?do=toggle-bubble-hints&page=pen-test-tool-lookup.php">Hide Popup Hints</a></td> + </tr> + </table> + </td> + </tr> + <tr> + <td style="vertical-align:top;text-align:left;background-color:#ccccff;width:10%"> + <div id="smoothmenu1" class="ddsmoothmenu"> + <ul> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">Core Controls</a> + <ul> + <li><a href="index.php?page=home.php">Home</a></li> + <li> + <a href="./index.php?page=login.php">Login/Register</a> </li> + <li><a href="./index.php?do=toggle-hints&page=pen-test-tool-lookup.php">Toggle Hints</a></li> <li><a href="./index.php?do=toggle-security&page=pen-test-tool-lookup.php">Toggle Security</a></li> + <li><a href="set-up-database.php">Setup/Reset the DB</a></li> + <li><a href="./index.php?page=show-log.php">Show Log</a></li> + <li><a href="./index.php?page=credits.php">Credits</a></li> + <li><a href="./index.php?do=toggle-bubble-hints&page=pen-test-tool-lookup.php">Hide Popup Hints</a></li> + </ul> + </li> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">OWASP Top 10</a> + <ul> + <li> + <a href="">A1 - SQL Injection</a> + <ul> + <li> + <a href="">SQLi - Extract Data</a> + <ul> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">SQLi - Bypass Authentication</a> + <ul> + <li><a href="./index.php?page=login.php">Login</a></li> + </ul> + </li> + <li> + <a href="">SQLi - Insert Injection</a> + <ul> + <li><a href="./index.php?page=register.php">Register</a></li> + </ul> + </li> + <li> + <a href="">Blind SQL via Timing</a> + <ul> + <li><a href="./index.php?page=login.php">Login</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">SQLMAP Practice Target</a> + <ul> + <li><a href="./index.php?page=view-someones-blog.php">View Someones Blog</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">Via JavaScript Object Notation (JSON)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href="">A1 - Other Injection</a> + <ul> + <li> + <a href="">HTML Injection (HTMLi)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + </ul> + </li> + <li> + <a href="">HTMLi via HTTP Headers</a> + <ul> + <li><a href="./index.php?page=site-footer-xss-discussion.php">Site Footer</a><li> + <li><a href="">HTTP Response Splitting (Hint: Difficult)</a></li> + </ul> + </li> + <li> + <a href="">HTMLi Via DOM Injection</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">HTMLi Via Cookie Injection</a> + <ul> + <li><a href="index.php?page=capture-data.php">Capture Data Page</a></li> + </ul> + </li> + <li> + <a href="">Frame Source Injection</a> + <ul> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Injection</a> + <ul> + <li><a href="./index.php">Those "Back" Buttons</a></li> + <li> + <a href="./index.php?page=password-generator.php&username=anonymous"> + Password Generator + </a> + </li> + <li><a href="./index.php?page=browser-info.php">Browser Info</a></li> + </ul> + </li> + <li> + <a href="">HTTP Parameter Pollution</a> + <ul> + <li><a href="./index.php?page=user-poll.php">Poll Question</a></li> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">Cascading Style Injection</a> + <ul> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Object Notation (JSON) Injection</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + <li> + <a href="">Buffer Overflow</a> + <ul> + <li><a href="./index.php?page=repeater.php">Repeater</a></li> + </ul> + </li> + <li> + <a href="">Parameter Addition</a> + <ul> + <li><a href="./index.php?page=repeater.php">Repeater</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href="">A2 - Cross Site Scripting (XSS)</a> + <ul> + <li> + <a href="">Reflected (First Order)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + <li><a href="./index.php?page=html5-storage.php">HTML5 Storage</a></li> + <li><a href="./index.php?page=capture-data.php">Capture Data Page</a></li> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">Persistent (Second Order)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="?page=view-someones-blog.php">View someone's blog</a></li> + <li><a href="?page=show-log.php">Show Log</a><li> + </ul> + </li> + <li> + <a href="">DOM Injection</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Via "Input" (GET/POST)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="?page=view-someones-blog.php">View someone's blog</a></li> + <li><a href="?page=show-log.php">Show Log</a><li> + <li><a href="?page=user-info.php">User Info</a></li> + <li><a href="./index.php">Missing HTTPOnly Attribute</a></li> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + </ul> + </li> + <li> + <a href="">Via HTTP Headers</a> + <ul> + <li><a href="./index.php?page=browser-info.php">Browser Info</a></li> + <li><a href="./index.php?page=show-log.php">Show Log</a><li> + <li><a href="./index.php?page=site-footer-xss-discussion.php">Site Footer</a><li> + <li><a href="./index.php?page=html5-storage.php">Those "BACK" Buttons</a></li> + </ul> + </li> + <li> + <a href="">Via Misconfiguration</a> + <ul> + <li><a href="./index.php">Missing HTTPOnly Attribute</a></li> + </ul> + </li> + <li> + <a href="">Against HTML 5 Storage</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Against JSON</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + </ul> + </li> + <li> + <a href="">Via Cookie Injection</a> + <ul> + <li><a href="index.php?page=capture-data.php">Capture Data Page</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href=""> + A3 - Broken Authentication and Session Management + </a> + <ul> + <li><a href="index.php">Cookies</a></li> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=view-user-privilege-level.php&iv=6bc24fc1ab650b25b4114e93a98f1eba">View User Privileges</a></li> + </ul> + </li> + <li> + <a href="">A4 - Insecure Direct Object References</a> + <ul> + <li><a href="index.php?page=source-viewer.php">Source Viewer</a></li> + <li><a href="index.php?page=credits.php">Credits</a></li> + <li><a href="index.php">Cookies</a></li> + <li><a href="index.php?page=arbitrary-file-inclusion.php">Arbitrary File Inclusion</a></li> + </ul> + </li> + <li> + <a href="">A5 - Cross Site Request Forgery (CSRF)</a> + <ul> + <li><a href="index.php?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="./index.php?page=register.php">Register User</a></li> + </ul> + </li> + <li> + <a href="">A6 - Security Misconfiguration</a> + <ul> + <li><a href="index.php?page=directory-browsing.php">Directory Browsing</a></li> + <li><a href="./index.php?page=user-info.php">Method Tampering (GET for POST)</a></li> + </ul> + </li> + <li> + <a href="">A7 - Insecure Cryptographic Storage</a> + <ul> + <li><a href="index.php?page=user-info.php">User Info</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">A8 - Failure to Restrict URL Access</a> + <ul> + <li><a href="index.php?page=source-viewer.php">Source Viewer</a></li> + <li><a href="index.php?page=secret-administrative-pages.php">"Secret" Administrative Pages</a></li> + <li><a href="index.php?page=robots-txt.php">Robots.txt</a></li> + </ul> + </li> + <li> + <a href="">A9 - Insufficient Transport Layer Protection</a> + <ul> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">A10 - Unvalidated Redirects and Forwards</a> + <ul> + <li><a href="?page=credits.php">Credits</a></li> + <a href="#">Setup/reset the DB (Disabled: Not Admin)</a></li> + + </ul> + </li> + </ul> + </li> + <li style="border-color: #ffffff; border-style: solid;border-width: 1px"> + <a href="#">HTML 5</a> + <ul> + <li> + <a href="">HTML 5 Web Storage</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Object Notation (JSON)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + <li> + <a href="">Asyncronous JavaScript and XML (AJAX)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + </ul> + </li> + <li style="border-color: #ffffff; border-style: solid;border-width: 1px"> + <a href="#">Others</a> + <ul> + <li> + <a href="">OWASP 2007 A3 - Malicious File Execution</a> + <ul> + <li><a href="?page=source-viewer.php">Source Viewer</a></li> + </ul> + </li> + <li> + <a href="">OWASP 2007 A6 - Information Leakage and Improper Error Handling</a> + <ul> + <li><a href="index.php">Cache Control</a></li> + <li><a href="index.php">X-Powered-By HTTP Header</a></li> + <li><a href="index.php">HTML/JavaScript Comments</a></li> + <li><a href="index.php?page=framing.php">Click-Jacking</a></li> + <li><a href="framer.html">Cross-Site Framing (Third-Party Framing)</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Denial of Service</a> + <ul> + <li><a href="?page=show-log.php">Show Web Log</a><li> + </ul> + </li> + <li> + <a href="">JavaScript "Security"</a> + <ul> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=user-info.php">User Info</a></li> + <li><a href="index.php?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="index.php?page=user-agent-impersonation.php">User-Agent Impersonation</a> + </li> + <li> + <a href="">Data Capture Pages</a> + <ul> + <li><a href="index.php?page=capture-data.php">Data Capture</a></li> + <li><a href="index.php?page=captured-data.php">View Captured Data</a></li> + </ul> + </li> + + </ul> + </li> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">Documentation</a> + <ul> + <li><a href="index.php?page=documentation/vulnerabilities.php">Listing of Vulnerabilities</a></li> + </ul> + </li> + </ul> + <br style="clear: left" /> + </div> + + <div class="label" style="text-align: center;">Developed by Adrian "Irongeek" Crenshaw and Jeremy Druin</div> + </td> + +<td valign="top"> + <blockquote> + <!-- Begin Content --> + + +<script type="text/javascript"> + $(function() { + $('[JSONInjectionPoint]').attr("title", "User input is incorporated into the JSON returned from the server"); + $('[JSONInjectionPoint]').balloon(); + }); +</script> + +<div class="page-title">Pen Test Tool Lookup</div> + + + +<script type="text/javascript"> + $(function() { + $('[HTMLEventReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[HTMLEventReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div style="margin: 5px;"> + <span style="font-weight: bold;" HTMLEventReflectedXSSExecutionPoint="1"> + <a onclick="document.location.href='';" + style="cursor:pointer;"> + <img src="./images/back-button-128px-by-128px.png" + alt="Back" + width="64px" + height="64px" + align="middle" + /> + + Back + </a> + </span> +</div> +<!-- BEGIN HTML OUTPUT --> +<script type="text/javascript"> + + var gUseJavaScriptValidation = "FALSE"; +var gDisplayError = "FALSE"; +try{ + var gPenTestToolsJSON = ( {"query": {"toolIDRequested": "3", "penTestTools": [{"tool_id":"3","tool_name":"Skipfish","phase_to_use":"Discovery","tool_type":"Scanner","comment":"Agressive. Fast. Uses wordlists to brute force directories."}]}} ); + }catch(e){ + alert("Error trying to evaluate JSON: " + e.message); + }; + + + var addRow = function(pRowOfData){ + try{ + var lDocRoot = window.document; + var lTBody = lDocRoot.getElementById("idDisplayTableBody"); + var lTR = lDocRoot.createElement("tr"); + + //tool_id, tool_name, phase_to_use, tool_type, comment + + var lToolIDTD = lDocRoot.createElement("td"); + var lToolNameTD = lDocRoot.createElement("td"); + var lPhaseTD = lDocRoot.createElement("td"); + var lToolTypeTD = lDocRoot.createElement("td"); + var lCommentTD = lDocRoot.createElement("td"); + + //lKeyTD.addAttribute("class", "label"); + lToolIDTD.setAttribute("class","sub-body"); + lToolNameTD.setAttribute("class","sub-body"); + lToolNameTD.setAttribute("style","color:#770000"); + lPhaseTD.setAttribute("class","sub-body"); + lToolTypeTD.setAttribute("class","sub-body"); + lCommentTD.setAttribute("class","sub-body"); + lCommentTD.setAttribute("style","font-weight: normal"); + + lToolIDTD.appendChild(lDocRoot.createTextNode(pRowOfData.tool_id)); + lToolNameTD.appendChild(lDocRoot.createTextNode(pRowOfData.tool_name)); + lPhaseTD.appendChild(lDocRoot.createTextNode(pRowOfData.phase_to_use)); + lToolTypeTD.appendChild(lDocRoot.createTextNode(pRowOfData.tool_type)); + lCommentTD.appendChild(lDocRoot.createTextNode(pRowOfData.comment)); + + lTR.appendChild(lToolIDTD); + lTR.appendChild(lToolNameTD); + lTR.appendChild(lPhaseTD); + lTR.appendChild(lToolTypeTD); + lTR.appendChild(lCommentTD); + + lTBody.appendChild(lTR); + }catch(/*Exception*/ e){ + alert("Error trying to add row in function addRow(): " + e.name + "-" + e.message); + }// end try + };//end JavaScript function addRow + + var initializePage = function(){ + try{ + document.getElementById("idToolSelect").focus(); + }catch(/*Exception*/ e){ + alert("Error trying to initialize page: " + e.message); + }// end try + };// end function + + var displayError = function(){ + try{ + if(gDisplayError == "TRUE"){ + document.getElementById("id-invalid-input-tr").style.display=""; + }// end if + }catch(/*Exception*/ e){ + alert("Error trying to display error: " + e.message); + }// end try + };// end function + + var displayPenTestTools = function(){ + try{ + var laTools = gPenTestToolsJSON.query.penTestTools; + if(laTools && laTools.length > 0){ + document.getElementById("idDisplayTable").style.display=""; + for (var i=0; i<laTools.length; i++){ + addRow(laTools[i]); + }//end for i + }// end if + }catch(/*Exception*/ e){ + alert("Error trying to parse JSON: " + e.message); + }// end try + };// end function +</script> +<span> + <a style="text-decoration: none; cursor: pointer;" href="http://localhost/mutillidae/index.php?page=pen-test-tool-lookup-ajax.php"> + <img style="vertical-align: middle;" src="./images/ajax_logo-285x300.jpg" height="75px" width="78px" /> + <span style="font-weight:bold;">Switch to AJAX Version of page</span> + </a> +</span> +<fieldset style="width: 500px;"> + <legend>Pen Test Tools</legend> + <form action="index.php?page=pen-test-tool-lookup.php" + method="post" + enctype="application/x-www-form-urlencoded" + onsubmit="" + id="idForm"> + <table> + <tr id="id-invalid-input-tr" style="display: none;"> + <td class="error-message" colspan="2"> + Error: Invalid Input - Please choose a tool to lookup. + </td> + </tr> + <tr><td> </td></tr> + <tr> + <td class="form-header" colspan="2">Select Pen Test Tool</td> + </tr> + <tr><td> </td></tr> + <tr> + <td class="label" style="text-align: right;">Pen Test Tool</td> + <td> + <select id="idToolSelect" JSONInjectionPoint="1" name="ToolID"> + <option value="0923ac83-8b50-4eda-ad81-f1aac6168c5c" selected="selected">Please Choose Tool</option> + <option value="c84326e4-7487-41d3-91fd-88280828c756">Show All</option> + <option value="1">WebSecurify</option> +<option value="2">Grendel-Scan</option> +<option value="3">Skipfish</option> +<option value="4">w3af</option> +<option value="5">Burp-Suite</option> +<option value="6">Netsparker Community Edition</option> +<option value="7">NeXpose</option> +<option value="8">Hailstorm</option> +<option value="9">Tamper Data</option> +<option value="10">DirBuster</option> +<option value="11">SQL Inject Me</option> +<option value="12">XSS Me</option> +<option value="13">GreaseMonkey</option> +<option value="14">NSLookup</option> +<option value="15">Whois</option> +<option value="16">Dig</option> +<option value="17">Fierce Domain Scanner</option> +<option value="18">host</option> +<option value="19">zaproxy</option> +<option value="20">Google intitle</option> + </select> + </td> + </tr> + <tr><td> </td></tr> + <tr> + <td colspan="2" style="text-align: center;"> + <input name="pen-test-tool-lookup-php-submit-button" type="submit" value="Lookup Tool" class="button" /> + </td> + </tr> + </table> + </form> +</fieldset> + +<table id="idDisplayTable" style="display:none;"> + <tr><td> </td></tr> + <tr> + <td class="sub-header" colspan="5">Pen Testing Tools</td> + <td> </td> + </tr> + <tr> + <td class="sub-header">Tool ID</td> + <td class="sub-header">Tool Name</td> + <td class="sub-header">Tool Type</td> + <td class="sub-header">Phase Used</td> + <td class="sub-header">Comments</td> + </tr> + <tbody id="idDisplayTableBody" style="font-weight:bold;"></tbody> + <tr><td> </td></tr> +</table> + +<script type="text/javascript"> +<!-- + initializePage(); + displayError(); + displayPenTestTools(); +//--> +</script> + + <!-- End Content --> + </blockquote> + </td> + </tr> + </table> + + +<!-- Bubble hints code --> + +<script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div ReflectedXSSExecutionPoint=\"1\" class="footer">Browser: Wget/1.20.3 (msys)</div><div class="footer">PHP Version: 5.3.28</div></body> +</html><script type="text/javascript"> + try{ + window.localStorage.setItem("LocalStorageTarget","This is set by the index.php page"); + window.sessionStorage.setItem("SessionStorageTarget","This is set by the index.php page"); + }catch(e){ + alert(e); + }; + </script><script type="text/javascript" src="./javascript/jQuery/jquery-1.7.2.js"></script><script type="text/javascript" src="./javascript/jQuery/jquery.balloon.js"></script>
\ No newline at end of file diff --git a/hw7/index.php@page=pen-test-tool-lookup.php.10 b/hw7/index.php@page=pen-test-tool-lookup.php.10 new file mode 100644 index 0000000..8ec9eaf --- /dev/null +++ b/hw7/index.php@page=pen-test-tool-lookup.php.10 @@ -0,0 +1,700 @@ + + <!-- I think the database password is set to blank or perhaps samurai. + It depends on whether you installed this web app from irongeeks site or + are using it inside Kevin Johnsons Samurai web testing framework. + It is ok to put the password in HTML comments because no user will ever see + this comment. I remember that security instructor saying we should use the + framework comment symbols (ASP.NET, JAVA, PHP, Etc.) + rather than HTML comments, but we all know those + security instructors are just making all this up. --> +<!-- Bubble hints code --> + +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/1999/REC-html401-19991224/loose.dtd"> +<html> +<head> + <meta content="text/html; charset=us-ascii" http-equiv="content-type"> + + <link rel="shortcut icon" href="favicon.ico" type="image/x-icon" /> + <link rel="stylesheet" type="text/css" href="./styles/global-styles.css" /> + <link rel="stylesheet" type="text/css" href="./styles/ddsmoothmenu/ddsmoothmenu.css" /> + <link rel="stylesheet" type="text/css" href="./styles/ddsmoothmenu/ddsmoothmenu-v.css" /> + + <script type="text/javascript" src="./javascript/bookmark-site.js"></script> + <script type="text/javascript" src="./javascript/ddsmoothmenu/ddsmoothmenu.js"></script> + <script type="text/javascript" src="./javascript/ddsmoothmenu/jquery.min.js"> + /*********************************************** + * Smooth Navigational Menu- (c) Dynamic Drive DHTML code library (www.dynamicdrive.com) + * This notice MUST stay intact for legal use + * Visit Dynamic Drive at http://www.dynamicdrive.com/ for full source code + ***********************************************/ + </script> + <script type="text/javascript"> + ddsmoothmenu.init({ + mainmenuid: "smoothmenu1", //menu DIV id + orientation: 'v', //Horizontal or vertical menu: Set to "h" or "v" + classname: 'ddsmoothmenu', //class added to menu's outer DIV + //customtheme: ["#cccc44", "#cccccc"], + contentsource: "markup" //"markup" or ["container_id", "path_to_menu_file"] + }); + </script> + <script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + $('[CookieTamperingAffectedArea]').attr("title", "Cookies may store system state information"); + $('[CookieTamperingAffectedArea]').balloon(); + }); + </script> +</head> +<body onload="onLoadOfBody(this);"> +<table class="main-table-frame" border="1px" cellspacing="0px" cellpadding="0px"> + <tr> + <td bgcolor="#ccccff" align="center" colspan="7"> + <table width="100%"> + <tr> + <td style="text-align:center;"> + <span style="text-align:center; font-weight: bold; font-size:30px; text-align: center;"> + <img style="vertical-align: middle; margin-right: 10px;" border="0px" width="50px" height="40px" align="top" src="./images/coykillericon.png"/> + NOWASP (Mutillidae): Hack Like You Mean It + </span> + </td> + </tr> + </table> + </td> + </tr> + <tr> + <td bgcolor="#ccccff" align="center" colspan="7"> + <span class="version-header">Version: 2.3.10</span> + <span id="idSecurityLevelHeading" class="version-header" style="margin-left: 40px;">Security Level: 0 (Hosed)</span> + <span id="idHintsStatusHeading" CookieTamperingAffectedArea="1" class="version-header" style="margin-left: 40px;">Hints: Disabled (0 - I try harder)</span> + <span id="idSystemInformationHeading" ReflectedXSSExecutionPoint="1" class="version-header" style="margin-left: 40px;">Not Logged In</span> + </td> + </tr> + <tr> + <td colspan="2" class="header-menu-table"> + <table class="header-menu-table"> + <tr> + <td><a href="index.php?page=home.php">Home</a></td> + <td>|</td> + <td> + <a href="./index.php?page=login.php">Login/Register</a> + </td> + <td>|</td> + <td><a href="./index.php?do=toggle-hints&page=pen-test-tool-lookup.php">Toggle Hints</a></td><td>|</td> <td><a href="./index.php?do=toggle-security&page=pen-test-tool-lookup.php">Toggle Security</a></td> + <td>|</td> + <td><a href="set-up-database.php">Reset DB</a></td> + <td>|</td> + <td><a href="./index.php?page=show-log.php">View Log</a></td> + <td>|</td> + <td><a href="./index.php?page=captured-data.php">View Captured Data</a></td> + <td>|</td> + <td><a href="./index.php?do=toggle-bubble-hints&page=pen-test-tool-lookup.php">Hide Popup Hints</a></td> + </tr> + </table> + </td> + </tr> + <tr> + <td style="vertical-align:top;text-align:left;background-color:#ccccff;width:10%"> + <div id="smoothmenu1" class="ddsmoothmenu"> + <ul> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">Core Controls</a> + <ul> + <li><a href="index.php?page=home.php">Home</a></li> + <li> + <a href="./index.php?page=login.php">Login/Register</a> </li> + <li><a href="./index.php?do=toggle-hints&page=pen-test-tool-lookup.php">Toggle Hints</a></li> <li><a href="./index.php?do=toggle-security&page=pen-test-tool-lookup.php">Toggle Security</a></li> + <li><a href="set-up-database.php">Setup/Reset the DB</a></li> + <li><a href="./index.php?page=show-log.php">Show Log</a></li> + <li><a href="./index.php?page=credits.php">Credits</a></li> + <li><a href="./index.php?do=toggle-bubble-hints&page=pen-test-tool-lookup.php">Hide Popup Hints</a></li> + </ul> + </li> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">OWASP Top 10</a> + <ul> + <li> + <a href="">A1 - SQL Injection</a> + <ul> + <li> + <a href="">SQLi - Extract Data</a> + <ul> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">SQLi - Bypass Authentication</a> + <ul> + <li><a href="./index.php?page=login.php">Login</a></li> + </ul> + </li> + <li> + <a href="">SQLi - Insert Injection</a> + <ul> + <li><a href="./index.php?page=register.php">Register</a></li> + </ul> + </li> + <li> + <a href="">Blind SQL via Timing</a> + <ul> + <li><a href="./index.php?page=login.php">Login</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">SQLMAP Practice Target</a> + <ul> + <li><a href="./index.php?page=view-someones-blog.php">View Someones Blog</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">Via JavaScript Object Notation (JSON)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href="">A1 - Other Injection</a> + <ul> + <li> + <a href="">HTML Injection (HTMLi)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + </ul> + </li> + <li> + <a href="">HTMLi via HTTP Headers</a> + <ul> + <li><a href="./index.php?page=site-footer-xss-discussion.php">Site Footer</a><li> + <li><a href="">HTTP Response Splitting (Hint: Difficult)</a></li> + </ul> + </li> + <li> + <a href="">HTMLi Via DOM Injection</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">HTMLi Via Cookie Injection</a> + <ul> + <li><a href="index.php?page=capture-data.php">Capture Data Page</a></li> + </ul> + </li> + <li> + <a href="">Frame Source Injection</a> + <ul> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Injection</a> + <ul> + <li><a href="./index.php">Those "Back" Buttons</a></li> + <li> + <a href="./index.php?page=password-generator.php&username=anonymous"> + Password Generator + </a> + </li> + <li><a href="./index.php?page=browser-info.php">Browser Info</a></li> + </ul> + </li> + <li> + <a href="">HTTP Parameter Pollution</a> + <ul> + <li><a href="./index.php?page=user-poll.php">Poll Question</a></li> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">Cascading Style Injection</a> + <ul> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Object Notation (JSON) Injection</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + <li> + <a href="">Buffer Overflow</a> + <ul> + <li><a href="./index.php?page=repeater.php">Repeater</a></li> + </ul> + </li> + <li> + <a href="">Parameter Addition</a> + <ul> + <li><a href="./index.php?page=repeater.php">Repeater</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href="">A2 - Cross Site Scripting (XSS)</a> + <ul> + <li> + <a href="">Reflected (First Order)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + <li><a href="./index.php?page=html5-storage.php">HTML5 Storage</a></li> + <li><a href="./index.php?page=capture-data.php">Capture Data Page</a></li> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">Persistent (Second Order)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="?page=view-someones-blog.php">View someone's blog</a></li> + <li><a href="?page=show-log.php">Show Log</a><li> + </ul> + </li> + <li> + <a href="">DOM Injection</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Via "Input" (GET/POST)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="?page=view-someones-blog.php">View someone's blog</a></li> + <li><a href="?page=show-log.php">Show Log</a><li> + <li><a href="?page=user-info.php">User Info</a></li> + <li><a href="./index.php">Missing HTTPOnly Attribute</a></li> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + </ul> + </li> + <li> + <a href="">Via HTTP Headers</a> + <ul> + <li><a href="./index.php?page=browser-info.php">Browser Info</a></li> + <li><a href="./index.php?page=show-log.php">Show Log</a><li> + <li><a href="./index.php?page=site-footer-xss-discussion.php">Site Footer</a><li> + <li><a href="./index.php?page=html5-storage.php">Those "BACK" Buttons</a></li> + </ul> + </li> + <li> + <a href="">Via Misconfiguration</a> + <ul> + <li><a href="./index.php">Missing HTTPOnly Attribute</a></li> + </ul> + </li> + <li> + <a href="">Against HTML 5 Storage</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Against JSON</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + </ul> + </li> + <li> + <a href="">Via Cookie Injection</a> + <ul> + <li><a href="index.php?page=capture-data.php">Capture Data Page</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href=""> + A3 - Broken Authentication and Session Management + </a> + <ul> + <li><a href="index.php">Cookies</a></li> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=view-user-privilege-level.php&iv=6bc24fc1ab650b25b4114e93a98f1eba">View User Privileges</a></li> + </ul> + </li> + <li> + <a href="">A4 - Insecure Direct Object References</a> + <ul> + <li><a href="index.php?page=source-viewer.php">Source Viewer</a></li> + <li><a href="index.php?page=credits.php">Credits</a></li> + <li><a href="index.php">Cookies</a></li> + <li><a href="index.php?page=arbitrary-file-inclusion.php">Arbitrary File Inclusion</a></li> + </ul> + </li> + <li> + <a href="">A5 - Cross Site Request Forgery (CSRF)</a> + <ul> + <li><a href="index.php?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="./index.php?page=register.php">Register User</a></li> + </ul> + </li> + <li> + <a href="">A6 - Security Misconfiguration</a> + <ul> + <li><a href="index.php?page=directory-browsing.php">Directory Browsing</a></li> + <li><a href="./index.php?page=user-info.php">Method Tampering (GET for POST)</a></li> + </ul> + </li> + <li> + <a href="">A7 - Insecure Cryptographic Storage</a> + <ul> + <li><a href="index.php?page=user-info.php">User Info</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">A8 - Failure to Restrict URL Access</a> + <ul> + <li><a href="index.php?page=source-viewer.php">Source Viewer</a></li> + <li><a href="index.php?page=secret-administrative-pages.php">"Secret" Administrative Pages</a></li> + <li><a href="index.php?page=robots-txt.php">Robots.txt</a></li> + </ul> + </li> + <li> + <a href="">A9 - Insufficient Transport Layer Protection</a> + <ul> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">A10 - Unvalidated Redirects and Forwards</a> + <ul> + <li><a href="?page=credits.php">Credits</a></li> + <a href="#">Setup/reset the DB (Disabled: Not Admin)</a></li> + + </ul> + </li> + </ul> + </li> + <li style="border-color: #ffffff; border-style: solid;border-width: 1px"> + <a href="#">HTML 5</a> + <ul> + <li> + <a href="">HTML 5 Web Storage</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Object Notation (JSON)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + <li> + <a href="">Asyncronous JavaScript and XML (AJAX)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + </ul> + </li> + <li style="border-color: #ffffff; border-style: solid;border-width: 1px"> + <a href="#">Others</a> + <ul> + <li> + <a href="">OWASP 2007 A3 - Malicious File Execution</a> + <ul> + <li><a href="?page=source-viewer.php">Source Viewer</a></li> + </ul> + </li> + <li> + <a href="">OWASP 2007 A6 - Information Leakage and Improper Error Handling</a> + <ul> + <li><a href="index.php">Cache Control</a></li> + <li><a href="index.php">X-Powered-By HTTP Header</a></li> + <li><a href="index.php">HTML/JavaScript Comments</a></li> + <li><a href="index.php?page=framing.php">Click-Jacking</a></li> + <li><a href="framer.html">Cross-Site Framing (Third-Party Framing)</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Denial of Service</a> + <ul> + <li><a href="?page=show-log.php">Show Web Log</a><li> + </ul> + </li> + <li> + <a href="">JavaScript "Security"</a> + <ul> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=user-info.php">User Info</a></li> + <li><a href="index.php?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="index.php?page=user-agent-impersonation.php">User-Agent Impersonation</a> + </li> + <li> + <a href="">Data Capture Pages</a> + <ul> + <li><a href="index.php?page=capture-data.php">Data Capture</a></li> + <li><a href="index.php?page=captured-data.php">View Captured Data</a></li> + </ul> + </li> + + </ul> + </li> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">Documentation</a> + <ul> + <li><a href="index.php?page=documentation/vulnerabilities.php">Listing of Vulnerabilities</a></li> + </ul> + </li> + </ul> + <br style="clear: left" /> + </div> + + <div class="label" style="text-align: center;">Developed by Adrian "Irongeek" Crenshaw and Jeremy Druin</div> + </td> + +<td valign="top"> + <blockquote> + <!-- Begin Content --> + + +<script type="text/javascript"> + $(function() { + $('[JSONInjectionPoint]').attr("title", "User input is incorporated into the JSON returned from the server"); + $('[JSONInjectionPoint]').balloon(); + }); +</script> + +<div class="page-title">Pen Test Tool Lookup</div> + + + +<script type="text/javascript"> + $(function() { + $('[HTMLEventReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[HTMLEventReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div style="margin: 5px;"> + <span style="font-weight: bold;" HTMLEventReflectedXSSExecutionPoint="1"> + <a onclick="document.location.href='';" + style="cursor:pointer;"> + <img src="./images/back-button-128px-by-128px.png" + alt="Back" + width="64px" + height="64px" + align="middle" + /> + + Back + </a> + </span> +</div> +<!-- BEGIN HTML OUTPUT --> +<script type="text/javascript"> + + var gUseJavaScriptValidation = "FALSE"; +var gDisplayError = "FALSE"; +try{ + var gPenTestToolsJSON = ( {"query": {"toolIDRequested": "3"}});alert(document);//", "penTestTools": [{"tool_id":"3","tool_name":"Skipfish","phase_to_use":"Discovery","tool_type":"Scanner","comment":"Agressive. Fast. Uses wordlists to brute force directories."}]}} ); + }catch(e){ + alert("Error trying to evaluate JSON: " + e.message); + }; + + + var addRow = function(pRowOfData){ + try{ + var lDocRoot = window.document; + var lTBody = lDocRoot.getElementById("idDisplayTableBody"); + var lTR = lDocRoot.createElement("tr"); + + //tool_id, tool_name, phase_to_use, tool_type, comment + + var lToolIDTD = lDocRoot.createElement("td"); + var lToolNameTD = lDocRoot.createElement("td"); + var lPhaseTD = lDocRoot.createElement("td"); + var lToolTypeTD = lDocRoot.createElement("td"); + var lCommentTD = lDocRoot.createElement("td"); + + //lKeyTD.addAttribute("class", "label"); + lToolIDTD.setAttribute("class","sub-body"); + lToolNameTD.setAttribute("class","sub-body"); + lToolNameTD.setAttribute("style","color:#770000"); + lPhaseTD.setAttribute("class","sub-body"); + lToolTypeTD.setAttribute("class","sub-body"); + lCommentTD.setAttribute("class","sub-body"); + lCommentTD.setAttribute("style","font-weight: normal"); + + lToolIDTD.appendChild(lDocRoot.createTextNode(pRowOfData.tool_id)); + lToolNameTD.appendChild(lDocRoot.createTextNode(pRowOfData.tool_name)); + lPhaseTD.appendChild(lDocRoot.createTextNode(pRowOfData.phase_to_use)); + lToolTypeTD.appendChild(lDocRoot.createTextNode(pRowOfData.tool_type)); + lCommentTD.appendChild(lDocRoot.createTextNode(pRowOfData.comment)); + + lTR.appendChild(lToolIDTD); + lTR.appendChild(lToolNameTD); + lTR.appendChild(lPhaseTD); + lTR.appendChild(lToolTypeTD); + lTR.appendChild(lCommentTD); + + lTBody.appendChild(lTR); + }catch(/*Exception*/ e){ + alert("Error trying to add row in function addRow(): " + e.name + "-" + e.message); + }// end try + };//end JavaScript function addRow + + var initializePage = function(){ + try{ + document.getElementById("idToolSelect").focus(); + }catch(/*Exception*/ e){ + alert("Error trying to initialize page: " + e.message); + }// end try + };// end function + + var displayError = function(){ + try{ + if(gDisplayError == "TRUE"){ + document.getElementById("id-invalid-input-tr").style.display=""; + }// end if + }catch(/*Exception*/ e){ + alert("Error trying to display error: " + e.message); + }// end try + };// end function + + var displayPenTestTools = function(){ + try{ + var laTools = gPenTestToolsJSON.query.penTestTools; + if(laTools && laTools.length > 0){ + document.getElementById("idDisplayTable").style.display=""; + for (var i=0; i<laTools.length; i++){ + addRow(laTools[i]); + }//end for i + }// end if + }catch(/*Exception*/ e){ + alert("Error trying to parse JSON: " + e.message); + }// end try + };// end function +</script> +<span> + <a style="text-decoration: none; cursor: pointer;" href="http://localhost/mutillidae/index.php?page=pen-test-tool-lookup-ajax.php"> + <img style="vertical-align: middle;" src="./images/ajax_logo-285x300.jpg" height="75px" width="78px" /> + <span style="font-weight:bold;">Switch to AJAX Version of page</span> + </a> +</span> +<fieldset style="width: 500px;"> + <legend>Pen Test Tools</legend> + <form action="index.php?page=pen-test-tool-lookup.php" + method="post" + enctype="application/x-www-form-urlencoded" + onsubmit="" + id="idForm"> + <table> + <tr id="id-invalid-input-tr" style="display: none;"> + <td class="error-message" colspan="2"> + Error: Invalid Input - Please choose a tool to lookup. + </td> + </tr> + <tr><td> </td></tr> + <tr> + <td class="form-header" colspan="2">Select Pen Test Tool</td> + </tr> + <tr><td> </td></tr> + <tr> + <td class="label" style="text-align: right;">Pen Test Tool</td> + <td> + <select id="idToolSelect" JSONInjectionPoint="1" name="ToolID"> + <option value="0923ac83-8b50-4eda-ad81-f1aac6168c5c" selected="selected">Please Choose Tool</option> + <option value="c84326e4-7487-41d3-91fd-88280828c756">Show All</option> + <option value="1">WebSecurify</option> +<option value="2">Grendel-Scan</option> +<option value="3">Skipfish</option> +<option value="4">w3af</option> +<option value="5">Burp-Suite</option> +<option value="6">Netsparker Community Edition</option> +<option value="7">NeXpose</option> +<option value="8">Hailstorm</option> +<option value="9">Tamper Data</option> +<option value="10">DirBuster</option> +<option value="11">SQL Inject Me</option> +<option value="12">XSS Me</option> +<option value="13">GreaseMonkey</option> +<option value="14">NSLookup</option> +<option value="15">Whois</option> +<option value="16">Dig</option> +<option value="17">Fierce Domain Scanner</option> +<option value="18">host</option> +<option value="19">zaproxy</option> +<option value="20">Google intitle</option> + </select> + </td> + </tr> + <tr><td> </td></tr> + <tr> + <td colspan="2" style="text-align: center;"> + <input name="pen-test-tool-lookup-php-submit-button" type="submit" value="Lookup Tool" class="button" /> + </td> + </tr> + </table> + </form> +</fieldset> + +<table id="idDisplayTable" style="display:none;"> + <tr><td> </td></tr> + <tr> + <td class="sub-header" colspan="5">Pen Testing Tools</td> + <td> </td> + </tr> + <tr> + <td class="sub-header">Tool ID</td> + <td class="sub-header">Tool Name</td> + <td class="sub-header">Tool Type</td> + <td class="sub-header">Phase Used</td> + <td class="sub-header">Comments</td> + </tr> + <tbody id="idDisplayTableBody" style="font-weight:bold;"></tbody> + <tr><td> </td></tr> +</table> + +<script type="text/javascript"> +<!-- + initializePage(); + displayError(); + displayPenTestTools(); +//--> +</script> + + <!-- End Content --> + </blockquote> + </td> + </tr> + </table> + + +<!-- Bubble hints code --> + +<script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div ReflectedXSSExecutionPoint=\"1\" class="footer">Browser: Wget/1.20.3 (msys)</div><div class="footer">PHP Version: 5.3.28</div></body> +</html><script type="text/javascript"> + try{ + window.localStorage.setItem("LocalStorageTarget","This is set by the index.php page"); + window.sessionStorage.setItem("SessionStorageTarget","This is set by the index.php page"); + }catch(e){ + alert(e); + }; + </script><script type="text/javascript" src="./javascript/jQuery/jquery-1.7.2.js"></script><script type="text/javascript" src="./javascript/jQuery/jquery.balloon.js"></script>
\ No newline at end of file diff --git a/hw7/index.php@page=pen-test-tool-lookup.php.11 b/hw7/index.php@page=pen-test-tool-lookup.php.11 new file mode 100644 index 0000000..8f0e1fb --- /dev/null +++ b/hw7/index.php@page=pen-test-tool-lookup.php.11 @@ -0,0 +1,700 @@ + + <!-- I think the database password is set to blank or perhaps samurai. + It depends on whether you installed this web app from irongeeks site or + are using it inside Kevin Johnsons Samurai web testing framework. + It is ok to put the password in HTML comments because no user will ever see + this comment. I remember that security instructor saying we should use the + framework comment symbols (ASP.NET, JAVA, PHP, Etc.) + rather than HTML comments, but we all know those + security instructors are just making all this up. --> +<!-- Bubble hints code --> + +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/1999/REC-html401-19991224/loose.dtd"> +<html> +<head> + <meta content="text/html; charset=us-ascii" http-equiv="content-type"> + + <link rel="shortcut icon" href="favicon.ico" type="image/x-icon" /> + <link rel="stylesheet" type="text/css" href="./styles/global-styles.css" /> + <link rel="stylesheet" type="text/css" href="./styles/ddsmoothmenu/ddsmoothmenu.css" /> + <link rel="stylesheet" type="text/css" href="./styles/ddsmoothmenu/ddsmoothmenu-v.css" /> + + <script type="text/javascript" src="./javascript/bookmark-site.js"></script> + <script type="text/javascript" src="./javascript/ddsmoothmenu/ddsmoothmenu.js"></script> + <script type="text/javascript" src="./javascript/ddsmoothmenu/jquery.min.js"> + /*********************************************** + * Smooth Navigational Menu- (c) Dynamic Drive DHTML code library (www.dynamicdrive.com) + * This notice MUST stay intact for legal use + * Visit Dynamic Drive at http://www.dynamicdrive.com/ for full source code + ***********************************************/ + </script> + <script type="text/javascript"> + ddsmoothmenu.init({ + mainmenuid: "smoothmenu1", //menu DIV id + orientation: 'v', //Horizontal or vertical menu: Set to "h" or "v" + classname: 'ddsmoothmenu', //class added to menu's outer DIV + //customtheme: ["#cccc44", "#cccccc"], + contentsource: "markup" //"markup" or ["container_id", "path_to_menu_file"] + }); + </script> + <script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + $('[CookieTamperingAffectedArea]').attr("title", "Cookies may store system state information"); + $('[CookieTamperingAffectedArea]').balloon(); + }); + </script> +</head> +<body onload="onLoadOfBody(this);"> +<table class="main-table-frame" border="1px" cellspacing="0px" cellpadding="0px"> + <tr> + <td bgcolor="#ccccff" align="center" colspan="7"> + <table width="100%"> + <tr> + <td style="text-align:center;"> + <span style="text-align:center; font-weight: bold; font-size:30px; text-align: center;"> + <img style="vertical-align: middle; margin-right: 10px;" border="0px" width="50px" height="40px" align="top" src="./images/coykillericon.png"/> + NOWASP (Mutillidae): Hack Like You Mean It + </span> + </td> + </tr> + </table> + </td> + </tr> + <tr> + <td bgcolor="#ccccff" align="center" colspan="7"> + <span class="version-header">Version: 2.3.10</span> + <span id="idSecurityLevelHeading" class="version-header" style="margin-left: 40px;">Security Level: 0 (Hosed)</span> + <span id="idHintsStatusHeading" CookieTamperingAffectedArea="1" class="version-header" style="margin-left: 40px;">Hints: Disabled (0 - I try harder)</span> + <span id="idSystemInformationHeading" ReflectedXSSExecutionPoint="1" class="version-header" style="margin-left: 40px;">Not Logged In</span> + </td> + </tr> + <tr> + <td colspan="2" class="header-menu-table"> + <table class="header-menu-table"> + <tr> + <td><a href="index.php?page=home.php">Home</a></td> + <td>|</td> + <td> + <a href="./index.php?page=login.php">Login/Register</a> + </td> + <td>|</td> + <td><a href="./index.php?do=toggle-hints&page=pen-test-tool-lookup.php">Toggle Hints</a></td><td>|</td> <td><a href="./index.php?do=toggle-security&page=pen-test-tool-lookup.php">Toggle Security</a></td> + <td>|</td> + <td><a href="set-up-database.php">Reset DB</a></td> + <td>|</td> + <td><a href="./index.php?page=show-log.php">View Log</a></td> + <td>|</td> + <td><a href="./index.php?page=captured-data.php">View Captured Data</a></td> + <td>|</td> + <td><a href="./index.php?do=toggle-bubble-hints&page=pen-test-tool-lookup.php">Hide Popup Hints</a></td> + </tr> + </table> + </td> + </tr> + <tr> + <td style="vertical-align:top;text-align:left;background-color:#ccccff;width:10%"> + <div id="smoothmenu1" class="ddsmoothmenu"> + <ul> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">Core Controls</a> + <ul> + <li><a href="index.php?page=home.php">Home</a></li> + <li> + <a href="./index.php?page=login.php">Login/Register</a> </li> + <li><a href="./index.php?do=toggle-hints&page=pen-test-tool-lookup.php">Toggle Hints</a></li> <li><a href="./index.php?do=toggle-security&page=pen-test-tool-lookup.php">Toggle Security</a></li> + <li><a href="set-up-database.php">Setup/Reset the DB</a></li> + <li><a href="./index.php?page=show-log.php">Show Log</a></li> + <li><a href="./index.php?page=credits.php">Credits</a></li> + <li><a href="./index.php?do=toggle-bubble-hints&page=pen-test-tool-lookup.php">Hide Popup Hints</a></li> + </ul> + </li> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">OWASP Top 10</a> + <ul> + <li> + <a href="">A1 - SQL Injection</a> + <ul> + <li> + <a href="">SQLi - Extract Data</a> + <ul> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">SQLi - Bypass Authentication</a> + <ul> + <li><a href="./index.php?page=login.php">Login</a></li> + </ul> + </li> + <li> + <a href="">SQLi - Insert Injection</a> + <ul> + <li><a href="./index.php?page=register.php">Register</a></li> + </ul> + </li> + <li> + <a href="">Blind SQL via Timing</a> + <ul> + <li><a href="./index.php?page=login.php">Login</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">SQLMAP Practice Target</a> + <ul> + <li><a href="./index.php?page=view-someones-blog.php">View Someones Blog</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">Via JavaScript Object Notation (JSON)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href="">A1 - Other Injection</a> + <ul> + <li> + <a href="">HTML Injection (HTMLi)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + </ul> + </li> + <li> + <a href="">HTMLi via HTTP Headers</a> + <ul> + <li><a href="./index.php?page=site-footer-xss-discussion.php">Site Footer</a><li> + <li><a href="">HTTP Response Splitting (Hint: Difficult)</a></li> + </ul> + </li> + <li> + <a href="">HTMLi Via DOM Injection</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">HTMLi Via Cookie Injection</a> + <ul> + <li><a href="index.php?page=capture-data.php">Capture Data Page</a></li> + </ul> + </li> + <li> + <a href="">Frame Source Injection</a> + <ul> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Injection</a> + <ul> + <li><a href="./index.php">Those "Back" Buttons</a></li> + <li> + <a href="./index.php?page=password-generator.php&username=anonymous"> + Password Generator + </a> + </li> + <li><a href="./index.php?page=browser-info.php">Browser Info</a></li> + </ul> + </li> + <li> + <a href="">HTTP Parameter Pollution</a> + <ul> + <li><a href="./index.php?page=user-poll.php">Poll Question</a></li> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">Cascading Style Injection</a> + <ul> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Object Notation (JSON) Injection</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + <li> + <a href="">Buffer Overflow</a> + <ul> + <li><a href="./index.php?page=repeater.php">Repeater</a></li> + </ul> + </li> + <li> + <a href="">Parameter Addition</a> + <ul> + <li><a href="./index.php?page=repeater.php">Repeater</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href="">A2 - Cross Site Scripting (XSS)</a> + <ul> + <li> + <a href="">Reflected (First Order)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + <li><a href="./index.php?page=html5-storage.php">HTML5 Storage</a></li> + <li><a href="./index.php?page=capture-data.php">Capture Data Page</a></li> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">Persistent (Second Order)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="?page=view-someones-blog.php">View someone's blog</a></li> + <li><a href="?page=show-log.php">Show Log</a><li> + </ul> + </li> + <li> + <a href="">DOM Injection</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Via "Input" (GET/POST)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="?page=view-someones-blog.php">View someone's blog</a></li> + <li><a href="?page=show-log.php">Show Log</a><li> + <li><a href="?page=user-info.php">User Info</a></li> + <li><a href="./index.php">Missing HTTPOnly Attribute</a></li> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + </ul> + </li> + <li> + <a href="">Via HTTP Headers</a> + <ul> + <li><a href="./index.php?page=browser-info.php">Browser Info</a></li> + <li><a href="./index.php?page=show-log.php">Show Log</a><li> + <li><a href="./index.php?page=site-footer-xss-discussion.php">Site Footer</a><li> + <li><a href="./index.php?page=html5-storage.php">Those "BACK" Buttons</a></li> + </ul> + </li> + <li> + <a href="">Via Misconfiguration</a> + <ul> + <li><a href="./index.php">Missing HTTPOnly Attribute</a></li> + </ul> + </li> + <li> + <a href="">Against HTML 5 Storage</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Against JSON</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + </ul> + </li> + <li> + <a href="">Via Cookie Injection</a> + <ul> + <li><a href="index.php?page=capture-data.php">Capture Data Page</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href=""> + A3 - Broken Authentication and Session Management + </a> + <ul> + <li><a href="index.php">Cookies</a></li> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=view-user-privilege-level.php&iv=6bc24fc1ab650b25b4114e93a98f1eba">View User Privileges</a></li> + </ul> + </li> + <li> + <a href="">A4 - Insecure Direct Object References</a> + <ul> + <li><a href="index.php?page=source-viewer.php">Source Viewer</a></li> + <li><a href="index.php?page=credits.php">Credits</a></li> + <li><a href="index.php">Cookies</a></li> + <li><a href="index.php?page=arbitrary-file-inclusion.php">Arbitrary File Inclusion</a></li> + </ul> + </li> + <li> + <a href="">A5 - Cross Site Request Forgery (CSRF)</a> + <ul> + <li><a href="index.php?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="./index.php?page=register.php">Register User</a></li> + </ul> + </li> + <li> + <a href="">A6 - Security Misconfiguration</a> + <ul> + <li><a href="index.php?page=directory-browsing.php">Directory Browsing</a></li> + <li><a href="./index.php?page=user-info.php">Method Tampering (GET for POST)</a></li> + </ul> + </li> + <li> + <a href="">A7 - Insecure Cryptographic Storage</a> + <ul> + <li><a href="index.php?page=user-info.php">User Info</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">A8 - Failure to Restrict URL Access</a> + <ul> + <li><a href="index.php?page=source-viewer.php">Source Viewer</a></li> + <li><a href="index.php?page=secret-administrative-pages.php">"Secret" Administrative Pages</a></li> + <li><a href="index.php?page=robots-txt.php">Robots.txt</a></li> + </ul> + </li> + <li> + <a href="">A9 - Insufficient Transport Layer Protection</a> + <ul> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">A10 - Unvalidated Redirects and Forwards</a> + <ul> + <li><a href="?page=credits.php">Credits</a></li> + <a href="#">Setup/reset the DB (Disabled: Not Admin)</a></li> + + </ul> + </li> + </ul> + </li> + <li style="border-color: #ffffff; border-style: solid;border-width: 1px"> + <a href="#">HTML 5</a> + <ul> + <li> + <a href="">HTML 5 Web Storage</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Object Notation (JSON)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + <li> + <a href="">Asyncronous JavaScript and XML (AJAX)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + </ul> + </li> + <li style="border-color: #ffffff; border-style: solid;border-width: 1px"> + <a href="#">Others</a> + <ul> + <li> + <a href="">OWASP 2007 A3 - Malicious File Execution</a> + <ul> + <li><a href="?page=source-viewer.php">Source Viewer</a></li> + </ul> + </li> + <li> + <a href="">OWASP 2007 A6 - Information Leakage and Improper Error Handling</a> + <ul> + <li><a href="index.php">Cache Control</a></li> + <li><a href="index.php">X-Powered-By HTTP Header</a></li> + <li><a href="index.php">HTML/JavaScript Comments</a></li> + <li><a href="index.php?page=framing.php">Click-Jacking</a></li> + <li><a href="framer.html">Cross-Site Framing (Third-Party Framing)</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Denial of Service</a> + <ul> + <li><a href="?page=show-log.php">Show Web Log</a><li> + </ul> + </li> + <li> + <a href="">JavaScript "Security"</a> + <ul> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=user-info.php">User Info</a></li> + <li><a href="index.php?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="index.php?page=user-agent-impersonation.php">User-Agent Impersonation</a> + </li> + <li> + <a href="">Data Capture Pages</a> + <ul> + <li><a href="index.php?page=capture-data.php">Data Capture</a></li> + <li><a href="index.php?page=captured-data.php">View Captured Data</a></li> + </ul> + </li> + + </ul> + </li> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">Documentation</a> + <ul> + <li><a href="index.php?page=documentation/vulnerabilities.php">Listing of Vulnerabilities</a></li> + </ul> + </li> + </ul> + <br style="clear: left" /> + </div> + + <div class="label" style="text-align: center;">Developed by Adrian "Irongeek" Crenshaw and Jeremy Druin</div> + </td> + +<td valign="top"> + <blockquote> + <!-- Begin Content --> + + +<script type="text/javascript"> + $(function() { + $('[JSONInjectionPoint]').attr("title", "User input is incorporated into the JSON returned from the server"); + $('[JSONInjectionPoint]').balloon(); + }); +</script> + +<div class="page-title">Pen Test Tool Lookup</div> + + + +<script type="text/javascript"> + $(function() { + $('[HTMLEventReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[HTMLEventReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div style="margin: 5px;"> + <span style="font-weight: bold;" HTMLEventReflectedXSSExecutionPoint="1"> + <a onclick="document.location.href='';" + style="cursor:pointer;"> + <img src="./images/back-button-128px-by-128px.png" + alt="Back" + width="64px" + height="64px" + align="middle" + /> + + Back + </a> + </span> +</div> +<!-- BEGIN HTML OUTPUT --> +<script type="text/javascript"> + + var gUseJavaScriptValidation = "FALSE"; +var gDisplayError = "FALSE"; +try{ + var gPenTestToolsJSON = ( {"query": {"toolIDRequested": "3"}});alert(document["cookie"]);//", "penTestTools": [{"tool_id":"3","tool_name":"Skipfish","phase_to_use":"Discovery","tool_type":"Scanner","comment":"Agressive. Fast. Uses wordlists to brute force directories."}]}} ); + }catch(e){ + alert("Error trying to evaluate JSON: " + e.message); + }; + + + var addRow = function(pRowOfData){ + try{ + var lDocRoot = window.document; + var lTBody = lDocRoot.getElementById("idDisplayTableBody"); + var lTR = lDocRoot.createElement("tr"); + + //tool_id, tool_name, phase_to_use, tool_type, comment + + var lToolIDTD = lDocRoot.createElement("td"); + var lToolNameTD = lDocRoot.createElement("td"); + var lPhaseTD = lDocRoot.createElement("td"); + var lToolTypeTD = lDocRoot.createElement("td"); + var lCommentTD = lDocRoot.createElement("td"); + + //lKeyTD.addAttribute("class", "label"); + lToolIDTD.setAttribute("class","sub-body"); + lToolNameTD.setAttribute("class","sub-body"); + lToolNameTD.setAttribute("style","color:#770000"); + lPhaseTD.setAttribute("class","sub-body"); + lToolTypeTD.setAttribute("class","sub-body"); + lCommentTD.setAttribute("class","sub-body"); + lCommentTD.setAttribute("style","font-weight: normal"); + + lToolIDTD.appendChild(lDocRoot.createTextNode(pRowOfData.tool_id)); + lToolNameTD.appendChild(lDocRoot.createTextNode(pRowOfData.tool_name)); + lPhaseTD.appendChild(lDocRoot.createTextNode(pRowOfData.phase_to_use)); + lToolTypeTD.appendChild(lDocRoot.createTextNode(pRowOfData.tool_type)); + lCommentTD.appendChild(lDocRoot.createTextNode(pRowOfData.comment)); + + lTR.appendChild(lToolIDTD); + lTR.appendChild(lToolNameTD); + lTR.appendChild(lPhaseTD); + lTR.appendChild(lToolTypeTD); + lTR.appendChild(lCommentTD); + + lTBody.appendChild(lTR); + }catch(/*Exception*/ e){ + alert("Error trying to add row in function addRow(): " + e.name + "-" + e.message); + }// end try + };//end JavaScript function addRow + + var initializePage = function(){ + try{ + document.getElementById("idToolSelect").focus(); + }catch(/*Exception*/ e){ + alert("Error trying to initialize page: " + e.message); + }// end try + };// end function + + var displayError = function(){ + try{ + if(gDisplayError == "TRUE"){ + document.getElementById("id-invalid-input-tr").style.display=""; + }// end if + }catch(/*Exception*/ e){ + alert("Error trying to display error: " + e.message); + }// end try + };// end function + + var displayPenTestTools = function(){ + try{ + var laTools = gPenTestToolsJSON.query.penTestTools; + if(laTools && laTools.length > 0){ + document.getElementById("idDisplayTable").style.display=""; + for (var i=0; i<laTools.length; i++){ + addRow(laTools[i]); + }//end for i + }// end if + }catch(/*Exception*/ e){ + alert("Error trying to parse JSON: " + e.message); + }// end try + };// end function +</script> +<span> + <a style="text-decoration: none; cursor: pointer;" href="http://localhost/mutillidae/index.php?page=pen-test-tool-lookup-ajax.php"> + <img style="vertical-align: middle;" src="./images/ajax_logo-285x300.jpg" height="75px" width="78px" /> + <span style="font-weight:bold;">Switch to AJAX Version of page</span> + </a> +</span> +<fieldset style="width: 500px;"> + <legend>Pen Test Tools</legend> + <form action="index.php?page=pen-test-tool-lookup.php" + method="post" + enctype="application/x-www-form-urlencoded" + onsubmit="" + id="idForm"> + <table> + <tr id="id-invalid-input-tr" style="display: none;"> + <td class="error-message" colspan="2"> + Error: Invalid Input - Please choose a tool to lookup. + </td> + </tr> + <tr><td> </td></tr> + <tr> + <td class="form-header" colspan="2">Select Pen Test Tool</td> + </tr> + <tr><td> </td></tr> + <tr> + <td class="label" style="text-align: right;">Pen Test Tool</td> + <td> + <select id="idToolSelect" JSONInjectionPoint="1" name="ToolID"> + <option value="0923ac83-8b50-4eda-ad81-f1aac6168c5c" selected="selected">Please Choose Tool</option> + <option value="c84326e4-7487-41d3-91fd-88280828c756">Show All</option> + <option value="1">WebSecurify</option> +<option value="2">Grendel-Scan</option> +<option value="3">Skipfish</option> +<option value="4">w3af</option> +<option value="5">Burp-Suite</option> +<option value="6">Netsparker Community Edition</option> +<option value="7">NeXpose</option> +<option value="8">Hailstorm</option> +<option value="9">Tamper Data</option> +<option value="10">DirBuster</option> +<option value="11">SQL Inject Me</option> +<option value="12">XSS Me</option> +<option value="13">GreaseMonkey</option> +<option value="14">NSLookup</option> +<option value="15">Whois</option> +<option value="16">Dig</option> +<option value="17">Fierce Domain Scanner</option> +<option value="18">host</option> +<option value="19">zaproxy</option> +<option value="20">Google intitle</option> + </select> + </td> + </tr> + <tr><td> </td></tr> + <tr> + <td colspan="2" style="text-align: center;"> + <input name="pen-test-tool-lookup-php-submit-button" type="submit" value="Lookup Tool" class="button" /> + </td> + </tr> + </table> + </form> +</fieldset> + +<table id="idDisplayTable" style="display:none;"> + <tr><td> </td></tr> + <tr> + <td class="sub-header" colspan="5">Pen Testing Tools</td> + <td> </td> + </tr> + <tr> + <td class="sub-header">Tool ID</td> + <td class="sub-header">Tool Name</td> + <td class="sub-header">Tool Type</td> + <td class="sub-header">Phase Used</td> + <td class="sub-header">Comments</td> + </tr> + <tbody id="idDisplayTableBody" style="font-weight:bold;"></tbody> + <tr><td> </td></tr> +</table> + +<script type="text/javascript"> +<!-- + initializePage(); + displayError(); + displayPenTestTools(); +//--> +</script> + + <!-- End Content --> + </blockquote> + </td> + </tr> + </table> + + +<!-- Bubble hints code --> + +<script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div ReflectedXSSExecutionPoint=\"1\" class="footer">Browser: Wget/1.20.3 (msys)</div><div class="footer">PHP Version: 5.3.28</div></body> +</html><script type="text/javascript"> + try{ + window.localStorage.setItem("LocalStorageTarget","This is set by the index.php page"); + window.sessionStorage.setItem("SessionStorageTarget","This is set by the index.php page"); + }catch(e){ + alert(e); + }; + </script><script type="text/javascript" src="./javascript/jQuery/jquery-1.7.2.js"></script><script type="text/javascript" src="./javascript/jQuery/jquery.balloon.js"></script>
\ No newline at end of file diff --git a/hw7/index.php@page=pen-test-tool-lookup.php.2 b/hw7/index.php@page=pen-test-tool-lookup.php.2 new file mode 100644 index 0000000..20cb6be --- /dev/null +++ b/hw7/index.php@page=pen-test-tool-lookup.php.2 @@ -0,0 +1,700 @@ + + <!-- I think the database password is set to blank or perhaps samurai. + It depends on whether you installed this web app from irongeeks site or + are using it inside Kevin Johnsons Samurai web testing framework. + It is ok to put the password in HTML comments because no user will ever see + this comment. I remember that security instructor saying we should use the + framework comment symbols (ASP.NET, JAVA, PHP, Etc.) + rather than HTML comments, but we all know those + security instructors are just making all this up. --> +<!-- Bubble hints code --> + +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/1999/REC-html401-19991224/loose.dtd"> +<html> +<head> + <meta content="text/html; charset=us-ascii" http-equiv="content-type"> + + <link rel="shortcut icon" href="favicon.ico" type="image/x-icon" /> + <link rel="stylesheet" type="text/css" href="./styles/global-styles.css" /> + <link rel="stylesheet" type="text/css" href="./styles/ddsmoothmenu/ddsmoothmenu.css" /> + <link rel="stylesheet" type="text/css" href="./styles/ddsmoothmenu/ddsmoothmenu-v.css" /> + + <script type="text/javascript" src="./javascript/bookmark-site.js"></script> + <script type="text/javascript" src="./javascript/ddsmoothmenu/ddsmoothmenu.js"></script> + <script type="text/javascript" src="./javascript/ddsmoothmenu/jquery.min.js"> + /*********************************************** + * Smooth Navigational Menu- (c) Dynamic Drive DHTML code library (www.dynamicdrive.com) + * This notice MUST stay intact for legal use + * Visit Dynamic Drive at http://www.dynamicdrive.com/ for full source code + ***********************************************/ + </script> + <script type="text/javascript"> + ddsmoothmenu.init({ + mainmenuid: "smoothmenu1", //menu DIV id + orientation: 'v', //Horizontal or vertical menu: Set to "h" or "v" + classname: 'ddsmoothmenu', //class added to menu's outer DIV + //customtheme: ["#cccc44", "#cccccc"], + contentsource: "markup" //"markup" or ["container_id", "path_to_menu_file"] + }); + </script> + <script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + $('[CookieTamperingAffectedArea]').attr("title", "Cookies may store system state information"); + $('[CookieTamperingAffectedArea]').balloon(); + }); + </script> +</head> +<body onload="onLoadOfBody(this);"> +<table class="main-table-frame" border="1px" cellspacing="0px" cellpadding="0px"> + <tr> + <td bgcolor="#ccccff" align="center" colspan="7"> + <table width="100%"> + <tr> + <td style="text-align:center;"> + <span style="text-align:center; font-weight: bold; font-size:30px; text-align: center;"> + <img style="vertical-align: middle; margin-right: 10px;" border="0px" width="50px" height="40px" align="top" src="./images/coykillericon.png"/> + NOWASP (Mutillidae): Hack Like You Mean It + </span> + </td> + </tr> + </table> + </td> + </tr> + <tr> + <td bgcolor="#ccccff" align="center" colspan="7"> + <span class="version-header">Version: 2.3.10</span> + <span id="idSecurityLevelHeading" class="version-header" style="margin-left: 40px;">Security Level: 0 (Hosed)</span> + <span id="idHintsStatusHeading" CookieTamperingAffectedArea="1" class="version-header" style="margin-left: 40px;">Hints: Disabled (0 - I try harder)</span> + <span id="idSystemInformationHeading" ReflectedXSSExecutionPoint="1" class="version-header" style="margin-left: 40px;">Not Logged In</span> + </td> + </tr> + <tr> + <td colspan="2" class="header-menu-table"> + <table class="header-menu-table"> + <tr> + <td><a href="index.php?page=home.php">Home</a></td> + <td>|</td> + <td> + <a href="./index.php?page=login.php">Login/Register</a> + </td> + <td>|</td> + <td><a href="./index.php?do=toggle-hints&page=pen-test-tool-lookup.php">Toggle Hints</a></td><td>|</td> <td><a href="./index.php?do=toggle-security&page=pen-test-tool-lookup.php">Toggle Security</a></td> + <td>|</td> + <td><a href="set-up-database.php">Reset DB</a></td> + <td>|</td> + <td><a href="./index.php?page=show-log.php">View Log</a></td> + <td>|</td> + <td><a href="./index.php?page=captured-data.php">View Captured Data</a></td> + <td>|</td> + <td><a href="./index.php?do=toggle-bubble-hints&page=pen-test-tool-lookup.php">Hide Popup Hints</a></td> + </tr> + </table> + </td> + </tr> + <tr> + <td style="vertical-align:top;text-align:left;background-color:#ccccff;width:10%"> + <div id="smoothmenu1" class="ddsmoothmenu"> + <ul> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">Core Controls</a> + <ul> + <li><a href="index.php?page=home.php">Home</a></li> + <li> + <a href="./index.php?page=login.php">Login/Register</a> </li> + <li><a href="./index.php?do=toggle-hints&page=pen-test-tool-lookup.php">Toggle Hints</a></li> <li><a href="./index.php?do=toggle-security&page=pen-test-tool-lookup.php">Toggle Security</a></li> + <li><a href="set-up-database.php">Setup/Reset the DB</a></li> + <li><a href="./index.php?page=show-log.php">Show Log</a></li> + <li><a href="./index.php?page=credits.php">Credits</a></li> + <li><a href="./index.php?do=toggle-bubble-hints&page=pen-test-tool-lookup.php">Hide Popup Hints</a></li> + </ul> + </li> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">OWASP Top 10</a> + <ul> + <li> + <a href="">A1 - SQL Injection</a> + <ul> + <li> + <a href="">SQLi - Extract Data</a> + <ul> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">SQLi - Bypass Authentication</a> + <ul> + <li><a href="./index.php?page=login.php">Login</a></li> + </ul> + </li> + <li> + <a href="">SQLi - Insert Injection</a> + <ul> + <li><a href="./index.php?page=register.php">Register</a></li> + </ul> + </li> + <li> + <a href="">Blind SQL via Timing</a> + <ul> + <li><a href="./index.php?page=login.php">Login</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">SQLMAP Practice Target</a> + <ul> + <li><a href="./index.php?page=view-someones-blog.php">View Someones Blog</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">Via JavaScript Object Notation (JSON)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href="">A1 - Other Injection</a> + <ul> + <li> + <a href="">HTML Injection (HTMLi)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + </ul> + </li> + <li> + <a href="">HTMLi via HTTP Headers</a> + <ul> + <li><a href="./index.php?page=site-footer-xss-discussion.php">Site Footer</a><li> + <li><a href="">HTTP Response Splitting (Hint: Difficult)</a></li> + </ul> + </li> + <li> + <a href="">HTMLi Via DOM Injection</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">HTMLi Via Cookie Injection</a> + <ul> + <li><a href="index.php?page=capture-data.php">Capture Data Page</a></li> + </ul> + </li> + <li> + <a href="">Frame Source Injection</a> + <ul> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Injection</a> + <ul> + <li><a href="./index.php">Those "Back" Buttons</a></li> + <li> + <a href="./index.php?page=password-generator.php&username=anonymous"> + Password Generator + </a> + </li> + <li><a href="./index.php?page=browser-info.php">Browser Info</a></li> + </ul> + </li> + <li> + <a href="">HTTP Parameter Pollution</a> + <ul> + <li><a href="./index.php?page=user-poll.php">Poll Question</a></li> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">Cascading Style Injection</a> + <ul> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Object Notation (JSON) Injection</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + <li> + <a href="">Buffer Overflow</a> + <ul> + <li><a href="./index.php?page=repeater.php">Repeater</a></li> + </ul> + </li> + <li> + <a href="">Parameter Addition</a> + <ul> + <li><a href="./index.php?page=repeater.php">Repeater</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href="">A2 - Cross Site Scripting (XSS)</a> + <ul> + <li> + <a href="">Reflected (First Order)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + <li><a href="./index.php?page=html5-storage.php">HTML5 Storage</a></li> + <li><a href="./index.php?page=capture-data.php">Capture Data Page</a></li> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">Persistent (Second Order)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="?page=view-someones-blog.php">View someone's blog</a></li> + <li><a href="?page=show-log.php">Show Log</a><li> + </ul> + </li> + <li> + <a href="">DOM Injection</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Via "Input" (GET/POST)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="?page=view-someones-blog.php">View someone's blog</a></li> + <li><a href="?page=show-log.php">Show Log</a><li> + <li><a href="?page=user-info.php">User Info</a></li> + <li><a href="./index.php">Missing HTTPOnly Attribute</a></li> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + </ul> + </li> + <li> + <a href="">Via HTTP Headers</a> + <ul> + <li><a href="./index.php?page=browser-info.php">Browser Info</a></li> + <li><a href="./index.php?page=show-log.php">Show Log</a><li> + <li><a href="./index.php?page=site-footer-xss-discussion.php">Site Footer</a><li> + <li><a href="./index.php?page=html5-storage.php">Those "BACK" Buttons</a></li> + </ul> + </li> + <li> + <a href="">Via Misconfiguration</a> + <ul> + <li><a href="./index.php">Missing HTTPOnly Attribute</a></li> + </ul> + </li> + <li> + <a href="">Against HTML 5 Storage</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Against JSON</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + </ul> + </li> + <li> + <a href="">Via Cookie Injection</a> + <ul> + <li><a href="index.php?page=capture-data.php">Capture Data Page</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href=""> + A3 - Broken Authentication and Session Management + </a> + <ul> + <li><a href="index.php">Cookies</a></li> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=view-user-privilege-level.php&iv=6bc24fc1ab650b25b4114e93a98f1eba">View User Privileges</a></li> + </ul> + </li> + <li> + <a href="">A4 - Insecure Direct Object References</a> + <ul> + <li><a href="index.php?page=source-viewer.php">Source Viewer</a></li> + <li><a href="index.php?page=credits.php">Credits</a></li> + <li><a href="index.php">Cookies</a></li> + <li><a href="index.php?page=arbitrary-file-inclusion.php">Arbitrary File Inclusion</a></li> + </ul> + </li> + <li> + <a href="">A5 - Cross Site Request Forgery (CSRF)</a> + <ul> + <li><a href="index.php?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="./index.php?page=register.php">Register User</a></li> + </ul> + </li> + <li> + <a href="">A6 - Security Misconfiguration</a> + <ul> + <li><a href="index.php?page=directory-browsing.php">Directory Browsing</a></li> + <li><a href="./index.php?page=user-info.php">Method Tampering (GET for POST)</a></li> + </ul> + </li> + <li> + <a href="">A7 - Insecure Cryptographic Storage</a> + <ul> + <li><a href="index.php?page=user-info.php">User Info</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">A8 - Failure to Restrict URL Access</a> + <ul> + <li><a href="index.php?page=source-viewer.php">Source Viewer</a></li> + <li><a href="index.php?page=secret-administrative-pages.php">"Secret" Administrative Pages</a></li> + <li><a href="index.php?page=robots-txt.php">Robots.txt</a></li> + </ul> + </li> + <li> + <a href="">A9 - Insufficient Transport Layer Protection</a> + <ul> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">A10 - Unvalidated Redirects and Forwards</a> + <ul> + <li><a href="?page=credits.php">Credits</a></li> + <a href="#">Setup/reset the DB (Disabled: Not Admin)</a></li> + + </ul> + </li> + </ul> + </li> + <li style="border-color: #ffffff; border-style: solid;border-width: 1px"> + <a href="#">HTML 5</a> + <ul> + <li> + <a href="">HTML 5 Web Storage</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Object Notation (JSON)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + <li> + <a href="">Asyncronous JavaScript and XML (AJAX)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + </ul> + </li> + <li style="border-color: #ffffff; border-style: solid;border-width: 1px"> + <a href="#">Others</a> + <ul> + <li> + <a href="">OWASP 2007 A3 - Malicious File Execution</a> + <ul> + <li><a href="?page=source-viewer.php">Source Viewer</a></li> + </ul> + </li> + <li> + <a href="">OWASP 2007 A6 - Information Leakage and Improper Error Handling</a> + <ul> + <li><a href="index.php">Cache Control</a></li> + <li><a href="index.php">X-Powered-By HTTP Header</a></li> + <li><a href="index.php">HTML/JavaScript Comments</a></li> + <li><a href="index.php?page=framing.php">Click-Jacking</a></li> + <li><a href="framer.html">Cross-Site Framing (Third-Party Framing)</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Denial of Service</a> + <ul> + <li><a href="?page=show-log.php">Show Web Log</a><li> + </ul> + </li> + <li> + <a href="">JavaScript "Security"</a> + <ul> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=user-info.php">User Info</a></li> + <li><a href="index.php?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="index.php?page=user-agent-impersonation.php">User-Agent Impersonation</a> + </li> + <li> + <a href="">Data Capture Pages</a> + <ul> + <li><a href="index.php?page=capture-data.php">Data Capture</a></li> + <li><a href="index.php?page=captured-data.php">View Captured Data</a></li> + </ul> + </li> + + </ul> + </li> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">Documentation</a> + <ul> + <li><a href="index.php?page=documentation/vulnerabilities.php">Listing of Vulnerabilities</a></li> + </ul> + </li> + </ul> + <br style="clear: left" /> + </div> + + <div class="label" style="text-align: center;">Developed by Adrian "Irongeek" Crenshaw and Jeremy Druin</div> + </td> + +<td valign="top"> + <blockquote> + <!-- Begin Content --> + + +<script type="text/javascript"> + $(function() { + $('[JSONInjectionPoint]').attr("title", "User input is incorporated into the JSON returned from the server"); + $('[JSONInjectionPoint]').balloon(); + }); +</script> + +<div class="page-title">Pen Test Tool Lookup</div> + + + +<script type="text/javascript"> + $(function() { + $('[HTMLEventReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[HTMLEventReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div style="margin: 5px;"> + <span style="font-weight: bold;" HTMLEventReflectedXSSExecutionPoint="1"> + <a onclick="document.location.href='';" + style="cursor:pointer;"> + <img src="./images/back-button-128px-by-128px.png" + alt="Back" + width="64px" + height="64px" + align="middle" + /> + + Back + </a> + </span> +</div> +<!-- BEGIN HTML OUTPUT --> +<script type="text/javascript"> + + var gUseJavaScriptValidation = "FALSE"; +var gDisplayError = "FALSE"; +try{ + var gPenTestToolsJSON = ( ); + }catch(e){ + alert("Error trying to evaluate JSON: " + e.message); + }; + + + var addRow = function(pRowOfData){ + try{ + var lDocRoot = window.document; + var lTBody = lDocRoot.getElementById("idDisplayTableBody"); + var lTR = lDocRoot.createElement("tr"); + + //tool_id, tool_name, phase_to_use, tool_type, comment + + var lToolIDTD = lDocRoot.createElement("td"); + var lToolNameTD = lDocRoot.createElement("td"); + var lPhaseTD = lDocRoot.createElement("td"); + var lToolTypeTD = lDocRoot.createElement("td"); + var lCommentTD = lDocRoot.createElement("td"); + + //lKeyTD.addAttribute("class", "label"); + lToolIDTD.setAttribute("class","sub-body"); + lToolNameTD.setAttribute("class","sub-body"); + lToolNameTD.setAttribute("style","color:#770000"); + lPhaseTD.setAttribute("class","sub-body"); + lToolTypeTD.setAttribute("class","sub-body"); + lCommentTD.setAttribute("class","sub-body"); + lCommentTD.setAttribute("style","font-weight: normal"); + + lToolIDTD.appendChild(lDocRoot.createTextNode(pRowOfData.tool_id)); + lToolNameTD.appendChild(lDocRoot.createTextNode(pRowOfData.tool_name)); + lPhaseTD.appendChild(lDocRoot.createTextNode(pRowOfData.phase_to_use)); + lToolTypeTD.appendChild(lDocRoot.createTextNode(pRowOfData.tool_type)); + lCommentTD.appendChild(lDocRoot.createTextNode(pRowOfData.comment)); + + lTR.appendChild(lToolIDTD); + lTR.appendChild(lToolNameTD); + lTR.appendChild(lPhaseTD); + lTR.appendChild(lToolTypeTD); + lTR.appendChild(lCommentTD); + + lTBody.appendChild(lTR); + }catch(/*Exception*/ e){ + alert("Error trying to add row in function addRow(): " + e.name + "-" + e.message); + }// end try + };//end JavaScript function addRow + + var initializePage = function(){ + try{ + document.getElementById("idToolSelect").focus(); + }catch(/*Exception*/ e){ + alert("Error trying to initialize page: " + e.message); + }// end try + };// end function + + var displayError = function(){ + try{ + if(gDisplayError == "TRUE"){ + document.getElementById("id-invalid-input-tr").style.display=""; + }// end if + }catch(/*Exception*/ e){ + alert("Error trying to display error: " + e.message); + }// end try + };// end function + + var displayPenTestTools = function(){ + try{ + var laTools = gPenTestToolsJSON.query.penTestTools; + if(laTools && laTools.length > 0){ + document.getElementById("idDisplayTable").style.display=""; + for (var i=0; i<laTools.length; i++){ + addRow(laTools[i]); + }//end for i + }// end if + }catch(/*Exception*/ e){ + alert("Error trying to parse JSON: " + e.message); + }// end try + };// end function +</script> +<span> + <a style="text-decoration: none; cursor: pointer;" href="http://localhost/mutillidae/index.php?page=pen-test-tool-lookup-ajax.php"> + <img style="vertical-align: middle;" src="./images/ajax_logo-285x300.jpg" height="75px" width="78px" /> + <span style="font-weight:bold;">Switch to AJAX Version of page</span> + </a> +</span> +<fieldset style="width: 500px;"> + <legend>Pen Test Tools</legend> + <form action="index.php?page=pen-test-tool-lookup.php" + method="post" + enctype="application/x-www-form-urlencoded" + onsubmit="" + id="idForm"> + <table> + <tr id="id-invalid-input-tr" style="display: none;"> + <td class="error-message" colspan="2"> + Error: Invalid Input - Please choose a tool to lookup. + </td> + </tr> + <tr><td> </td></tr> + <tr> + <td class="form-header" colspan="2">Select Pen Test Tool</td> + </tr> + <tr><td> </td></tr> + <tr> + <td class="label" style="text-align: right;">Pen Test Tool</td> + <td> + <select id="idToolSelect" JSONInjectionPoint="1" name="ToolID"> + <option value="0923ac83-8b50-4eda-ad81-f1aac6168c5c" selected="selected">Please Choose Tool</option> + <option value="c84326e4-7487-41d3-91fd-88280828c756">Show All</option> + <option value="1">WebSecurify</option> +<option value="2">Grendel-Scan</option> +<option value="3">Skipfish</option> +<option value="4">w3af</option> +<option value="5">Burp-Suite</option> +<option value="6">Netsparker Community Edition</option> +<option value="7">NeXpose</option> +<option value="8">Hailstorm</option> +<option value="9">Tamper Data</option> +<option value="10">DirBuster</option> +<option value="11">SQL Inject Me</option> +<option value="12">XSS Me</option> +<option value="13">GreaseMonkey</option> +<option value="14">NSLookup</option> +<option value="15">Whois</option> +<option value="16">Dig</option> +<option value="17">Fierce Domain Scanner</option> +<option value="18">host</option> +<option value="19">zaproxy</option> +<option value="20">Google intitle</option> + </select> + </td> + </tr> + <tr><td> </td></tr> + <tr> + <td colspan="2" style="text-align: center;"> + <input name="pen-test-tool-lookup-php-submit-button" type="submit" value="Lookup Tool" class="button" /> + </td> + </tr> + </table> + </form> +</fieldset> + +<table id="idDisplayTable" style="display:none;"> + <tr><td> </td></tr> + <tr> + <td class="sub-header" colspan="5">Pen Testing Tools</td> + <td> </td> + </tr> + <tr> + <td class="sub-header">Tool ID</td> + <td class="sub-header">Tool Name</td> + <td class="sub-header">Tool Type</td> + <td class="sub-header">Phase Used</td> + <td class="sub-header">Comments</td> + </tr> + <tbody id="idDisplayTableBody" style="font-weight:bold;"></tbody> + <tr><td> </td></tr> +</table> + +<script type="text/javascript"> +<!-- + initializePage(); + displayError(); + displayPenTestTools(); +//--> +</script> + + <!-- End Content --> + </blockquote> + </td> + </tr> + </table> + + +<!-- Bubble hints code --> + +<script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div ReflectedXSSExecutionPoint=\"1\" class="footer">Browser: Wget/1.20.3 (msys)</div><div class="footer">PHP Version: 5.3.28</div></body> +</html><script type="text/javascript"> + try{ + window.localStorage.setItem("LocalStorageTarget","This is set by the index.php page"); + window.sessionStorage.setItem("SessionStorageTarget","This is set by the index.php page"); + }catch(e){ + alert(e); + }; + </script><script type="text/javascript" src="./javascript/jQuery/jquery-1.7.2.js"></script><script type="text/javascript" src="./javascript/jQuery/jquery.balloon.js"></script>
\ No newline at end of file diff --git a/hw7/index.php@page=pen-test-tool-lookup.php.3 b/hw7/index.php@page=pen-test-tool-lookup.php.3 new file mode 100644 index 0000000..20cb6be --- /dev/null +++ b/hw7/index.php@page=pen-test-tool-lookup.php.3 @@ -0,0 +1,700 @@ + + <!-- I think the database password is set to blank or perhaps samurai. + It depends on whether you installed this web app from irongeeks site or + are using it inside Kevin Johnsons Samurai web testing framework. + It is ok to put the password in HTML comments because no user will ever see + this comment. I remember that security instructor saying we should use the + framework comment symbols (ASP.NET, JAVA, PHP, Etc.) + rather than HTML comments, but we all know those + security instructors are just making all this up. --> +<!-- Bubble hints code --> + +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/1999/REC-html401-19991224/loose.dtd"> +<html> +<head> + <meta content="text/html; charset=us-ascii" http-equiv="content-type"> + + <link rel="shortcut icon" href="favicon.ico" type="image/x-icon" /> + <link rel="stylesheet" type="text/css" href="./styles/global-styles.css" /> + <link rel="stylesheet" type="text/css" href="./styles/ddsmoothmenu/ddsmoothmenu.css" /> + <link rel="stylesheet" type="text/css" href="./styles/ddsmoothmenu/ddsmoothmenu-v.css" /> + + <script type="text/javascript" src="./javascript/bookmark-site.js"></script> + <script type="text/javascript" src="./javascript/ddsmoothmenu/ddsmoothmenu.js"></script> + <script type="text/javascript" src="./javascript/ddsmoothmenu/jquery.min.js"> + /*********************************************** + * Smooth Navigational Menu- (c) Dynamic Drive DHTML code library (www.dynamicdrive.com) + * This notice MUST stay intact for legal use + * Visit Dynamic Drive at http://www.dynamicdrive.com/ for full source code + ***********************************************/ + </script> + <script type="text/javascript"> + ddsmoothmenu.init({ + mainmenuid: "smoothmenu1", //menu DIV id + orientation: 'v', //Horizontal or vertical menu: Set to "h" or "v" + classname: 'ddsmoothmenu', //class added to menu's outer DIV + //customtheme: ["#cccc44", "#cccccc"], + contentsource: "markup" //"markup" or ["container_id", "path_to_menu_file"] + }); + </script> + <script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + $('[CookieTamperingAffectedArea]').attr("title", "Cookies may store system state information"); + $('[CookieTamperingAffectedArea]').balloon(); + }); + </script> +</head> +<body onload="onLoadOfBody(this);"> +<table class="main-table-frame" border="1px" cellspacing="0px" cellpadding="0px"> + <tr> + <td bgcolor="#ccccff" align="center" colspan="7"> + <table width="100%"> + <tr> + <td style="text-align:center;"> + <span style="text-align:center; font-weight: bold; font-size:30px; text-align: center;"> + <img style="vertical-align: middle; margin-right: 10px;" border="0px" width="50px" height="40px" align="top" src="./images/coykillericon.png"/> + NOWASP (Mutillidae): Hack Like You Mean It + </span> + </td> + </tr> + </table> + </td> + </tr> + <tr> + <td bgcolor="#ccccff" align="center" colspan="7"> + <span class="version-header">Version: 2.3.10</span> + <span id="idSecurityLevelHeading" class="version-header" style="margin-left: 40px;">Security Level: 0 (Hosed)</span> + <span id="idHintsStatusHeading" CookieTamperingAffectedArea="1" class="version-header" style="margin-left: 40px;">Hints: Disabled (0 - I try harder)</span> + <span id="idSystemInformationHeading" ReflectedXSSExecutionPoint="1" class="version-header" style="margin-left: 40px;">Not Logged In</span> + </td> + </tr> + <tr> + <td colspan="2" class="header-menu-table"> + <table class="header-menu-table"> + <tr> + <td><a href="index.php?page=home.php">Home</a></td> + <td>|</td> + <td> + <a href="./index.php?page=login.php">Login/Register</a> + </td> + <td>|</td> + <td><a href="./index.php?do=toggle-hints&page=pen-test-tool-lookup.php">Toggle Hints</a></td><td>|</td> <td><a href="./index.php?do=toggle-security&page=pen-test-tool-lookup.php">Toggle Security</a></td> + <td>|</td> + <td><a href="set-up-database.php">Reset DB</a></td> + <td>|</td> + <td><a href="./index.php?page=show-log.php">View Log</a></td> + <td>|</td> + <td><a href="./index.php?page=captured-data.php">View Captured Data</a></td> + <td>|</td> + <td><a href="./index.php?do=toggle-bubble-hints&page=pen-test-tool-lookup.php">Hide Popup Hints</a></td> + </tr> + </table> + </td> + </tr> + <tr> + <td style="vertical-align:top;text-align:left;background-color:#ccccff;width:10%"> + <div id="smoothmenu1" class="ddsmoothmenu"> + <ul> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">Core Controls</a> + <ul> + <li><a href="index.php?page=home.php">Home</a></li> + <li> + <a href="./index.php?page=login.php">Login/Register</a> </li> + <li><a href="./index.php?do=toggle-hints&page=pen-test-tool-lookup.php">Toggle Hints</a></li> <li><a href="./index.php?do=toggle-security&page=pen-test-tool-lookup.php">Toggle Security</a></li> + <li><a href="set-up-database.php">Setup/Reset the DB</a></li> + <li><a href="./index.php?page=show-log.php">Show Log</a></li> + <li><a href="./index.php?page=credits.php">Credits</a></li> + <li><a href="./index.php?do=toggle-bubble-hints&page=pen-test-tool-lookup.php">Hide Popup Hints</a></li> + </ul> + </li> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">OWASP Top 10</a> + <ul> + <li> + <a href="">A1 - SQL Injection</a> + <ul> + <li> + <a href="">SQLi - Extract Data</a> + <ul> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">SQLi - Bypass Authentication</a> + <ul> + <li><a href="./index.php?page=login.php">Login</a></li> + </ul> + </li> + <li> + <a href="">SQLi - Insert Injection</a> + <ul> + <li><a href="./index.php?page=register.php">Register</a></li> + </ul> + </li> + <li> + <a href="">Blind SQL via Timing</a> + <ul> + <li><a href="./index.php?page=login.php">Login</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">SQLMAP Practice Target</a> + <ul> + <li><a href="./index.php?page=view-someones-blog.php">View Someones Blog</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">Via JavaScript Object Notation (JSON)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href="">A1 - Other Injection</a> + <ul> + <li> + <a href="">HTML Injection (HTMLi)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + </ul> + </li> + <li> + <a href="">HTMLi via HTTP Headers</a> + <ul> + <li><a href="./index.php?page=site-footer-xss-discussion.php">Site Footer</a><li> + <li><a href="">HTTP Response Splitting (Hint: Difficult)</a></li> + </ul> + </li> + <li> + <a href="">HTMLi Via DOM Injection</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">HTMLi Via Cookie Injection</a> + <ul> + <li><a href="index.php?page=capture-data.php">Capture Data Page</a></li> + </ul> + </li> + <li> + <a href="">Frame Source Injection</a> + <ul> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Injection</a> + <ul> + <li><a href="./index.php">Those "Back" Buttons</a></li> + <li> + <a href="./index.php?page=password-generator.php&username=anonymous"> + Password Generator + </a> + </li> + <li><a href="./index.php?page=browser-info.php">Browser Info</a></li> + </ul> + </li> + <li> + <a href="">HTTP Parameter Pollution</a> + <ul> + <li><a href="./index.php?page=user-poll.php">Poll Question</a></li> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">Cascading Style Injection</a> + <ul> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Object Notation (JSON) Injection</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + <li> + <a href="">Buffer Overflow</a> + <ul> + <li><a href="./index.php?page=repeater.php">Repeater</a></li> + </ul> + </li> + <li> + <a href="">Parameter Addition</a> + <ul> + <li><a href="./index.php?page=repeater.php">Repeater</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href="">A2 - Cross Site Scripting (XSS)</a> + <ul> + <li> + <a href="">Reflected (First Order)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + <li><a href="./index.php?page=html5-storage.php">HTML5 Storage</a></li> + <li><a href="./index.php?page=capture-data.php">Capture Data Page</a></li> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">Persistent (Second Order)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="?page=view-someones-blog.php">View someone's blog</a></li> + <li><a href="?page=show-log.php">Show Log</a><li> + </ul> + </li> + <li> + <a href="">DOM Injection</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Via "Input" (GET/POST)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="?page=view-someones-blog.php">View someone's blog</a></li> + <li><a href="?page=show-log.php">Show Log</a><li> + <li><a href="?page=user-info.php">User Info</a></li> + <li><a href="./index.php">Missing HTTPOnly Attribute</a></li> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + </ul> + </li> + <li> + <a href="">Via HTTP Headers</a> + <ul> + <li><a href="./index.php?page=browser-info.php">Browser Info</a></li> + <li><a href="./index.php?page=show-log.php">Show Log</a><li> + <li><a href="./index.php?page=site-footer-xss-discussion.php">Site Footer</a><li> + <li><a href="./index.php?page=html5-storage.php">Those "BACK" Buttons</a></li> + </ul> + </li> + <li> + <a href="">Via Misconfiguration</a> + <ul> + <li><a href="./index.php">Missing HTTPOnly Attribute</a></li> + </ul> + </li> + <li> + <a href="">Against HTML 5 Storage</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Against JSON</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + </ul> + </li> + <li> + <a href="">Via Cookie Injection</a> + <ul> + <li><a href="index.php?page=capture-data.php">Capture Data Page</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href=""> + A3 - Broken Authentication and Session Management + </a> + <ul> + <li><a href="index.php">Cookies</a></li> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=view-user-privilege-level.php&iv=6bc24fc1ab650b25b4114e93a98f1eba">View User Privileges</a></li> + </ul> + </li> + <li> + <a href="">A4 - Insecure Direct Object References</a> + <ul> + <li><a href="index.php?page=source-viewer.php">Source Viewer</a></li> + <li><a href="index.php?page=credits.php">Credits</a></li> + <li><a href="index.php">Cookies</a></li> + <li><a href="index.php?page=arbitrary-file-inclusion.php">Arbitrary File Inclusion</a></li> + </ul> + </li> + <li> + <a href="">A5 - Cross Site Request Forgery (CSRF)</a> + <ul> + <li><a href="index.php?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="./index.php?page=register.php">Register User</a></li> + </ul> + </li> + <li> + <a href="">A6 - Security Misconfiguration</a> + <ul> + <li><a href="index.php?page=directory-browsing.php">Directory Browsing</a></li> + <li><a href="./index.php?page=user-info.php">Method Tampering (GET for POST)</a></li> + </ul> + </li> + <li> + <a href="">A7 - Insecure Cryptographic Storage</a> + <ul> + <li><a href="index.php?page=user-info.php">User Info</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">A8 - Failure to Restrict URL Access</a> + <ul> + <li><a href="index.php?page=source-viewer.php">Source Viewer</a></li> + <li><a href="index.php?page=secret-administrative-pages.php">"Secret" Administrative Pages</a></li> + <li><a href="index.php?page=robots-txt.php">Robots.txt</a></li> + </ul> + </li> + <li> + <a href="">A9 - Insufficient Transport Layer Protection</a> + <ul> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">A10 - Unvalidated Redirects and Forwards</a> + <ul> + <li><a href="?page=credits.php">Credits</a></li> + <a href="#">Setup/reset the DB (Disabled: Not Admin)</a></li> + + </ul> + </li> + </ul> + </li> + <li style="border-color: #ffffff; border-style: solid;border-width: 1px"> + <a href="#">HTML 5</a> + <ul> + <li> + <a href="">HTML 5 Web Storage</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Object Notation (JSON)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + <li> + <a href="">Asyncronous JavaScript and XML (AJAX)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + </ul> + </li> + <li style="border-color: #ffffff; border-style: solid;border-width: 1px"> + <a href="#">Others</a> + <ul> + <li> + <a href="">OWASP 2007 A3 - Malicious File Execution</a> + <ul> + <li><a href="?page=source-viewer.php">Source Viewer</a></li> + </ul> + </li> + <li> + <a href="">OWASP 2007 A6 - Information Leakage and Improper Error Handling</a> + <ul> + <li><a href="index.php">Cache Control</a></li> + <li><a href="index.php">X-Powered-By HTTP Header</a></li> + <li><a href="index.php">HTML/JavaScript Comments</a></li> + <li><a href="index.php?page=framing.php">Click-Jacking</a></li> + <li><a href="framer.html">Cross-Site Framing (Third-Party Framing)</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Denial of Service</a> + <ul> + <li><a href="?page=show-log.php">Show Web Log</a><li> + </ul> + </li> + <li> + <a href="">JavaScript "Security"</a> + <ul> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=user-info.php">User Info</a></li> + <li><a href="index.php?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="index.php?page=user-agent-impersonation.php">User-Agent Impersonation</a> + </li> + <li> + <a href="">Data Capture Pages</a> + <ul> + <li><a href="index.php?page=capture-data.php">Data Capture</a></li> + <li><a href="index.php?page=captured-data.php">View Captured Data</a></li> + </ul> + </li> + + </ul> + </li> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">Documentation</a> + <ul> + <li><a href="index.php?page=documentation/vulnerabilities.php">Listing of Vulnerabilities</a></li> + </ul> + </li> + </ul> + <br style="clear: left" /> + </div> + + <div class="label" style="text-align: center;">Developed by Adrian "Irongeek" Crenshaw and Jeremy Druin</div> + </td> + +<td valign="top"> + <blockquote> + <!-- Begin Content --> + + +<script type="text/javascript"> + $(function() { + $('[JSONInjectionPoint]').attr("title", "User input is incorporated into the JSON returned from the server"); + $('[JSONInjectionPoint]').balloon(); + }); +</script> + +<div class="page-title">Pen Test Tool Lookup</div> + + + +<script type="text/javascript"> + $(function() { + $('[HTMLEventReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[HTMLEventReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div style="margin: 5px;"> + <span style="font-weight: bold;" HTMLEventReflectedXSSExecutionPoint="1"> + <a onclick="document.location.href='';" + style="cursor:pointer;"> + <img src="./images/back-button-128px-by-128px.png" + alt="Back" + width="64px" + height="64px" + align="middle" + /> + + Back + </a> + </span> +</div> +<!-- BEGIN HTML OUTPUT --> +<script type="text/javascript"> + + var gUseJavaScriptValidation = "FALSE"; +var gDisplayError = "FALSE"; +try{ + var gPenTestToolsJSON = ( ); + }catch(e){ + alert("Error trying to evaluate JSON: " + e.message); + }; + + + var addRow = function(pRowOfData){ + try{ + var lDocRoot = window.document; + var lTBody = lDocRoot.getElementById("idDisplayTableBody"); + var lTR = lDocRoot.createElement("tr"); + + //tool_id, tool_name, phase_to_use, tool_type, comment + + var lToolIDTD = lDocRoot.createElement("td"); + var lToolNameTD = lDocRoot.createElement("td"); + var lPhaseTD = lDocRoot.createElement("td"); + var lToolTypeTD = lDocRoot.createElement("td"); + var lCommentTD = lDocRoot.createElement("td"); + + //lKeyTD.addAttribute("class", "label"); + lToolIDTD.setAttribute("class","sub-body"); + lToolNameTD.setAttribute("class","sub-body"); + lToolNameTD.setAttribute("style","color:#770000"); + lPhaseTD.setAttribute("class","sub-body"); + lToolTypeTD.setAttribute("class","sub-body"); + lCommentTD.setAttribute("class","sub-body"); + lCommentTD.setAttribute("style","font-weight: normal"); + + lToolIDTD.appendChild(lDocRoot.createTextNode(pRowOfData.tool_id)); + lToolNameTD.appendChild(lDocRoot.createTextNode(pRowOfData.tool_name)); + lPhaseTD.appendChild(lDocRoot.createTextNode(pRowOfData.phase_to_use)); + lToolTypeTD.appendChild(lDocRoot.createTextNode(pRowOfData.tool_type)); + lCommentTD.appendChild(lDocRoot.createTextNode(pRowOfData.comment)); + + lTR.appendChild(lToolIDTD); + lTR.appendChild(lToolNameTD); + lTR.appendChild(lPhaseTD); + lTR.appendChild(lToolTypeTD); + lTR.appendChild(lCommentTD); + + lTBody.appendChild(lTR); + }catch(/*Exception*/ e){ + alert("Error trying to add row in function addRow(): " + e.name + "-" + e.message); + }// end try + };//end JavaScript function addRow + + var initializePage = function(){ + try{ + document.getElementById("idToolSelect").focus(); + }catch(/*Exception*/ e){ + alert("Error trying to initialize page: " + e.message); + }// end try + };// end function + + var displayError = function(){ + try{ + if(gDisplayError == "TRUE"){ + document.getElementById("id-invalid-input-tr").style.display=""; + }// end if + }catch(/*Exception*/ e){ + alert("Error trying to display error: " + e.message); + }// end try + };// end function + + var displayPenTestTools = function(){ + try{ + var laTools = gPenTestToolsJSON.query.penTestTools; + if(laTools && laTools.length > 0){ + document.getElementById("idDisplayTable").style.display=""; + for (var i=0; i<laTools.length; i++){ + addRow(laTools[i]); + }//end for i + }// end if + }catch(/*Exception*/ e){ + alert("Error trying to parse JSON: " + e.message); + }// end try + };// end function +</script> +<span> + <a style="text-decoration: none; cursor: pointer;" href="http://localhost/mutillidae/index.php?page=pen-test-tool-lookup-ajax.php"> + <img style="vertical-align: middle;" src="./images/ajax_logo-285x300.jpg" height="75px" width="78px" /> + <span style="font-weight:bold;">Switch to AJAX Version of page</span> + </a> +</span> +<fieldset style="width: 500px;"> + <legend>Pen Test Tools</legend> + <form action="index.php?page=pen-test-tool-lookup.php" + method="post" + enctype="application/x-www-form-urlencoded" + onsubmit="" + id="idForm"> + <table> + <tr id="id-invalid-input-tr" style="display: none;"> + <td class="error-message" colspan="2"> + Error: Invalid Input - Please choose a tool to lookup. + </td> + </tr> + <tr><td> </td></tr> + <tr> + <td class="form-header" colspan="2">Select Pen Test Tool</td> + </tr> + <tr><td> </td></tr> + <tr> + <td class="label" style="text-align: right;">Pen Test Tool</td> + <td> + <select id="idToolSelect" JSONInjectionPoint="1" name="ToolID"> + <option value="0923ac83-8b50-4eda-ad81-f1aac6168c5c" selected="selected">Please Choose Tool</option> + <option value="c84326e4-7487-41d3-91fd-88280828c756">Show All</option> + <option value="1">WebSecurify</option> +<option value="2">Grendel-Scan</option> +<option value="3">Skipfish</option> +<option value="4">w3af</option> +<option value="5">Burp-Suite</option> +<option value="6">Netsparker Community Edition</option> +<option value="7">NeXpose</option> +<option value="8">Hailstorm</option> +<option value="9">Tamper Data</option> +<option value="10">DirBuster</option> +<option value="11">SQL Inject Me</option> +<option value="12">XSS Me</option> +<option value="13">GreaseMonkey</option> +<option value="14">NSLookup</option> +<option value="15">Whois</option> +<option value="16">Dig</option> +<option value="17">Fierce Domain Scanner</option> +<option value="18">host</option> +<option value="19">zaproxy</option> +<option value="20">Google intitle</option> + </select> + </td> + </tr> + <tr><td> </td></tr> + <tr> + <td colspan="2" style="text-align: center;"> + <input name="pen-test-tool-lookup-php-submit-button" type="submit" value="Lookup Tool" class="button" /> + </td> + </tr> + </table> + </form> +</fieldset> + +<table id="idDisplayTable" style="display:none;"> + <tr><td> </td></tr> + <tr> + <td class="sub-header" colspan="5">Pen Testing Tools</td> + <td> </td> + </tr> + <tr> + <td class="sub-header">Tool ID</td> + <td class="sub-header">Tool Name</td> + <td class="sub-header">Tool Type</td> + <td class="sub-header">Phase Used</td> + <td class="sub-header">Comments</td> + </tr> + <tbody id="idDisplayTableBody" style="font-weight:bold;"></tbody> + <tr><td> </td></tr> +</table> + +<script type="text/javascript"> +<!-- + initializePage(); + displayError(); + displayPenTestTools(); +//--> +</script> + + <!-- End Content --> + </blockquote> + </td> + </tr> + </table> + + +<!-- Bubble hints code --> + +<script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div ReflectedXSSExecutionPoint=\"1\" class="footer">Browser: Wget/1.20.3 (msys)</div><div class="footer">PHP Version: 5.3.28</div></body> +</html><script type="text/javascript"> + try{ + window.localStorage.setItem("LocalStorageTarget","This is set by the index.php page"); + window.sessionStorage.setItem("SessionStorageTarget","This is set by the index.php page"); + }catch(e){ + alert(e); + }; + </script><script type="text/javascript" src="./javascript/jQuery/jquery-1.7.2.js"></script><script type="text/javascript" src="./javascript/jQuery/jquery.balloon.js"></script>
\ No newline at end of file diff --git a/hw7/index.php@page=pen-test-tool-lookup.php.4 b/hw7/index.php@page=pen-test-tool-lookup.php.4 new file mode 100644 index 0000000..ff96dda --- /dev/null +++ b/hw7/index.php@page=pen-test-tool-lookup.php.4 @@ -0,0 +1,700 @@ + + <!-- I think the database password is set to blank or perhaps samurai. + It depends on whether you installed this web app from irongeeks site or + are using it inside Kevin Johnsons Samurai web testing framework. + It is ok to put the password in HTML comments because no user will ever see + this comment. I remember that security instructor saying we should use the + framework comment symbols (ASP.NET, JAVA, PHP, Etc.) + rather than HTML comments, but we all know those + security instructors are just making all this up. --> +<!-- Bubble hints code --> + +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/1999/REC-html401-19991224/loose.dtd"> +<html> +<head> + <meta content="text/html; charset=us-ascii" http-equiv="content-type"> + + <link rel="shortcut icon" href="favicon.ico" type="image/x-icon" /> + <link rel="stylesheet" type="text/css" href="./styles/global-styles.css" /> + <link rel="stylesheet" type="text/css" href="./styles/ddsmoothmenu/ddsmoothmenu.css" /> + <link rel="stylesheet" type="text/css" href="./styles/ddsmoothmenu/ddsmoothmenu-v.css" /> + + <script type="text/javascript" src="./javascript/bookmark-site.js"></script> + <script type="text/javascript" src="./javascript/ddsmoothmenu/ddsmoothmenu.js"></script> + <script type="text/javascript" src="./javascript/ddsmoothmenu/jquery.min.js"> + /*********************************************** + * Smooth Navigational Menu- (c) Dynamic Drive DHTML code library (www.dynamicdrive.com) + * This notice MUST stay intact for legal use + * Visit Dynamic Drive at http://www.dynamicdrive.com/ for full source code + ***********************************************/ + </script> + <script type="text/javascript"> + ddsmoothmenu.init({ + mainmenuid: "smoothmenu1", //menu DIV id + orientation: 'v', //Horizontal or vertical menu: Set to "h" or "v" + classname: 'ddsmoothmenu', //class added to menu's outer DIV + //customtheme: ["#cccc44", "#cccccc"], + contentsource: "markup" //"markup" or ["container_id", "path_to_menu_file"] + }); + </script> + <script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + $('[CookieTamperingAffectedArea]').attr("title", "Cookies may store system state information"); + $('[CookieTamperingAffectedArea]').balloon(); + }); + </script> +</head> +<body onload="onLoadOfBody(this);"> +<table class="main-table-frame" border="1px" cellspacing="0px" cellpadding="0px"> + <tr> + <td bgcolor="#ccccff" align="center" colspan="7"> + <table width="100%"> + <tr> + <td style="text-align:center;"> + <span style="text-align:center; font-weight: bold; font-size:30px; text-align: center;"> + <img style="vertical-align: middle; margin-right: 10px;" border="0px" width="50px" height="40px" align="top" src="./images/coykillericon.png"/> + NOWASP (Mutillidae): Hack Like You Mean It + </span> + </td> + </tr> + </table> + </td> + </tr> + <tr> + <td bgcolor="#ccccff" align="center" colspan="7"> + <span class="version-header">Version: 2.3.10</span> + <span id="idSecurityLevelHeading" class="version-header" style="margin-left: 40px;">Security Level: 0 (Hosed)</span> + <span id="idHintsStatusHeading" CookieTamperingAffectedArea="1" class="version-header" style="margin-left: 40px;">Hints: Disabled (0 - I try harder)</span> + <span id="idSystemInformationHeading" ReflectedXSSExecutionPoint="1" class="version-header" style="margin-left: 40px;">Not Logged In</span> + </td> + </tr> + <tr> + <td colspan="2" class="header-menu-table"> + <table class="header-menu-table"> + <tr> + <td><a href="index.php?page=home.php">Home</a></td> + <td>|</td> + <td> + <a href="./index.php?page=login.php">Login/Register</a> + </td> + <td>|</td> + <td><a href="./index.php?do=toggle-hints&page=pen-test-tool-lookup.php">Toggle Hints</a></td><td>|</td> <td><a href="./index.php?do=toggle-security&page=pen-test-tool-lookup.php">Toggle Security</a></td> + <td>|</td> + <td><a href="set-up-database.php">Reset DB</a></td> + <td>|</td> + <td><a href="./index.php?page=show-log.php">View Log</a></td> + <td>|</td> + <td><a href="./index.php?page=captured-data.php">View Captured Data</a></td> + <td>|</td> + <td><a href="./index.php?do=toggle-bubble-hints&page=pen-test-tool-lookup.php">Hide Popup Hints</a></td> + </tr> + </table> + </td> + </tr> + <tr> + <td style="vertical-align:top;text-align:left;background-color:#ccccff;width:10%"> + <div id="smoothmenu1" class="ddsmoothmenu"> + <ul> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">Core Controls</a> + <ul> + <li><a href="index.php?page=home.php">Home</a></li> + <li> + <a href="./index.php?page=login.php">Login/Register</a> </li> + <li><a href="./index.php?do=toggle-hints&page=pen-test-tool-lookup.php">Toggle Hints</a></li> <li><a href="./index.php?do=toggle-security&page=pen-test-tool-lookup.php">Toggle Security</a></li> + <li><a href="set-up-database.php">Setup/Reset the DB</a></li> + <li><a href="./index.php?page=show-log.php">Show Log</a></li> + <li><a href="./index.php?page=credits.php">Credits</a></li> + <li><a href="./index.php?do=toggle-bubble-hints&page=pen-test-tool-lookup.php">Hide Popup Hints</a></li> + </ul> + </li> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">OWASP Top 10</a> + <ul> + <li> + <a href="">A1 - SQL Injection</a> + <ul> + <li> + <a href="">SQLi - Extract Data</a> + <ul> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">SQLi - Bypass Authentication</a> + <ul> + <li><a href="./index.php?page=login.php">Login</a></li> + </ul> + </li> + <li> + <a href="">SQLi - Insert Injection</a> + <ul> + <li><a href="./index.php?page=register.php">Register</a></li> + </ul> + </li> + <li> + <a href="">Blind SQL via Timing</a> + <ul> + <li><a href="./index.php?page=login.php">Login</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">SQLMAP Practice Target</a> + <ul> + <li><a href="./index.php?page=view-someones-blog.php">View Someones Blog</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">Via JavaScript Object Notation (JSON)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href="">A1 - Other Injection</a> + <ul> + <li> + <a href="">HTML Injection (HTMLi)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + </ul> + </li> + <li> + <a href="">HTMLi via HTTP Headers</a> + <ul> + <li><a href="./index.php?page=site-footer-xss-discussion.php">Site Footer</a><li> + <li><a href="">HTTP Response Splitting (Hint: Difficult)</a></li> + </ul> + </li> + <li> + <a href="">HTMLi Via DOM Injection</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">HTMLi Via Cookie Injection</a> + <ul> + <li><a href="index.php?page=capture-data.php">Capture Data Page</a></li> + </ul> + </li> + <li> + <a href="">Frame Source Injection</a> + <ul> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Injection</a> + <ul> + <li><a href="./index.php">Those "Back" Buttons</a></li> + <li> + <a href="./index.php?page=password-generator.php&username=anonymous"> + Password Generator + </a> + </li> + <li><a href="./index.php?page=browser-info.php">Browser Info</a></li> + </ul> + </li> + <li> + <a href="">HTTP Parameter Pollution</a> + <ul> + <li><a href="./index.php?page=user-poll.php">Poll Question</a></li> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">Cascading Style Injection</a> + <ul> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Object Notation (JSON) Injection</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + <li> + <a href="">Buffer Overflow</a> + <ul> + <li><a href="./index.php?page=repeater.php">Repeater</a></li> + </ul> + </li> + <li> + <a href="">Parameter Addition</a> + <ul> + <li><a href="./index.php?page=repeater.php">Repeater</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href="">A2 - Cross Site Scripting (XSS)</a> + <ul> + <li> + <a href="">Reflected (First Order)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + <li><a href="./index.php?page=html5-storage.php">HTML5 Storage</a></li> + <li><a href="./index.php?page=capture-data.php">Capture Data Page</a></li> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">Persistent (Second Order)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="?page=view-someones-blog.php">View someone's blog</a></li> + <li><a href="?page=show-log.php">Show Log</a><li> + </ul> + </li> + <li> + <a href="">DOM Injection</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Via "Input" (GET/POST)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="?page=view-someones-blog.php">View someone's blog</a></li> + <li><a href="?page=show-log.php">Show Log</a><li> + <li><a href="?page=user-info.php">User Info</a></li> + <li><a href="./index.php">Missing HTTPOnly Attribute</a></li> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + </ul> + </li> + <li> + <a href="">Via HTTP Headers</a> + <ul> + <li><a href="./index.php?page=browser-info.php">Browser Info</a></li> + <li><a href="./index.php?page=show-log.php">Show Log</a><li> + <li><a href="./index.php?page=site-footer-xss-discussion.php">Site Footer</a><li> + <li><a href="./index.php?page=html5-storage.php">Those "BACK" Buttons</a></li> + </ul> + </li> + <li> + <a href="">Via Misconfiguration</a> + <ul> + <li><a href="./index.php">Missing HTTPOnly Attribute</a></li> + </ul> + </li> + <li> + <a href="">Against HTML 5 Storage</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Against JSON</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + </ul> + </li> + <li> + <a href="">Via Cookie Injection</a> + <ul> + <li><a href="index.php?page=capture-data.php">Capture Data Page</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href=""> + A3 - Broken Authentication and Session Management + </a> + <ul> + <li><a href="index.php">Cookies</a></li> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=view-user-privilege-level.php&iv=6bc24fc1ab650b25b4114e93a98f1eba">View User Privileges</a></li> + </ul> + </li> + <li> + <a href="">A4 - Insecure Direct Object References</a> + <ul> + <li><a href="index.php?page=source-viewer.php">Source Viewer</a></li> + <li><a href="index.php?page=credits.php">Credits</a></li> + <li><a href="index.php">Cookies</a></li> + <li><a href="index.php?page=arbitrary-file-inclusion.php">Arbitrary File Inclusion</a></li> + </ul> + </li> + <li> + <a href="">A5 - Cross Site Request Forgery (CSRF)</a> + <ul> + <li><a href="index.php?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="./index.php?page=register.php">Register User</a></li> + </ul> + </li> + <li> + <a href="">A6 - Security Misconfiguration</a> + <ul> + <li><a href="index.php?page=directory-browsing.php">Directory Browsing</a></li> + <li><a href="./index.php?page=user-info.php">Method Tampering (GET for POST)</a></li> + </ul> + </li> + <li> + <a href="">A7 - Insecure Cryptographic Storage</a> + <ul> + <li><a href="index.php?page=user-info.php">User Info</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">A8 - Failure to Restrict URL Access</a> + <ul> + <li><a href="index.php?page=source-viewer.php">Source Viewer</a></li> + <li><a href="index.php?page=secret-administrative-pages.php">"Secret" Administrative Pages</a></li> + <li><a href="index.php?page=robots-txt.php">Robots.txt</a></li> + </ul> + </li> + <li> + <a href="">A9 - Insufficient Transport Layer Protection</a> + <ul> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">A10 - Unvalidated Redirects and Forwards</a> + <ul> + <li><a href="?page=credits.php">Credits</a></li> + <a href="#">Setup/reset the DB (Disabled: Not Admin)</a></li> + + </ul> + </li> + </ul> + </li> + <li style="border-color: #ffffff; border-style: solid;border-width: 1px"> + <a href="#">HTML 5</a> + <ul> + <li> + <a href="">HTML 5 Web Storage</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Object Notation (JSON)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + <li> + <a href="">Asyncronous JavaScript and XML (AJAX)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + </ul> + </li> + <li style="border-color: #ffffff; border-style: solid;border-width: 1px"> + <a href="#">Others</a> + <ul> + <li> + <a href="">OWASP 2007 A3 - Malicious File Execution</a> + <ul> + <li><a href="?page=source-viewer.php">Source Viewer</a></li> + </ul> + </li> + <li> + <a href="">OWASP 2007 A6 - Information Leakage and Improper Error Handling</a> + <ul> + <li><a href="index.php">Cache Control</a></li> + <li><a href="index.php">X-Powered-By HTTP Header</a></li> + <li><a href="index.php">HTML/JavaScript Comments</a></li> + <li><a href="index.php?page=framing.php">Click-Jacking</a></li> + <li><a href="framer.html">Cross-Site Framing (Third-Party Framing)</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Denial of Service</a> + <ul> + <li><a href="?page=show-log.php">Show Web Log</a><li> + </ul> + </li> + <li> + <a href="">JavaScript "Security"</a> + <ul> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=user-info.php">User Info</a></li> + <li><a href="index.php?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="index.php?page=user-agent-impersonation.php">User-Agent Impersonation</a> + </li> + <li> + <a href="">Data Capture Pages</a> + <ul> + <li><a href="index.php?page=capture-data.php">Data Capture</a></li> + <li><a href="index.php?page=captured-data.php">View Captured Data</a></li> + </ul> + </li> + + </ul> + </li> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">Documentation</a> + <ul> + <li><a href="index.php?page=documentation/vulnerabilities.php">Listing of Vulnerabilities</a></li> + </ul> + </li> + </ul> + <br style="clear: left" /> + </div> + + <div class="label" style="text-align: center;">Developed by Adrian "Irongeek" Crenshaw and Jeremy Druin</div> + </td> + +<td valign="top"> + <blockquote> + <!-- Begin Content --> + + +<script type="text/javascript"> + $(function() { + $('[JSONInjectionPoint]').attr("title", "User input is incorporated into the JSON returned from the server"); + $('[JSONInjectionPoint]').balloon(); + }); +</script> + +<div class="page-title">Pen Test Tool Lookup</div> + + + +<script type="text/javascript"> + $(function() { + $('[HTMLEventReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[HTMLEventReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div style="margin: 5px;"> + <span style="font-weight: bold;" HTMLEventReflectedXSSExecutionPoint="1"> + <a onclick="document.location.href='';" + style="cursor:pointer;"> + <img src="./images/back-button-128px-by-128px.png" + alt="Back" + width="64px" + height="64px" + align="middle" + /> + + Back + </a> + </span> +</div> +<!-- BEGIN HTML OUTPUT --> +<script type="text/javascript"> + + var gUseJavaScriptValidation = "FALSE"; +var gDisplayError = "FALSE"; +try{ + var gPenTestToolsJSON = ( {"query": {"toolIDRequested": "3"}};//", "penTestTools": [{"tool_id":"3","tool_name":"Skipfish","phase_to_use":"Discovery","tool_type":"Scanner","comment":"Agressive. Fast. Uses wordlists to brute force directories."}]}} ); + }catch(e){ + alert("Error trying to evaluate JSON: " + e.message); + }; + + + var addRow = function(pRowOfData){ + try{ + var lDocRoot = window.document; + var lTBody = lDocRoot.getElementById("idDisplayTableBody"); + var lTR = lDocRoot.createElement("tr"); + + //tool_id, tool_name, phase_to_use, tool_type, comment + + var lToolIDTD = lDocRoot.createElement("td"); + var lToolNameTD = lDocRoot.createElement("td"); + var lPhaseTD = lDocRoot.createElement("td"); + var lToolTypeTD = lDocRoot.createElement("td"); + var lCommentTD = lDocRoot.createElement("td"); + + //lKeyTD.addAttribute("class", "label"); + lToolIDTD.setAttribute("class","sub-body"); + lToolNameTD.setAttribute("class","sub-body"); + lToolNameTD.setAttribute("style","color:#770000"); + lPhaseTD.setAttribute("class","sub-body"); + lToolTypeTD.setAttribute("class","sub-body"); + lCommentTD.setAttribute("class","sub-body"); + lCommentTD.setAttribute("style","font-weight: normal"); + + lToolIDTD.appendChild(lDocRoot.createTextNode(pRowOfData.tool_id)); + lToolNameTD.appendChild(lDocRoot.createTextNode(pRowOfData.tool_name)); + lPhaseTD.appendChild(lDocRoot.createTextNode(pRowOfData.phase_to_use)); + lToolTypeTD.appendChild(lDocRoot.createTextNode(pRowOfData.tool_type)); + lCommentTD.appendChild(lDocRoot.createTextNode(pRowOfData.comment)); + + lTR.appendChild(lToolIDTD); + lTR.appendChild(lToolNameTD); + lTR.appendChild(lPhaseTD); + lTR.appendChild(lToolTypeTD); + lTR.appendChild(lCommentTD); + + lTBody.appendChild(lTR); + }catch(/*Exception*/ e){ + alert("Error trying to add row in function addRow(): " + e.name + "-" + e.message); + }// end try + };//end JavaScript function addRow + + var initializePage = function(){ + try{ + document.getElementById("idToolSelect").focus(); + }catch(/*Exception*/ e){ + alert("Error trying to initialize page: " + e.message); + }// end try + };// end function + + var displayError = function(){ + try{ + if(gDisplayError == "TRUE"){ + document.getElementById("id-invalid-input-tr").style.display=""; + }// end if + }catch(/*Exception*/ e){ + alert("Error trying to display error: " + e.message); + }// end try + };// end function + + var displayPenTestTools = function(){ + try{ + var laTools = gPenTestToolsJSON.query.penTestTools; + if(laTools && laTools.length > 0){ + document.getElementById("idDisplayTable").style.display=""; + for (var i=0; i<laTools.length; i++){ + addRow(laTools[i]); + }//end for i + }// end if + }catch(/*Exception*/ e){ + alert("Error trying to parse JSON: " + e.message); + }// end try + };// end function +</script> +<span> + <a style="text-decoration: none; cursor: pointer;" href="http://localhost/mutillidae/index.php?page=pen-test-tool-lookup-ajax.php"> + <img style="vertical-align: middle;" src="./images/ajax_logo-285x300.jpg" height="75px" width="78px" /> + <span style="font-weight:bold;">Switch to AJAX Version of page</span> + </a> +</span> +<fieldset style="width: 500px;"> + <legend>Pen Test Tools</legend> + <form action="index.php?page=pen-test-tool-lookup.php" + method="post" + enctype="application/x-www-form-urlencoded" + onsubmit="" + id="idForm"> + <table> + <tr id="id-invalid-input-tr" style="display: none;"> + <td class="error-message" colspan="2"> + Error: Invalid Input - Please choose a tool to lookup. + </td> + </tr> + <tr><td> </td></tr> + <tr> + <td class="form-header" colspan="2">Select Pen Test Tool</td> + </tr> + <tr><td> </td></tr> + <tr> + <td class="label" style="text-align: right;">Pen Test Tool</td> + <td> + <select id="idToolSelect" JSONInjectionPoint="1" name="ToolID"> + <option value="0923ac83-8b50-4eda-ad81-f1aac6168c5c" selected="selected">Please Choose Tool</option> + <option value="c84326e4-7487-41d3-91fd-88280828c756">Show All</option> + <option value="1">WebSecurify</option> +<option value="2">Grendel-Scan</option> +<option value="3">Skipfish</option> +<option value="4">w3af</option> +<option value="5">Burp-Suite</option> +<option value="6">Netsparker Community Edition</option> +<option value="7">NeXpose</option> +<option value="8">Hailstorm</option> +<option value="9">Tamper Data</option> +<option value="10">DirBuster</option> +<option value="11">SQL Inject Me</option> +<option value="12">XSS Me</option> +<option value="13">GreaseMonkey</option> +<option value="14">NSLookup</option> +<option value="15">Whois</option> +<option value="16">Dig</option> +<option value="17">Fierce Domain Scanner</option> +<option value="18">host</option> +<option value="19">zaproxy</option> +<option value="20">Google intitle</option> + </select> + </td> + </tr> + <tr><td> </td></tr> + <tr> + <td colspan="2" style="text-align: center;"> + <input name="pen-test-tool-lookup-php-submit-button" type="submit" value="Lookup Tool" class="button" /> + </td> + </tr> + </table> + </form> +</fieldset> + +<table id="idDisplayTable" style="display:none;"> + <tr><td> </td></tr> + <tr> + <td class="sub-header" colspan="5">Pen Testing Tools</td> + <td> </td> + </tr> + <tr> + <td class="sub-header">Tool ID</td> + <td class="sub-header">Tool Name</td> + <td class="sub-header">Tool Type</td> + <td class="sub-header">Phase Used</td> + <td class="sub-header">Comments</td> + </tr> + <tbody id="idDisplayTableBody" style="font-weight:bold;"></tbody> + <tr><td> </td></tr> +</table> + +<script type="text/javascript"> +<!-- + initializePage(); + displayError(); + displayPenTestTools(); +//--> +</script> + + <!-- End Content --> + </blockquote> + </td> + </tr> + </table> + + +<!-- Bubble hints code --> + +<script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div ReflectedXSSExecutionPoint=\"1\" class="footer">Browser: Wget/1.20.3 (msys)</div><div class="footer">PHP Version: 5.3.28</div></body> +</html><script type="text/javascript"> + try{ + window.localStorage.setItem("LocalStorageTarget","This is set by the index.php page"); + window.sessionStorage.setItem("SessionStorageTarget","This is set by the index.php page"); + }catch(e){ + alert(e); + }; + </script><script type="text/javascript" src="./javascript/jQuery/jquery-1.7.2.js"></script><script type="text/javascript" src="./javascript/jQuery/jquery.balloon.js"></script>
\ No newline at end of file diff --git a/hw7/index.php@page=pen-test-tool-lookup.php.5 b/hw7/index.php@page=pen-test-tool-lookup.php.5 new file mode 100644 index 0000000..415042e --- /dev/null +++ b/hw7/index.php@page=pen-test-tool-lookup.php.5 @@ -0,0 +1,700 @@ + + <!-- I think the database password is set to blank or perhaps samurai. + It depends on whether you installed this web app from irongeeks site or + are using it inside Kevin Johnsons Samurai web testing framework. + It is ok to put the password in HTML comments because no user will ever see + this comment. I remember that security instructor saying we should use the + framework comment symbols (ASP.NET, JAVA, PHP, Etc.) + rather than HTML comments, but we all know those + security instructors are just making all this up. --> +<!-- Bubble hints code --> + +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/1999/REC-html401-19991224/loose.dtd"> +<html> +<head> + <meta content="text/html; charset=us-ascii" http-equiv="content-type"> + + <link rel="shortcut icon" href="favicon.ico" type="image/x-icon" /> + <link rel="stylesheet" type="text/css" href="./styles/global-styles.css" /> + <link rel="stylesheet" type="text/css" href="./styles/ddsmoothmenu/ddsmoothmenu.css" /> + <link rel="stylesheet" type="text/css" href="./styles/ddsmoothmenu/ddsmoothmenu-v.css" /> + + <script type="text/javascript" src="./javascript/bookmark-site.js"></script> + <script type="text/javascript" src="./javascript/ddsmoothmenu/ddsmoothmenu.js"></script> + <script type="text/javascript" src="./javascript/ddsmoothmenu/jquery.min.js"> + /*********************************************** + * Smooth Navigational Menu- (c) Dynamic Drive DHTML code library (www.dynamicdrive.com) + * This notice MUST stay intact for legal use + * Visit Dynamic Drive at http://www.dynamicdrive.com/ for full source code + ***********************************************/ + </script> + <script type="text/javascript"> + ddsmoothmenu.init({ + mainmenuid: "smoothmenu1", //menu DIV id + orientation: 'v', //Horizontal or vertical menu: Set to "h" or "v" + classname: 'ddsmoothmenu', //class added to menu's outer DIV + //customtheme: ["#cccc44", "#cccccc"], + contentsource: "markup" //"markup" or ["container_id", "path_to_menu_file"] + }); + </script> + <script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + $('[CookieTamperingAffectedArea]').attr("title", "Cookies may store system state information"); + $('[CookieTamperingAffectedArea]').balloon(); + }); + </script> +</head> +<body onload="onLoadOfBody(this);"> +<table class="main-table-frame" border="1px" cellspacing="0px" cellpadding="0px"> + <tr> + <td bgcolor="#ccccff" align="center" colspan="7"> + <table width="100%"> + <tr> + <td style="text-align:center;"> + <span style="text-align:center; font-weight: bold; font-size:30px; text-align: center;"> + <img style="vertical-align: middle; margin-right: 10px;" border="0px" width="50px" height="40px" align="top" src="./images/coykillericon.png"/> + NOWASP (Mutillidae): Hack Like You Mean It + </span> + </td> + </tr> + </table> + </td> + </tr> + <tr> + <td bgcolor="#ccccff" align="center" colspan="7"> + <span class="version-header">Version: 2.3.10</span> + <span id="idSecurityLevelHeading" class="version-header" style="margin-left: 40px;">Security Level: 0 (Hosed)</span> + <span id="idHintsStatusHeading" CookieTamperingAffectedArea="1" class="version-header" style="margin-left: 40px;">Hints: Disabled (0 - I try harder)</span> + <span id="idSystemInformationHeading" ReflectedXSSExecutionPoint="1" class="version-header" style="margin-left: 40px;">Not Logged In</span> + </td> + </tr> + <tr> + <td colspan="2" class="header-menu-table"> + <table class="header-menu-table"> + <tr> + <td><a href="index.php?page=home.php">Home</a></td> + <td>|</td> + <td> + <a href="./index.php?page=login.php">Login/Register</a> + </td> + <td>|</td> + <td><a href="./index.php?do=toggle-hints&page=pen-test-tool-lookup.php">Toggle Hints</a></td><td>|</td> <td><a href="./index.php?do=toggle-security&page=pen-test-tool-lookup.php">Toggle Security</a></td> + <td>|</td> + <td><a href="set-up-database.php">Reset DB</a></td> + <td>|</td> + <td><a href="./index.php?page=show-log.php">View Log</a></td> + <td>|</td> + <td><a href="./index.php?page=captured-data.php">View Captured Data</a></td> + <td>|</td> + <td><a href="./index.php?do=toggle-bubble-hints&page=pen-test-tool-lookup.php">Hide Popup Hints</a></td> + </tr> + </table> + </td> + </tr> + <tr> + <td style="vertical-align:top;text-align:left;background-color:#ccccff;width:10%"> + <div id="smoothmenu1" class="ddsmoothmenu"> + <ul> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">Core Controls</a> + <ul> + <li><a href="index.php?page=home.php">Home</a></li> + <li> + <a href="./index.php?page=login.php">Login/Register</a> </li> + <li><a href="./index.php?do=toggle-hints&page=pen-test-tool-lookup.php">Toggle Hints</a></li> <li><a href="./index.php?do=toggle-security&page=pen-test-tool-lookup.php">Toggle Security</a></li> + <li><a href="set-up-database.php">Setup/Reset the DB</a></li> + <li><a href="./index.php?page=show-log.php">Show Log</a></li> + <li><a href="./index.php?page=credits.php">Credits</a></li> + <li><a href="./index.php?do=toggle-bubble-hints&page=pen-test-tool-lookup.php">Hide Popup Hints</a></li> + </ul> + </li> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">OWASP Top 10</a> + <ul> + <li> + <a href="">A1 - SQL Injection</a> + <ul> + <li> + <a href="">SQLi - Extract Data</a> + <ul> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">SQLi - Bypass Authentication</a> + <ul> + <li><a href="./index.php?page=login.php">Login</a></li> + </ul> + </li> + <li> + <a href="">SQLi - Insert Injection</a> + <ul> + <li><a href="./index.php?page=register.php">Register</a></li> + </ul> + </li> + <li> + <a href="">Blind SQL via Timing</a> + <ul> + <li><a href="./index.php?page=login.php">Login</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">SQLMAP Practice Target</a> + <ul> + <li><a href="./index.php?page=view-someones-blog.php">View Someones Blog</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">Via JavaScript Object Notation (JSON)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href="">A1 - Other Injection</a> + <ul> + <li> + <a href="">HTML Injection (HTMLi)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + </ul> + </li> + <li> + <a href="">HTMLi via HTTP Headers</a> + <ul> + <li><a href="./index.php?page=site-footer-xss-discussion.php">Site Footer</a><li> + <li><a href="">HTTP Response Splitting (Hint: Difficult)</a></li> + </ul> + </li> + <li> + <a href="">HTMLi Via DOM Injection</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">HTMLi Via Cookie Injection</a> + <ul> + <li><a href="index.php?page=capture-data.php">Capture Data Page</a></li> + </ul> + </li> + <li> + <a href="">Frame Source Injection</a> + <ul> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Injection</a> + <ul> + <li><a href="./index.php">Those "Back" Buttons</a></li> + <li> + <a href="./index.php?page=password-generator.php&username=anonymous"> + Password Generator + </a> + </li> + <li><a href="./index.php?page=browser-info.php">Browser Info</a></li> + </ul> + </li> + <li> + <a href="">HTTP Parameter Pollution</a> + <ul> + <li><a href="./index.php?page=user-poll.php">Poll Question</a></li> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">Cascading Style Injection</a> + <ul> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Object Notation (JSON) Injection</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + <li> + <a href="">Buffer Overflow</a> + <ul> + <li><a href="./index.php?page=repeater.php">Repeater</a></li> + </ul> + </li> + <li> + <a href="">Parameter Addition</a> + <ul> + <li><a href="./index.php?page=repeater.php">Repeater</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href="">A2 - Cross Site Scripting (XSS)</a> + <ul> + <li> + <a href="">Reflected (First Order)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + <li><a href="./index.php?page=html5-storage.php">HTML5 Storage</a></li> + <li><a href="./index.php?page=capture-data.php">Capture Data Page</a></li> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">Persistent (Second Order)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="?page=view-someones-blog.php">View someone's blog</a></li> + <li><a href="?page=show-log.php">Show Log</a><li> + </ul> + </li> + <li> + <a href="">DOM Injection</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Via "Input" (GET/POST)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="?page=view-someones-blog.php">View someone's blog</a></li> + <li><a href="?page=show-log.php">Show Log</a><li> + <li><a href="?page=user-info.php">User Info</a></li> + <li><a href="./index.php">Missing HTTPOnly Attribute</a></li> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + </ul> + </li> + <li> + <a href="">Via HTTP Headers</a> + <ul> + <li><a href="./index.php?page=browser-info.php">Browser Info</a></li> + <li><a href="./index.php?page=show-log.php">Show Log</a><li> + <li><a href="./index.php?page=site-footer-xss-discussion.php">Site Footer</a><li> + <li><a href="./index.php?page=html5-storage.php">Those "BACK" Buttons</a></li> + </ul> + </li> + <li> + <a href="">Via Misconfiguration</a> + <ul> + <li><a href="./index.php">Missing HTTPOnly Attribute</a></li> + </ul> + </li> + <li> + <a href="">Against HTML 5 Storage</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Against JSON</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + </ul> + </li> + <li> + <a href="">Via Cookie Injection</a> + <ul> + <li><a href="index.php?page=capture-data.php">Capture Data Page</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href=""> + A3 - Broken Authentication and Session Management + </a> + <ul> + <li><a href="index.php">Cookies</a></li> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=view-user-privilege-level.php&iv=6bc24fc1ab650b25b4114e93a98f1eba">View User Privileges</a></li> + </ul> + </li> + <li> + <a href="">A4 - Insecure Direct Object References</a> + <ul> + <li><a href="index.php?page=source-viewer.php">Source Viewer</a></li> + <li><a href="index.php?page=credits.php">Credits</a></li> + <li><a href="index.php">Cookies</a></li> + <li><a href="index.php?page=arbitrary-file-inclusion.php">Arbitrary File Inclusion</a></li> + </ul> + </li> + <li> + <a href="">A5 - Cross Site Request Forgery (CSRF)</a> + <ul> + <li><a href="index.php?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="./index.php?page=register.php">Register User</a></li> + </ul> + </li> + <li> + <a href="">A6 - Security Misconfiguration</a> + <ul> + <li><a href="index.php?page=directory-browsing.php">Directory Browsing</a></li> + <li><a href="./index.php?page=user-info.php">Method Tampering (GET for POST)</a></li> + </ul> + </li> + <li> + <a href="">A7 - Insecure Cryptographic Storage</a> + <ul> + <li><a href="index.php?page=user-info.php">User Info</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">A8 - Failure to Restrict URL Access</a> + <ul> + <li><a href="index.php?page=source-viewer.php">Source Viewer</a></li> + <li><a href="index.php?page=secret-administrative-pages.php">"Secret" Administrative Pages</a></li> + <li><a href="index.php?page=robots-txt.php">Robots.txt</a></li> + </ul> + </li> + <li> + <a href="">A9 - Insufficient Transport Layer Protection</a> + <ul> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">A10 - Unvalidated Redirects and Forwards</a> + <ul> + <li><a href="?page=credits.php">Credits</a></li> + <a href="#">Setup/reset the DB (Disabled: Not Admin)</a></li> + + </ul> + </li> + </ul> + </li> + <li style="border-color: #ffffff; border-style: solid;border-width: 1px"> + <a href="#">HTML 5</a> + <ul> + <li> + <a href="">HTML 5 Web Storage</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Object Notation (JSON)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + <li> + <a href="">Asyncronous JavaScript and XML (AJAX)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + </ul> + </li> + <li style="border-color: #ffffff; border-style: solid;border-width: 1px"> + <a href="#">Others</a> + <ul> + <li> + <a href="">OWASP 2007 A3 - Malicious File Execution</a> + <ul> + <li><a href="?page=source-viewer.php">Source Viewer</a></li> + </ul> + </li> + <li> + <a href="">OWASP 2007 A6 - Information Leakage and Improper Error Handling</a> + <ul> + <li><a href="index.php">Cache Control</a></li> + <li><a href="index.php">X-Powered-By HTTP Header</a></li> + <li><a href="index.php">HTML/JavaScript Comments</a></li> + <li><a href="index.php?page=framing.php">Click-Jacking</a></li> + <li><a href="framer.html">Cross-Site Framing (Third-Party Framing)</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Denial of Service</a> + <ul> + <li><a href="?page=show-log.php">Show Web Log</a><li> + </ul> + </li> + <li> + <a href="">JavaScript "Security"</a> + <ul> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=user-info.php">User Info</a></li> + <li><a href="index.php?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="index.php?page=user-agent-impersonation.php">User-Agent Impersonation</a> + </li> + <li> + <a href="">Data Capture Pages</a> + <ul> + <li><a href="index.php?page=capture-data.php">Data Capture</a></li> + <li><a href="index.php?page=captured-data.php">View Captured Data</a></li> + </ul> + </li> + + </ul> + </li> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">Documentation</a> + <ul> + <li><a href="index.php?page=documentation/vulnerabilities.php">Listing of Vulnerabilities</a></li> + </ul> + </li> + </ul> + <br style="clear: left" /> + </div> + + <div class="label" style="text-align: center;">Developed by Adrian "Irongeek" Crenshaw and Jeremy Druin</div> + </td> + +<td valign="top"> + <blockquote> + <!-- Begin Content --> + + +<script type="text/javascript"> + $(function() { + $('[JSONInjectionPoint]').attr("title", "User input is incorporated into the JSON returned from the server"); + $('[JSONInjectionPoint]').balloon(); + }); +</script> + +<div class="page-title">Pen Test Tool Lookup</div> + + + +<script type="text/javascript"> + $(function() { + $('[HTMLEventReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[HTMLEventReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div style="margin: 5px;"> + <span style="font-weight: bold;" HTMLEventReflectedXSSExecutionPoint="1"> + <a onclick="document.location.href='';" + style="cursor:pointer;"> + <img src="./images/back-button-128px-by-128px.png" + alt="Back" + width="64px" + height="64px" + align="middle" + /> + + Back + </a> + </span> +</div> +<!-- BEGIN HTML OUTPUT --> +<script type="text/javascript"> + + var gUseJavaScriptValidation = "FALSE"; +var gDisplayError = "FALSE"; +try{ + var gPenTestToolsJSON = ( {"query": {"toolIDRequested": "3"}};xss("xss");//", "penTestTools": [{"tool_id":"3","tool_name":"Skipfish","phase_to_use":"Discovery","tool_type":"Scanner","comment":"Agressive. Fast. Uses wordlists to brute force directories."}]}} ); + }catch(e){ + alert("Error trying to evaluate JSON: " + e.message); + }; + + + var addRow = function(pRowOfData){ + try{ + var lDocRoot = window.document; + var lTBody = lDocRoot.getElementById("idDisplayTableBody"); + var lTR = lDocRoot.createElement("tr"); + + //tool_id, tool_name, phase_to_use, tool_type, comment + + var lToolIDTD = lDocRoot.createElement("td"); + var lToolNameTD = lDocRoot.createElement("td"); + var lPhaseTD = lDocRoot.createElement("td"); + var lToolTypeTD = lDocRoot.createElement("td"); + var lCommentTD = lDocRoot.createElement("td"); + + //lKeyTD.addAttribute("class", "label"); + lToolIDTD.setAttribute("class","sub-body"); + lToolNameTD.setAttribute("class","sub-body"); + lToolNameTD.setAttribute("style","color:#770000"); + lPhaseTD.setAttribute("class","sub-body"); + lToolTypeTD.setAttribute("class","sub-body"); + lCommentTD.setAttribute("class","sub-body"); + lCommentTD.setAttribute("style","font-weight: normal"); + + lToolIDTD.appendChild(lDocRoot.createTextNode(pRowOfData.tool_id)); + lToolNameTD.appendChild(lDocRoot.createTextNode(pRowOfData.tool_name)); + lPhaseTD.appendChild(lDocRoot.createTextNode(pRowOfData.phase_to_use)); + lToolTypeTD.appendChild(lDocRoot.createTextNode(pRowOfData.tool_type)); + lCommentTD.appendChild(lDocRoot.createTextNode(pRowOfData.comment)); + + lTR.appendChild(lToolIDTD); + lTR.appendChild(lToolNameTD); + lTR.appendChild(lPhaseTD); + lTR.appendChild(lToolTypeTD); + lTR.appendChild(lCommentTD); + + lTBody.appendChild(lTR); + }catch(/*Exception*/ e){ + alert("Error trying to add row in function addRow(): " + e.name + "-" + e.message); + }// end try + };//end JavaScript function addRow + + var initializePage = function(){ + try{ + document.getElementById("idToolSelect").focus(); + }catch(/*Exception*/ e){ + alert("Error trying to initialize page: " + e.message); + }// end try + };// end function + + var displayError = function(){ + try{ + if(gDisplayError == "TRUE"){ + document.getElementById("id-invalid-input-tr").style.display=""; + }// end if + }catch(/*Exception*/ e){ + alert("Error trying to display error: " + e.message); + }// end try + };// end function + + var displayPenTestTools = function(){ + try{ + var laTools = gPenTestToolsJSON.query.penTestTools; + if(laTools && laTools.length > 0){ + document.getElementById("idDisplayTable").style.display=""; + for (var i=0; i<laTools.length; i++){ + addRow(laTools[i]); + }//end for i + }// end if + }catch(/*Exception*/ e){ + alert("Error trying to parse JSON: " + e.message); + }// end try + };// end function +</script> +<span> + <a style="text-decoration: none; cursor: pointer;" href="http://localhost/mutillidae/index.php?page=pen-test-tool-lookup-ajax.php"> + <img style="vertical-align: middle;" src="./images/ajax_logo-285x300.jpg" height="75px" width="78px" /> + <span style="font-weight:bold;">Switch to AJAX Version of page</span> + </a> +</span> +<fieldset style="width: 500px;"> + <legend>Pen Test Tools</legend> + <form action="index.php?page=pen-test-tool-lookup.php" + method="post" + enctype="application/x-www-form-urlencoded" + onsubmit="" + id="idForm"> + <table> + <tr id="id-invalid-input-tr" style="display: none;"> + <td class="error-message" colspan="2"> + Error: Invalid Input - Please choose a tool to lookup. + </td> + </tr> + <tr><td> </td></tr> + <tr> + <td class="form-header" colspan="2">Select Pen Test Tool</td> + </tr> + <tr><td> </td></tr> + <tr> + <td class="label" style="text-align: right;">Pen Test Tool</td> + <td> + <select id="idToolSelect" JSONInjectionPoint="1" name="ToolID"> + <option value="0923ac83-8b50-4eda-ad81-f1aac6168c5c" selected="selected">Please Choose Tool</option> + <option value="c84326e4-7487-41d3-91fd-88280828c756">Show All</option> + <option value="1">WebSecurify</option> +<option value="2">Grendel-Scan</option> +<option value="3">Skipfish</option> +<option value="4">w3af</option> +<option value="5">Burp-Suite</option> +<option value="6">Netsparker Community Edition</option> +<option value="7">NeXpose</option> +<option value="8">Hailstorm</option> +<option value="9">Tamper Data</option> +<option value="10">DirBuster</option> +<option value="11">SQL Inject Me</option> +<option value="12">XSS Me</option> +<option value="13">GreaseMonkey</option> +<option value="14">NSLookup</option> +<option value="15">Whois</option> +<option value="16">Dig</option> +<option value="17">Fierce Domain Scanner</option> +<option value="18">host</option> +<option value="19">zaproxy</option> +<option value="20">Google intitle</option> + </select> + </td> + </tr> + <tr><td> </td></tr> + <tr> + <td colspan="2" style="text-align: center;"> + <input name="pen-test-tool-lookup-php-submit-button" type="submit" value="Lookup Tool" class="button" /> + </td> + </tr> + </table> + </form> +</fieldset> + +<table id="idDisplayTable" style="display:none;"> + <tr><td> </td></tr> + <tr> + <td class="sub-header" colspan="5">Pen Testing Tools</td> + <td> </td> + </tr> + <tr> + <td class="sub-header">Tool ID</td> + <td class="sub-header">Tool Name</td> + <td class="sub-header">Tool Type</td> + <td class="sub-header">Phase Used</td> + <td class="sub-header">Comments</td> + </tr> + <tbody id="idDisplayTableBody" style="font-weight:bold;"></tbody> + <tr><td> </td></tr> +</table> + +<script type="text/javascript"> +<!-- + initializePage(); + displayError(); + displayPenTestTools(); +//--> +</script> + + <!-- End Content --> + </blockquote> + </td> + </tr> + </table> + + +<!-- Bubble hints code --> + +<script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div ReflectedXSSExecutionPoint=\"1\" class="footer">Browser: Wget/1.20.3 (msys)</div><div class="footer">PHP Version: 5.3.28</div></body> +</html><script type="text/javascript"> + try{ + window.localStorage.setItem("LocalStorageTarget","This is set by the index.php page"); + window.sessionStorage.setItem("SessionStorageTarget","This is set by the index.php page"); + }catch(e){ + alert(e); + }; + </script><script type="text/javascript" src="./javascript/jQuery/jquery-1.7.2.js"></script><script type="text/javascript" src="./javascript/jQuery/jquery.balloon.js"></script>
\ No newline at end of file diff --git a/hw7/index.php@page=pen-test-tool-lookup.php.6 b/hw7/index.php@page=pen-test-tool-lookup.php.6 new file mode 100644 index 0000000..27de24d --- /dev/null +++ b/hw7/index.php@page=pen-test-tool-lookup.php.6 @@ -0,0 +1,700 @@ + + <!-- I think the database password is set to blank or perhaps samurai. + It depends on whether you installed this web app from irongeeks site or + are using it inside Kevin Johnsons Samurai web testing framework. + It is ok to put the password in HTML comments because no user will ever see + this comment. I remember that security instructor saying we should use the + framework comment symbols (ASP.NET, JAVA, PHP, Etc.) + rather than HTML comments, but we all know those + security instructors are just making all this up. --> +<!-- Bubble hints code --> + +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/1999/REC-html401-19991224/loose.dtd"> +<html> +<head> + <meta content="text/html; charset=us-ascii" http-equiv="content-type"> + + <link rel="shortcut icon" href="favicon.ico" type="image/x-icon" /> + <link rel="stylesheet" type="text/css" href="./styles/global-styles.css" /> + <link rel="stylesheet" type="text/css" href="./styles/ddsmoothmenu/ddsmoothmenu.css" /> + <link rel="stylesheet" type="text/css" href="./styles/ddsmoothmenu/ddsmoothmenu-v.css" /> + + <script type="text/javascript" src="./javascript/bookmark-site.js"></script> + <script type="text/javascript" src="./javascript/ddsmoothmenu/ddsmoothmenu.js"></script> + <script type="text/javascript" src="./javascript/ddsmoothmenu/jquery.min.js"> + /*********************************************** + * Smooth Navigational Menu- (c) Dynamic Drive DHTML code library (www.dynamicdrive.com) + * This notice MUST stay intact for legal use + * Visit Dynamic Drive at http://www.dynamicdrive.com/ for full source code + ***********************************************/ + </script> + <script type="text/javascript"> + ddsmoothmenu.init({ + mainmenuid: "smoothmenu1", //menu DIV id + orientation: 'v', //Horizontal or vertical menu: Set to "h" or "v" + classname: 'ddsmoothmenu', //class added to menu's outer DIV + //customtheme: ["#cccc44", "#cccccc"], + contentsource: "markup" //"markup" or ["container_id", "path_to_menu_file"] + }); + </script> + <script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + $('[CookieTamperingAffectedArea]').attr("title", "Cookies may store system state information"); + $('[CookieTamperingAffectedArea]').balloon(); + }); + </script> +</head> +<body onload="onLoadOfBody(this);"> +<table class="main-table-frame" border="1px" cellspacing="0px" cellpadding="0px"> + <tr> + <td bgcolor="#ccccff" align="center" colspan="7"> + <table width="100%"> + <tr> + <td style="text-align:center;"> + <span style="text-align:center; font-weight: bold; font-size:30px; text-align: center;"> + <img style="vertical-align: middle; margin-right: 10px;" border="0px" width="50px" height="40px" align="top" src="./images/coykillericon.png"/> + NOWASP (Mutillidae): Hack Like You Mean It + </span> + </td> + </tr> + </table> + </td> + </tr> + <tr> + <td bgcolor="#ccccff" align="center" colspan="7"> + <span class="version-header">Version: 2.3.10</span> + <span id="idSecurityLevelHeading" class="version-header" style="margin-left: 40px;">Security Level: 0 (Hosed)</span> + <span id="idHintsStatusHeading" CookieTamperingAffectedArea="1" class="version-header" style="margin-left: 40px;">Hints: Disabled (0 - I try harder)</span> + <span id="idSystemInformationHeading" ReflectedXSSExecutionPoint="1" class="version-header" style="margin-left: 40px;">Not Logged In</span> + </td> + </tr> + <tr> + <td colspan="2" class="header-menu-table"> + <table class="header-menu-table"> + <tr> + <td><a href="index.php?page=home.php">Home</a></td> + <td>|</td> + <td> + <a href="./index.php?page=login.php">Login/Register</a> + </td> + <td>|</td> + <td><a href="./index.php?do=toggle-hints&page=pen-test-tool-lookup.php">Toggle Hints</a></td><td>|</td> <td><a href="./index.php?do=toggle-security&page=pen-test-tool-lookup.php">Toggle Security</a></td> + <td>|</td> + <td><a href="set-up-database.php">Reset DB</a></td> + <td>|</td> + <td><a href="./index.php?page=show-log.php">View Log</a></td> + <td>|</td> + <td><a href="./index.php?page=captured-data.php">View Captured Data</a></td> + <td>|</td> + <td><a href="./index.php?do=toggle-bubble-hints&page=pen-test-tool-lookup.php">Hide Popup Hints</a></td> + </tr> + </table> + </td> + </tr> + <tr> + <td style="vertical-align:top;text-align:left;background-color:#ccccff;width:10%"> + <div id="smoothmenu1" class="ddsmoothmenu"> + <ul> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">Core Controls</a> + <ul> + <li><a href="index.php?page=home.php">Home</a></li> + <li> + <a href="./index.php?page=login.php">Login/Register</a> </li> + <li><a href="./index.php?do=toggle-hints&page=pen-test-tool-lookup.php">Toggle Hints</a></li> <li><a href="./index.php?do=toggle-security&page=pen-test-tool-lookup.php">Toggle Security</a></li> + <li><a href="set-up-database.php">Setup/Reset the DB</a></li> + <li><a href="./index.php?page=show-log.php">Show Log</a></li> + <li><a href="./index.php?page=credits.php">Credits</a></li> + <li><a href="./index.php?do=toggle-bubble-hints&page=pen-test-tool-lookup.php">Hide Popup Hints</a></li> + </ul> + </li> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">OWASP Top 10</a> + <ul> + <li> + <a href="">A1 - SQL Injection</a> + <ul> + <li> + <a href="">SQLi - Extract Data</a> + <ul> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">SQLi - Bypass Authentication</a> + <ul> + <li><a href="./index.php?page=login.php">Login</a></li> + </ul> + </li> + <li> + <a href="">SQLi - Insert Injection</a> + <ul> + <li><a href="./index.php?page=register.php">Register</a></li> + </ul> + </li> + <li> + <a href="">Blind SQL via Timing</a> + <ul> + <li><a href="./index.php?page=login.php">Login</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">SQLMAP Practice Target</a> + <ul> + <li><a href="./index.php?page=view-someones-blog.php">View Someones Blog</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">Via JavaScript Object Notation (JSON)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href="">A1 - Other Injection</a> + <ul> + <li> + <a href="">HTML Injection (HTMLi)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + </ul> + </li> + <li> + <a href="">HTMLi via HTTP Headers</a> + <ul> + <li><a href="./index.php?page=site-footer-xss-discussion.php">Site Footer</a><li> + <li><a href="">HTTP Response Splitting (Hint: Difficult)</a></li> + </ul> + </li> + <li> + <a href="">HTMLi Via DOM Injection</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">HTMLi Via Cookie Injection</a> + <ul> + <li><a href="index.php?page=capture-data.php">Capture Data Page</a></li> + </ul> + </li> + <li> + <a href="">Frame Source Injection</a> + <ul> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Injection</a> + <ul> + <li><a href="./index.php">Those "Back" Buttons</a></li> + <li> + <a href="./index.php?page=password-generator.php&username=anonymous"> + Password Generator + </a> + </li> + <li><a href="./index.php?page=browser-info.php">Browser Info</a></li> + </ul> + </li> + <li> + <a href="">HTTP Parameter Pollution</a> + <ul> + <li><a href="./index.php?page=user-poll.php">Poll Question</a></li> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">Cascading Style Injection</a> + <ul> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Object Notation (JSON) Injection</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + <li> + <a href="">Buffer Overflow</a> + <ul> + <li><a href="./index.php?page=repeater.php">Repeater</a></li> + </ul> + </li> + <li> + <a href="">Parameter Addition</a> + <ul> + <li><a href="./index.php?page=repeater.php">Repeater</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href="">A2 - Cross Site Scripting (XSS)</a> + <ul> + <li> + <a href="">Reflected (First Order)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + <li><a href="./index.php?page=html5-storage.php">HTML5 Storage</a></li> + <li><a href="./index.php?page=capture-data.php">Capture Data Page</a></li> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">Persistent (Second Order)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="?page=view-someones-blog.php">View someone's blog</a></li> + <li><a href="?page=show-log.php">Show Log</a><li> + </ul> + </li> + <li> + <a href="">DOM Injection</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Via "Input" (GET/POST)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="?page=view-someones-blog.php">View someone's blog</a></li> + <li><a href="?page=show-log.php">Show Log</a><li> + <li><a href="?page=user-info.php">User Info</a></li> + <li><a href="./index.php">Missing HTTPOnly Attribute</a></li> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + </ul> + </li> + <li> + <a href="">Via HTTP Headers</a> + <ul> + <li><a href="./index.php?page=browser-info.php">Browser Info</a></li> + <li><a href="./index.php?page=show-log.php">Show Log</a><li> + <li><a href="./index.php?page=site-footer-xss-discussion.php">Site Footer</a><li> + <li><a href="./index.php?page=html5-storage.php">Those "BACK" Buttons</a></li> + </ul> + </li> + <li> + <a href="">Via Misconfiguration</a> + <ul> + <li><a href="./index.php">Missing HTTPOnly Attribute</a></li> + </ul> + </li> + <li> + <a href="">Against HTML 5 Storage</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Against JSON</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + </ul> + </li> + <li> + <a href="">Via Cookie Injection</a> + <ul> + <li><a href="index.php?page=capture-data.php">Capture Data Page</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href=""> + A3 - Broken Authentication and Session Management + </a> + <ul> + <li><a href="index.php">Cookies</a></li> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=view-user-privilege-level.php&iv=6bc24fc1ab650b25b4114e93a98f1eba">View User Privileges</a></li> + </ul> + </li> + <li> + <a href="">A4 - Insecure Direct Object References</a> + <ul> + <li><a href="index.php?page=source-viewer.php">Source Viewer</a></li> + <li><a href="index.php?page=credits.php">Credits</a></li> + <li><a href="index.php">Cookies</a></li> + <li><a href="index.php?page=arbitrary-file-inclusion.php">Arbitrary File Inclusion</a></li> + </ul> + </li> + <li> + <a href="">A5 - Cross Site Request Forgery (CSRF)</a> + <ul> + <li><a href="index.php?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="./index.php?page=register.php">Register User</a></li> + </ul> + </li> + <li> + <a href="">A6 - Security Misconfiguration</a> + <ul> + <li><a href="index.php?page=directory-browsing.php">Directory Browsing</a></li> + <li><a href="./index.php?page=user-info.php">Method Tampering (GET for POST)</a></li> + </ul> + </li> + <li> + <a href="">A7 - Insecure Cryptographic Storage</a> + <ul> + <li><a href="index.php?page=user-info.php">User Info</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">A8 - Failure to Restrict URL Access</a> + <ul> + <li><a href="index.php?page=source-viewer.php">Source Viewer</a></li> + <li><a href="index.php?page=secret-administrative-pages.php">"Secret" Administrative Pages</a></li> + <li><a href="index.php?page=robots-txt.php">Robots.txt</a></li> + </ul> + </li> + <li> + <a href="">A9 - Insufficient Transport Layer Protection</a> + <ul> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">A10 - Unvalidated Redirects and Forwards</a> + <ul> + <li><a href="?page=credits.php">Credits</a></li> + <a href="#">Setup/reset the DB (Disabled: Not Admin)</a></li> + + </ul> + </li> + </ul> + </li> + <li style="border-color: #ffffff; border-style: solid;border-width: 1px"> + <a href="#">HTML 5</a> + <ul> + <li> + <a href="">HTML 5 Web Storage</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Object Notation (JSON)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + <li> + <a href="">Asyncronous JavaScript and XML (AJAX)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + </ul> + </li> + <li style="border-color: #ffffff; border-style: solid;border-width: 1px"> + <a href="#">Others</a> + <ul> + <li> + <a href="">OWASP 2007 A3 - Malicious File Execution</a> + <ul> + <li><a href="?page=source-viewer.php">Source Viewer</a></li> + </ul> + </li> + <li> + <a href="">OWASP 2007 A6 - Information Leakage and Improper Error Handling</a> + <ul> + <li><a href="index.php">Cache Control</a></li> + <li><a href="index.php">X-Powered-By HTTP Header</a></li> + <li><a href="index.php">HTML/JavaScript Comments</a></li> + <li><a href="index.php?page=framing.php">Click-Jacking</a></li> + <li><a href="framer.html">Cross-Site Framing (Third-Party Framing)</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Denial of Service</a> + <ul> + <li><a href="?page=show-log.php">Show Web Log</a><li> + </ul> + </li> + <li> + <a href="">JavaScript "Security"</a> + <ul> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=user-info.php">User Info</a></li> + <li><a href="index.php?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="index.php?page=user-agent-impersonation.php">User-Agent Impersonation</a> + </li> + <li> + <a href="">Data Capture Pages</a> + <ul> + <li><a href="index.php?page=capture-data.php">Data Capture</a></li> + <li><a href="index.php?page=captured-data.php">View Captured Data</a></li> + </ul> + </li> + + </ul> + </li> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">Documentation</a> + <ul> + <li><a href="index.php?page=documentation/vulnerabilities.php">Listing of Vulnerabilities</a></li> + </ul> + </li> + </ul> + <br style="clear: left" /> + </div> + + <div class="label" style="text-align: center;">Developed by Adrian "Irongeek" Crenshaw and Jeremy Druin</div> + </td> + +<td valign="top"> + <blockquote> + <!-- Begin Content --> + + +<script type="text/javascript"> + $(function() { + $('[JSONInjectionPoint]').attr("title", "User input is incorporated into the JSON returned from the server"); + $('[JSONInjectionPoint]').balloon(); + }); +</script> + +<div class="page-title">Pen Test Tool Lookup</div> + + + +<script type="text/javascript"> + $(function() { + $('[HTMLEventReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[HTMLEventReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div style="margin: 5px;"> + <span style="font-weight: bold;" HTMLEventReflectedXSSExecutionPoint="1"> + <a onclick="document.location.href='';" + style="cursor:pointer;"> + <img src="./images/back-button-128px-by-128px.png" + alt="Back" + width="64px" + height="64px" + align="middle" + /> + + Back + </a> + </span> +</div> +<!-- BEGIN HTML OUTPUT --> +<script type="text/javascript"> + + var gUseJavaScriptValidation = "FALSE"; +var gDisplayError = "FALSE"; +try{ + var gPenTestToolsJSON = ( {"query": {"toolIDRequested": "3"}});xss("xss");//", "penTestTools": [{"tool_id":"3","tool_name":"Skipfish","phase_to_use":"Discovery","tool_type":"Scanner","comment":"Agressive. Fast. Uses wordlists to brute force directories."}]}} ); + }catch(e){ + alert("Error trying to evaluate JSON: " + e.message); + }; + + + var addRow = function(pRowOfData){ + try{ + var lDocRoot = window.document; + var lTBody = lDocRoot.getElementById("idDisplayTableBody"); + var lTR = lDocRoot.createElement("tr"); + + //tool_id, tool_name, phase_to_use, tool_type, comment + + var lToolIDTD = lDocRoot.createElement("td"); + var lToolNameTD = lDocRoot.createElement("td"); + var lPhaseTD = lDocRoot.createElement("td"); + var lToolTypeTD = lDocRoot.createElement("td"); + var lCommentTD = lDocRoot.createElement("td"); + + //lKeyTD.addAttribute("class", "label"); + lToolIDTD.setAttribute("class","sub-body"); + lToolNameTD.setAttribute("class","sub-body"); + lToolNameTD.setAttribute("style","color:#770000"); + lPhaseTD.setAttribute("class","sub-body"); + lToolTypeTD.setAttribute("class","sub-body"); + lCommentTD.setAttribute("class","sub-body"); + lCommentTD.setAttribute("style","font-weight: normal"); + + lToolIDTD.appendChild(lDocRoot.createTextNode(pRowOfData.tool_id)); + lToolNameTD.appendChild(lDocRoot.createTextNode(pRowOfData.tool_name)); + lPhaseTD.appendChild(lDocRoot.createTextNode(pRowOfData.phase_to_use)); + lToolTypeTD.appendChild(lDocRoot.createTextNode(pRowOfData.tool_type)); + lCommentTD.appendChild(lDocRoot.createTextNode(pRowOfData.comment)); + + lTR.appendChild(lToolIDTD); + lTR.appendChild(lToolNameTD); + lTR.appendChild(lPhaseTD); + lTR.appendChild(lToolTypeTD); + lTR.appendChild(lCommentTD); + + lTBody.appendChild(lTR); + }catch(/*Exception*/ e){ + alert("Error trying to add row in function addRow(): " + e.name + "-" + e.message); + }// end try + };//end JavaScript function addRow + + var initializePage = function(){ + try{ + document.getElementById("idToolSelect").focus(); + }catch(/*Exception*/ e){ + alert("Error trying to initialize page: " + e.message); + }// end try + };// end function + + var displayError = function(){ + try{ + if(gDisplayError == "TRUE"){ + document.getElementById("id-invalid-input-tr").style.display=""; + }// end if + }catch(/*Exception*/ e){ + alert("Error trying to display error: " + e.message); + }// end try + };// end function + + var displayPenTestTools = function(){ + try{ + var laTools = gPenTestToolsJSON.query.penTestTools; + if(laTools && laTools.length > 0){ + document.getElementById("idDisplayTable").style.display=""; + for (var i=0; i<laTools.length; i++){ + addRow(laTools[i]); + }//end for i + }// end if + }catch(/*Exception*/ e){ + alert("Error trying to parse JSON: " + e.message); + }// end try + };// end function +</script> +<span> + <a style="text-decoration: none; cursor: pointer;" href="http://localhost/mutillidae/index.php?page=pen-test-tool-lookup-ajax.php"> + <img style="vertical-align: middle;" src="./images/ajax_logo-285x300.jpg" height="75px" width="78px" /> + <span style="font-weight:bold;">Switch to AJAX Version of page</span> + </a> +</span> +<fieldset style="width: 500px;"> + <legend>Pen Test Tools</legend> + <form action="index.php?page=pen-test-tool-lookup.php" + method="post" + enctype="application/x-www-form-urlencoded" + onsubmit="" + id="idForm"> + <table> + <tr id="id-invalid-input-tr" style="display: none;"> + <td class="error-message" colspan="2"> + Error: Invalid Input - Please choose a tool to lookup. + </td> + </tr> + <tr><td> </td></tr> + <tr> + <td class="form-header" colspan="2">Select Pen Test Tool</td> + </tr> + <tr><td> </td></tr> + <tr> + <td class="label" style="text-align: right;">Pen Test Tool</td> + <td> + <select id="idToolSelect" JSONInjectionPoint="1" name="ToolID"> + <option value="0923ac83-8b50-4eda-ad81-f1aac6168c5c" selected="selected">Please Choose Tool</option> + <option value="c84326e4-7487-41d3-91fd-88280828c756">Show All</option> + <option value="1">WebSecurify</option> +<option value="2">Grendel-Scan</option> +<option value="3">Skipfish</option> +<option value="4">w3af</option> +<option value="5">Burp-Suite</option> +<option value="6">Netsparker Community Edition</option> +<option value="7">NeXpose</option> +<option value="8">Hailstorm</option> +<option value="9">Tamper Data</option> +<option value="10">DirBuster</option> +<option value="11">SQL Inject Me</option> +<option value="12">XSS Me</option> +<option value="13">GreaseMonkey</option> +<option value="14">NSLookup</option> +<option value="15">Whois</option> +<option value="16">Dig</option> +<option value="17">Fierce Domain Scanner</option> +<option value="18">host</option> +<option value="19">zaproxy</option> +<option value="20">Google intitle</option> + </select> + </td> + </tr> + <tr><td> </td></tr> + <tr> + <td colspan="2" style="text-align: center;"> + <input name="pen-test-tool-lookup-php-submit-button" type="submit" value="Lookup Tool" class="button" /> + </td> + </tr> + </table> + </form> +</fieldset> + +<table id="idDisplayTable" style="display:none;"> + <tr><td> </td></tr> + <tr> + <td class="sub-header" colspan="5">Pen Testing Tools</td> + <td> </td> + </tr> + <tr> + <td class="sub-header">Tool ID</td> + <td class="sub-header">Tool Name</td> + <td class="sub-header">Tool Type</td> + <td class="sub-header">Phase Used</td> + <td class="sub-header">Comments</td> + </tr> + <tbody id="idDisplayTableBody" style="font-weight:bold;"></tbody> + <tr><td> </td></tr> +</table> + +<script type="text/javascript"> +<!-- + initializePage(); + displayError(); + displayPenTestTools(); +//--> +</script> + + <!-- End Content --> + </blockquote> + </td> + </tr> + </table> + + +<!-- Bubble hints code --> + +<script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div ReflectedXSSExecutionPoint=\"1\" class="footer">Browser: Wget/1.20.3 (msys)</div><div class="footer">PHP Version: 5.3.28</div></body> +</html><script type="text/javascript"> + try{ + window.localStorage.setItem("LocalStorageTarget","This is set by the index.php page"); + window.sessionStorage.setItem("SessionStorageTarget","This is set by the index.php page"); + }catch(e){ + alert(e); + }; + </script><script type="text/javascript" src="./javascript/jQuery/jquery-1.7.2.js"></script><script type="text/javascript" src="./javascript/jQuery/jquery.balloon.js"></script>
\ No newline at end of file diff --git a/hw7/index.php@page=pen-test-tool-lookup.php.7 b/hw7/index.php@page=pen-test-tool-lookup.php.7 new file mode 100644 index 0000000..2f5e7c2 --- /dev/null +++ b/hw7/index.php@page=pen-test-tool-lookup.php.7 @@ -0,0 +1,700 @@ + + <!-- I think the database password is set to blank or perhaps samurai. + It depends on whether you installed this web app from irongeeks site or + are using it inside Kevin Johnsons Samurai web testing framework. + It is ok to put the password in HTML comments because no user will ever see + this comment. I remember that security instructor saying we should use the + framework comment symbols (ASP.NET, JAVA, PHP, Etc.) + rather than HTML comments, but we all know those + security instructors are just making all this up. --> +<!-- Bubble hints code --> + +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/1999/REC-html401-19991224/loose.dtd"> +<html> +<head> + <meta content="text/html; charset=us-ascii" http-equiv="content-type"> + + <link rel="shortcut icon" href="favicon.ico" type="image/x-icon" /> + <link rel="stylesheet" type="text/css" href="./styles/global-styles.css" /> + <link rel="stylesheet" type="text/css" href="./styles/ddsmoothmenu/ddsmoothmenu.css" /> + <link rel="stylesheet" type="text/css" href="./styles/ddsmoothmenu/ddsmoothmenu-v.css" /> + + <script type="text/javascript" src="./javascript/bookmark-site.js"></script> + <script type="text/javascript" src="./javascript/ddsmoothmenu/ddsmoothmenu.js"></script> + <script type="text/javascript" src="./javascript/ddsmoothmenu/jquery.min.js"> + /*********************************************** + * Smooth Navigational Menu- (c) Dynamic Drive DHTML code library (www.dynamicdrive.com) + * This notice MUST stay intact for legal use + * Visit Dynamic Drive at http://www.dynamicdrive.com/ for full source code + ***********************************************/ + </script> + <script type="text/javascript"> + ddsmoothmenu.init({ + mainmenuid: "smoothmenu1", //menu DIV id + orientation: 'v', //Horizontal or vertical menu: Set to "h" or "v" + classname: 'ddsmoothmenu', //class added to menu's outer DIV + //customtheme: ["#cccc44", "#cccccc"], + contentsource: "markup" //"markup" or ["container_id", "path_to_menu_file"] + }); + </script> + <script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + $('[CookieTamperingAffectedArea]').attr("title", "Cookies may store system state information"); + $('[CookieTamperingAffectedArea]').balloon(); + }); + </script> +</head> +<body onload="onLoadOfBody(this);"> +<table class="main-table-frame" border="1px" cellspacing="0px" cellpadding="0px"> + <tr> + <td bgcolor="#ccccff" align="center" colspan="7"> + <table width="100%"> + <tr> + <td style="text-align:center;"> + <span style="text-align:center; font-weight: bold; font-size:30px; text-align: center;"> + <img style="vertical-align: middle; margin-right: 10px;" border="0px" width="50px" height="40px" align="top" src="./images/coykillericon.png"/> + NOWASP (Mutillidae): Hack Like You Mean It + </span> + </td> + </tr> + </table> + </td> + </tr> + <tr> + <td bgcolor="#ccccff" align="center" colspan="7"> + <span class="version-header">Version: 2.3.10</span> + <span id="idSecurityLevelHeading" class="version-header" style="margin-left: 40px;">Security Level: 0 (Hosed)</span> + <span id="idHintsStatusHeading" CookieTamperingAffectedArea="1" class="version-header" style="margin-left: 40px;">Hints: Disabled (0 - I try harder)</span> + <span id="idSystemInformationHeading" ReflectedXSSExecutionPoint="1" class="version-header" style="margin-left: 40px;">Not Logged In</span> + </td> + </tr> + <tr> + <td colspan="2" class="header-menu-table"> + <table class="header-menu-table"> + <tr> + <td><a href="index.php?page=home.php">Home</a></td> + <td>|</td> + <td> + <a href="./index.php?page=login.php">Login/Register</a> + </td> + <td>|</td> + <td><a href="./index.php?do=toggle-hints&page=pen-test-tool-lookup.php">Toggle Hints</a></td><td>|</td> <td><a href="./index.php?do=toggle-security&page=pen-test-tool-lookup.php">Toggle Security</a></td> + <td>|</td> + <td><a href="set-up-database.php">Reset DB</a></td> + <td>|</td> + <td><a href="./index.php?page=show-log.php">View Log</a></td> + <td>|</td> + <td><a href="./index.php?page=captured-data.php">View Captured Data</a></td> + <td>|</td> + <td><a href="./index.php?do=toggle-bubble-hints&page=pen-test-tool-lookup.php">Hide Popup Hints</a></td> + </tr> + </table> + </td> + </tr> + <tr> + <td style="vertical-align:top;text-align:left;background-color:#ccccff;width:10%"> + <div id="smoothmenu1" class="ddsmoothmenu"> + <ul> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">Core Controls</a> + <ul> + <li><a href="index.php?page=home.php">Home</a></li> + <li> + <a href="./index.php?page=login.php">Login/Register</a> </li> + <li><a href="./index.php?do=toggle-hints&page=pen-test-tool-lookup.php">Toggle Hints</a></li> <li><a href="./index.php?do=toggle-security&page=pen-test-tool-lookup.php">Toggle Security</a></li> + <li><a href="set-up-database.php">Setup/Reset the DB</a></li> + <li><a href="./index.php?page=show-log.php">Show Log</a></li> + <li><a href="./index.php?page=credits.php">Credits</a></li> + <li><a href="./index.php?do=toggle-bubble-hints&page=pen-test-tool-lookup.php">Hide Popup Hints</a></li> + </ul> + </li> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">OWASP Top 10</a> + <ul> + <li> + <a href="">A1 - SQL Injection</a> + <ul> + <li> + <a href="">SQLi - Extract Data</a> + <ul> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">SQLi - Bypass Authentication</a> + <ul> + <li><a href="./index.php?page=login.php">Login</a></li> + </ul> + </li> + <li> + <a href="">SQLi - Insert Injection</a> + <ul> + <li><a href="./index.php?page=register.php">Register</a></li> + </ul> + </li> + <li> + <a href="">Blind SQL via Timing</a> + <ul> + <li><a href="./index.php?page=login.php">Login</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">SQLMAP Practice Target</a> + <ul> + <li><a href="./index.php?page=view-someones-blog.php">View Someones Blog</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">Via JavaScript Object Notation (JSON)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href="">A1 - Other Injection</a> + <ul> + <li> + <a href="">HTML Injection (HTMLi)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + </ul> + </li> + <li> + <a href="">HTMLi via HTTP Headers</a> + <ul> + <li><a href="./index.php?page=site-footer-xss-discussion.php">Site Footer</a><li> + <li><a href="">HTTP Response Splitting (Hint: Difficult)</a></li> + </ul> + </li> + <li> + <a href="">HTMLi Via DOM Injection</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">HTMLi Via Cookie Injection</a> + <ul> + <li><a href="index.php?page=capture-data.php">Capture Data Page</a></li> + </ul> + </li> + <li> + <a href="">Frame Source Injection</a> + <ul> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Injection</a> + <ul> + <li><a href="./index.php">Those "Back" Buttons</a></li> + <li> + <a href="./index.php?page=password-generator.php&username=anonymous"> + Password Generator + </a> + </li> + <li><a href="./index.php?page=browser-info.php">Browser Info</a></li> + </ul> + </li> + <li> + <a href="">HTTP Parameter Pollution</a> + <ul> + <li><a href="./index.php?page=user-poll.php">Poll Question</a></li> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">Cascading Style Injection</a> + <ul> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Object Notation (JSON) Injection</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + <li> + <a href="">Buffer Overflow</a> + <ul> + <li><a href="./index.php?page=repeater.php">Repeater</a></li> + </ul> + </li> + <li> + <a href="">Parameter Addition</a> + <ul> + <li><a href="./index.php?page=repeater.php">Repeater</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href="">A2 - Cross Site Scripting (XSS)</a> + <ul> + <li> + <a href="">Reflected (First Order)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + <li><a href="./index.php?page=html5-storage.php">HTML5 Storage</a></li> + <li><a href="./index.php?page=capture-data.php">Capture Data Page</a></li> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">Persistent (Second Order)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="?page=view-someones-blog.php">View someone's blog</a></li> + <li><a href="?page=show-log.php">Show Log</a><li> + </ul> + </li> + <li> + <a href="">DOM Injection</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Via "Input" (GET/POST)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="?page=view-someones-blog.php">View someone's blog</a></li> + <li><a href="?page=show-log.php">Show Log</a><li> + <li><a href="?page=user-info.php">User Info</a></li> + <li><a href="./index.php">Missing HTTPOnly Attribute</a></li> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + </ul> + </li> + <li> + <a href="">Via HTTP Headers</a> + <ul> + <li><a href="./index.php?page=browser-info.php">Browser Info</a></li> + <li><a href="./index.php?page=show-log.php">Show Log</a><li> + <li><a href="./index.php?page=site-footer-xss-discussion.php">Site Footer</a><li> + <li><a href="./index.php?page=html5-storage.php">Those "BACK" Buttons</a></li> + </ul> + </li> + <li> + <a href="">Via Misconfiguration</a> + <ul> + <li><a href="./index.php">Missing HTTPOnly Attribute</a></li> + </ul> + </li> + <li> + <a href="">Against HTML 5 Storage</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Against JSON</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + </ul> + </li> + <li> + <a href="">Via Cookie Injection</a> + <ul> + <li><a href="index.php?page=capture-data.php">Capture Data Page</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href=""> + A3 - Broken Authentication and Session Management + </a> + <ul> + <li><a href="index.php">Cookies</a></li> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=view-user-privilege-level.php&iv=6bc24fc1ab650b25b4114e93a98f1eba">View User Privileges</a></li> + </ul> + </li> + <li> + <a href="">A4 - Insecure Direct Object References</a> + <ul> + <li><a href="index.php?page=source-viewer.php">Source Viewer</a></li> + <li><a href="index.php?page=credits.php">Credits</a></li> + <li><a href="index.php">Cookies</a></li> + <li><a href="index.php?page=arbitrary-file-inclusion.php">Arbitrary File Inclusion</a></li> + </ul> + </li> + <li> + <a href="">A5 - Cross Site Request Forgery (CSRF)</a> + <ul> + <li><a href="index.php?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="./index.php?page=register.php">Register User</a></li> + </ul> + </li> + <li> + <a href="">A6 - Security Misconfiguration</a> + <ul> + <li><a href="index.php?page=directory-browsing.php">Directory Browsing</a></li> + <li><a href="./index.php?page=user-info.php">Method Tampering (GET for POST)</a></li> + </ul> + </li> + <li> + <a href="">A7 - Insecure Cryptographic Storage</a> + <ul> + <li><a href="index.php?page=user-info.php">User Info</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">A8 - Failure to Restrict URL Access</a> + <ul> + <li><a href="index.php?page=source-viewer.php">Source Viewer</a></li> + <li><a href="index.php?page=secret-administrative-pages.php">"Secret" Administrative Pages</a></li> + <li><a href="index.php?page=robots-txt.php">Robots.txt</a></li> + </ul> + </li> + <li> + <a href="">A9 - Insufficient Transport Layer Protection</a> + <ul> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">A10 - Unvalidated Redirects and Forwards</a> + <ul> + <li><a href="?page=credits.php">Credits</a></li> + <a href="#">Setup/reset the DB (Disabled: Not Admin)</a></li> + + </ul> + </li> + </ul> + </li> + <li style="border-color: #ffffff; border-style: solid;border-width: 1px"> + <a href="#">HTML 5</a> + <ul> + <li> + <a href="">HTML 5 Web Storage</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Object Notation (JSON)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + <li> + <a href="">Asyncronous JavaScript and XML (AJAX)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + </ul> + </li> + <li style="border-color: #ffffff; border-style: solid;border-width: 1px"> + <a href="#">Others</a> + <ul> + <li> + <a href="">OWASP 2007 A3 - Malicious File Execution</a> + <ul> + <li><a href="?page=source-viewer.php">Source Viewer</a></li> + </ul> + </li> + <li> + <a href="">OWASP 2007 A6 - Information Leakage and Improper Error Handling</a> + <ul> + <li><a href="index.php">Cache Control</a></li> + <li><a href="index.php">X-Powered-By HTTP Header</a></li> + <li><a href="index.php">HTML/JavaScript Comments</a></li> + <li><a href="index.php?page=framing.php">Click-Jacking</a></li> + <li><a href="framer.html">Cross-Site Framing (Third-Party Framing)</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Denial of Service</a> + <ul> + <li><a href="?page=show-log.php">Show Web Log</a><li> + </ul> + </li> + <li> + <a href="">JavaScript "Security"</a> + <ul> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=user-info.php">User Info</a></li> + <li><a href="index.php?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="index.php?page=user-agent-impersonation.php">User-Agent Impersonation</a> + </li> + <li> + <a href="">Data Capture Pages</a> + <ul> + <li><a href="index.php?page=capture-data.php">Data Capture</a></li> + <li><a href="index.php?page=captured-data.php">View Captured Data</a></li> + </ul> + </li> + + </ul> + </li> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">Documentation</a> + <ul> + <li><a href="index.php?page=documentation/vulnerabilities.php">Listing of Vulnerabilities</a></li> + </ul> + </li> + </ul> + <br style="clear: left" /> + </div> + + <div class="label" style="text-align: center;">Developed by Adrian "Irongeek" Crenshaw and Jeremy Druin</div> + </td> + +<td valign="top"> + <blockquote> + <!-- Begin Content --> + + +<script type="text/javascript"> + $(function() { + $('[JSONInjectionPoint]').attr("title", "User input is incorporated into the JSON returned from the server"); + $('[JSONInjectionPoint]').balloon(); + }); +</script> + +<div class="page-title">Pen Test Tool Lookup</div> + + + +<script type="text/javascript"> + $(function() { + $('[HTMLEventReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[HTMLEventReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div style="margin: 5px;"> + <span style="font-weight: bold;" HTMLEventReflectedXSSExecutionPoint="1"> + <a onclick="document.location.href='';" + style="cursor:pointer;"> + <img src="./images/back-button-128px-by-128px.png" + alt="Back" + width="64px" + height="64px" + align="middle" + /> + + Back + </a> + </span> +</div> +<!-- BEGIN HTML OUTPUT --> +<script type="text/javascript"> + + var gUseJavaScriptValidation = "FALSE"; +var gDisplayError = "FALSE"; +try{ + var gPenTestToolsJSON = ( {"query": {"toolIDRequested": "3"}});alert("xss");//", "penTestTools": [{"tool_id":"3","tool_name":"Skipfish","phase_to_use":"Discovery","tool_type":"Scanner","comment":"Agressive. Fast. Uses wordlists to brute force directories."}]}} ); + }catch(e){ + alert("Error trying to evaluate JSON: " + e.message); + }; + + + var addRow = function(pRowOfData){ + try{ + var lDocRoot = window.document; + var lTBody = lDocRoot.getElementById("idDisplayTableBody"); + var lTR = lDocRoot.createElement("tr"); + + //tool_id, tool_name, phase_to_use, tool_type, comment + + var lToolIDTD = lDocRoot.createElement("td"); + var lToolNameTD = lDocRoot.createElement("td"); + var lPhaseTD = lDocRoot.createElement("td"); + var lToolTypeTD = lDocRoot.createElement("td"); + var lCommentTD = lDocRoot.createElement("td"); + + //lKeyTD.addAttribute("class", "label"); + lToolIDTD.setAttribute("class","sub-body"); + lToolNameTD.setAttribute("class","sub-body"); + lToolNameTD.setAttribute("style","color:#770000"); + lPhaseTD.setAttribute("class","sub-body"); + lToolTypeTD.setAttribute("class","sub-body"); + lCommentTD.setAttribute("class","sub-body"); + lCommentTD.setAttribute("style","font-weight: normal"); + + lToolIDTD.appendChild(lDocRoot.createTextNode(pRowOfData.tool_id)); + lToolNameTD.appendChild(lDocRoot.createTextNode(pRowOfData.tool_name)); + lPhaseTD.appendChild(lDocRoot.createTextNode(pRowOfData.phase_to_use)); + lToolTypeTD.appendChild(lDocRoot.createTextNode(pRowOfData.tool_type)); + lCommentTD.appendChild(lDocRoot.createTextNode(pRowOfData.comment)); + + lTR.appendChild(lToolIDTD); + lTR.appendChild(lToolNameTD); + lTR.appendChild(lPhaseTD); + lTR.appendChild(lToolTypeTD); + lTR.appendChild(lCommentTD); + + lTBody.appendChild(lTR); + }catch(/*Exception*/ e){ + alert("Error trying to add row in function addRow(): " + e.name + "-" + e.message); + }// end try + };//end JavaScript function addRow + + var initializePage = function(){ + try{ + document.getElementById("idToolSelect").focus(); + }catch(/*Exception*/ e){ + alert("Error trying to initialize page: " + e.message); + }// end try + };// end function + + var displayError = function(){ + try{ + if(gDisplayError == "TRUE"){ + document.getElementById("id-invalid-input-tr").style.display=""; + }// end if + }catch(/*Exception*/ e){ + alert("Error trying to display error: " + e.message); + }// end try + };// end function + + var displayPenTestTools = function(){ + try{ + var laTools = gPenTestToolsJSON.query.penTestTools; + if(laTools && laTools.length > 0){ + document.getElementById("idDisplayTable").style.display=""; + for (var i=0; i<laTools.length; i++){ + addRow(laTools[i]); + }//end for i + }// end if + }catch(/*Exception*/ e){ + alert("Error trying to parse JSON: " + e.message); + }// end try + };// end function +</script> +<span> + <a style="text-decoration: none; cursor: pointer;" href="http://localhost/mutillidae/index.php?page=pen-test-tool-lookup-ajax.php"> + <img style="vertical-align: middle;" src="./images/ajax_logo-285x300.jpg" height="75px" width="78px" /> + <span style="font-weight:bold;">Switch to AJAX Version of page</span> + </a> +</span> +<fieldset style="width: 500px;"> + <legend>Pen Test Tools</legend> + <form action="index.php?page=pen-test-tool-lookup.php" + method="post" + enctype="application/x-www-form-urlencoded" + onsubmit="" + id="idForm"> + <table> + <tr id="id-invalid-input-tr" style="display: none;"> + <td class="error-message" colspan="2"> + Error: Invalid Input - Please choose a tool to lookup. + </td> + </tr> + <tr><td> </td></tr> + <tr> + <td class="form-header" colspan="2">Select Pen Test Tool</td> + </tr> + <tr><td> </td></tr> + <tr> + <td class="label" style="text-align: right;">Pen Test Tool</td> + <td> + <select id="idToolSelect" JSONInjectionPoint="1" name="ToolID"> + <option value="0923ac83-8b50-4eda-ad81-f1aac6168c5c" selected="selected">Please Choose Tool</option> + <option value="c84326e4-7487-41d3-91fd-88280828c756">Show All</option> + <option value="1">WebSecurify</option> +<option value="2">Grendel-Scan</option> +<option value="3">Skipfish</option> +<option value="4">w3af</option> +<option value="5">Burp-Suite</option> +<option value="6">Netsparker Community Edition</option> +<option value="7">NeXpose</option> +<option value="8">Hailstorm</option> +<option value="9">Tamper Data</option> +<option value="10">DirBuster</option> +<option value="11">SQL Inject Me</option> +<option value="12">XSS Me</option> +<option value="13">GreaseMonkey</option> +<option value="14">NSLookup</option> +<option value="15">Whois</option> +<option value="16">Dig</option> +<option value="17">Fierce Domain Scanner</option> +<option value="18">host</option> +<option value="19">zaproxy</option> +<option value="20">Google intitle</option> + </select> + </td> + </tr> + <tr><td> </td></tr> + <tr> + <td colspan="2" style="text-align: center;"> + <input name="pen-test-tool-lookup-php-submit-button" type="submit" value="Lookup Tool" class="button" /> + </td> + </tr> + </table> + </form> +</fieldset> + +<table id="idDisplayTable" style="display:none;"> + <tr><td> </td></tr> + <tr> + <td class="sub-header" colspan="5">Pen Testing Tools</td> + <td> </td> + </tr> + <tr> + <td class="sub-header">Tool ID</td> + <td class="sub-header">Tool Name</td> + <td class="sub-header">Tool Type</td> + <td class="sub-header">Phase Used</td> + <td class="sub-header">Comments</td> + </tr> + <tbody id="idDisplayTableBody" style="font-weight:bold;"></tbody> + <tr><td> </td></tr> +</table> + +<script type="text/javascript"> +<!-- + initializePage(); + displayError(); + displayPenTestTools(); +//--> +</script> + + <!-- End Content --> + </blockquote> + </td> + </tr> + </table> + + +<!-- Bubble hints code --> + +<script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div ReflectedXSSExecutionPoint=\"1\" class="footer">Browser: Wget/1.20.3 (msys)</div><div class="footer">PHP Version: 5.3.28</div></body> +</html><script type="text/javascript"> + try{ + window.localStorage.setItem("LocalStorageTarget","This is set by the index.php page"); + window.sessionStorage.setItem("SessionStorageTarget","This is set by the index.php page"); + }catch(e){ + alert(e); + }; + </script><script type="text/javascript" src="./javascript/jQuery/jquery-1.7.2.js"></script><script type="text/javascript" src="./javascript/jQuery/jquery.balloon.js"></script>
\ No newline at end of file diff --git a/hw7/index.php@page=pen-test-tool-lookup.php.8 b/hw7/index.php@page=pen-test-tool-lookup.php.8 new file mode 100644 index 0000000..2f5e7c2 --- /dev/null +++ b/hw7/index.php@page=pen-test-tool-lookup.php.8 @@ -0,0 +1,700 @@ + + <!-- I think the database password is set to blank or perhaps samurai. + It depends on whether you installed this web app from irongeeks site or + are using it inside Kevin Johnsons Samurai web testing framework. + It is ok to put the password in HTML comments because no user will ever see + this comment. I remember that security instructor saying we should use the + framework comment symbols (ASP.NET, JAVA, PHP, Etc.) + rather than HTML comments, but we all know those + security instructors are just making all this up. --> +<!-- Bubble hints code --> + +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/1999/REC-html401-19991224/loose.dtd"> +<html> +<head> + <meta content="text/html; charset=us-ascii" http-equiv="content-type"> + + <link rel="shortcut icon" href="favicon.ico" type="image/x-icon" /> + <link rel="stylesheet" type="text/css" href="./styles/global-styles.css" /> + <link rel="stylesheet" type="text/css" href="./styles/ddsmoothmenu/ddsmoothmenu.css" /> + <link rel="stylesheet" type="text/css" href="./styles/ddsmoothmenu/ddsmoothmenu-v.css" /> + + <script type="text/javascript" src="./javascript/bookmark-site.js"></script> + <script type="text/javascript" src="./javascript/ddsmoothmenu/ddsmoothmenu.js"></script> + <script type="text/javascript" src="./javascript/ddsmoothmenu/jquery.min.js"> + /*********************************************** + * Smooth Navigational Menu- (c) Dynamic Drive DHTML code library (www.dynamicdrive.com) + * This notice MUST stay intact for legal use + * Visit Dynamic Drive at http://www.dynamicdrive.com/ for full source code + ***********************************************/ + </script> + <script type="text/javascript"> + ddsmoothmenu.init({ + mainmenuid: "smoothmenu1", //menu DIV id + orientation: 'v', //Horizontal or vertical menu: Set to "h" or "v" + classname: 'ddsmoothmenu', //class added to menu's outer DIV + //customtheme: ["#cccc44", "#cccccc"], + contentsource: "markup" //"markup" or ["container_id", "path_to_menu_file"] + }); + </script> + <script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + $('[CookieTamperingAffectedArea]').attr("title", "Cookies may store system state information"); + $('[CookieTamperingAffectedArea]').balloon(); + }); + </script> +</head> +<body onload="onLoadOfBody(this);"> +<table class="main-table-frame" border="1px" cellspacing="0px" cellpadding="0px"> + <tr> + <td bgcolor="#ccccff" align="center" colspan="7"> + <table width="100%"> + <tr> + <td style="text-align:center;"> + <span style="text-align:center; font-weight: bold; font-size:30px; text-align: center;"> + <img style="vertical-align: middle; margin-right: 10px;" border="0px" width="50px" height="40px" align="top" src="./images/coykillericon.png"/> + NOWASP (Mutillidae): Hack Like You Mean It + </span> + </td> + </tr> + </table> + </td> + </tr> + <tr> + <td bgcolor="#ccccff" align="center" colspan="7"> + <span class="version-header">Version: 2.3.10</span> + <span id="idSecurityLevelHeading" class="version-header" style="margin-left: 40px;">Security Level: 0 (Hosed)</span> + <span id="idHintsStatusHeading" CookieTamperingAffectedArea="1" class="version-header" style="margin-left: 40px;">Hints: Disabled (0 - I try harder)</span> + <span id="idSystemInformationHeading" ReflectedXSSExecutionPoint="1" class="version-header" style="margin-left: 40px;">Not Logged In</span> + </td> + </tr> + <tr> + <td colspan="2" class="header-menu-table"> + <table class="header-menu-table"> + <tr> + <td><a href="index.php?page=home.php">Home</a></td> + <td>|</td> + <td> + <a href="./index.php?page=login.php">Login/Register</a> + </td> + <td>|</td> + <td><a href="./index.php?do=toggle-hints&page=pen-test-tool-lookup.php">Toggle Hints</a></td><td>|</td> <td><a href="./index.php?do=toggle-security&page=pen-test-tool-lookup.php">Toggle Security</a></td> + <td>|</td> + <td><a href="set-up-database.php">Reset DB</a></td> + <td>|</td> + <td><a href="./index.php?page=show-log.php">View Log</a></td> + <td>|</td> + <td><a href="./index.php?page=captured-data.php">View Captured Data</a></td> + <td>|</td> + <td><a href="./index.php?do=toggle-bubble-hints&page=pen-test-tool-lookup.php">Hide Popup Hints</a></td> + </tr> + </table> + </td> + </tr> + <tr> + <td style="vertical-align:top;text-align:left;background-color:#ccccff;width:10%"> + <div id="smoothmenu1" class="ddsmoothmenu"> + <ul> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">Core Controls</a> + <ul> + <li><a href="index.php?page=home.php">Home</a></li> + <li> + <a href="./index.php?page=login.php">Login/Register</a> </li> + <li><a href="./index.php?do=toggle-hints&page=pen-test-tool-lookup.php">Toggle Hints</a></li> <li><a href="./index.php?do=toggle-security&page=pen-test-tool-lookup.php">Toggle Security</a></li> + <li><a href="set-up-database.php">Setup/Reset the DB</a></li> + <li><a href="./index.php?page=show-log.php">Show Log</a></li> + <li><a href="./index.php?page=credits.php">Credits</a></li> + <li><a href="./index.php?do=toggle-bubble-hints&page=pen-test-tool-lookup.php">Hide Popup Hints</a></li> + </ul> + </li> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">OWASP Top 10</a> + <ul> + <li> + <a href="">A1 - SQL Injection</a> + <ul> + <li> + <a href="">SQLi - Extract Data</a> + <ul> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">SQLi - Bypass Authentication</a> + <ul> + <li><a href="./index.php?page=login.php">Login</a></li> + </ul> + </li> + <li> + <a href="">SQLi - Insert Injection</a> + <ul> + <li><a href="./index.php?page=register.php">Register</a></li> + </ul> + </li> + <li> + <a href="">Blind SQL via Timing</a> + <ul> + <li><a href="./index.php?page=login.php">Login</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">SQLMAP Practice Target</a> + <ul> + <li><a href="./index.php?page=view-someones-blog.php">View Someones Blog</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">Via JavaScript Object Notation (JSON)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href="">A1 - Other Injection</a> + <ul> + <li> + <a href="">HTML Injection (HTMLi)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + </ul> + </li> + <li> + <a href="">HTMLi via HTTP Headers</a> + <ul> + <li><a href="./index.php?page=site-footer-xss-discussion.php">Site Footer</a><li> + <li><a href="">HTTP Response Splitting (Hint: Difficult)</a></li> + </ul> + </li> + <li> + <a href="">HTMLi Via DOM Injection</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">HTMLi Via Cookie Injection</a> + <ul> + <li><a href="index.php?page=capture-data.php">Capture Data Page</a></li> + </ul> + </li> + <li> + <a href="">Frame Source Injection</a> + <ul> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Injection</a> + <ul> + <li><a href="./index.php">Those "Back" Buttons</a></li> + <li> + <a href="./index.php?page=password-generator.php&username=anonymous"> + Password Generator + </a> + </li> + <li><a href="./index.php?page=browser-info.php">Browser Info</a></li> + </ul> + </li> + <li> + <a href="">HTTP Parameter Pollution</a> + <ul> + <li><a href="./index.php?page=user-poll.php">Poll Question</a></li> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">Cascading Style Injection</a> + <ul> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Object Notation (JSON) Injection</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + <li> + <a href="">Buffer Overflow</a> + <ul> + <li><a href="./index.php?page=repeater.php">Repeater</a></li> + </ul> + </li> + <li> + <a href="">Parameter Addition</a> + <ul> + <li><a href="./index.php?page=repeater.php">Repeater</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href="">A2 - Cross Site Scripting (XSS)</a> + <ul> + <li> + <a href="">Reflected (First Order)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + <li><a href="./index.php?page=html5-storage.php">HTML5 Storage</a></li> + <li><a href="./index.php?page=capture-data.php">Capture Data Page</a></li> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">Persistent (Second Order)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="?page=view-someones-blog.php">View someone's blog</a></li> + <li><a href="?page=show-log.php">Show Log</a><li> + </ul> + </li> + <li> + <a href="">DOM Injection</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Via "Input" (GET/POST)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="?page=view-someones-blog.php">View someone's blog</a></li> + <li><a href="?page=show-log.php">Show Log</a><li> + <li><a href="?page=user-info.php">User Info</a></li> + <li><a href="./index.php">Missing HTTPOnly Attribute</a></li> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + </ul> + </li> + <li> + <a href="">Via HTTP Headers</a> + <ul> + <li><a href="./index.php?page=browser-info.php">Browser Info</a></li> + <li><a href="./index.php?page=show-log.php">Show Log</a><li> + <li><a href="./index.php?page=site-footer-xss-discussion.php">Site Footer</a><li> + <li><a href="./index.php?page=html5-storage.php">Those "BACK" Buttons</a></li> + </ul> + </li> + <li> + <a href="">Via Misconfiguration</a> + <ul> + <li><a href="./index.php">Missing HTTPOnly Attribute</a></li> + </ul> + </li> + <li> + <a href="">Against HTML 5 Storage</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Against JSON</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + </ul> + </li> + <li> + <a href="">Via Cookie Injection</a> + <ul> + <li><a href="index.php?page=capture-data.php">Capture Data Page</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href=""> + A3 - Broken Authentication and Session Management + </a> + <ul> + <li><a href="index.php">Cookies</a></li> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=view-user-privilege-level.php&iv=6bc24fc1ab650b25b4114e93a98f1eba">View User Privileges</a></li> + </ul> + </li> + <li> + <a href="">A4 - Insecure Direct Object References</a> + <ul> + <li><a href="index.php?page=source-viewer.php">Source Viewer</a></li> + <li><a href="index.php?page=credits.php">Credits</a></li> + <li><a href="index.php">Cookies</a></li> + <li><a href="index.php?page=arbitrary-file-inclusion.php">Arbitrary File Inclusion</a></li> + </ul> + </li> + <li> + <a href="">A5 - Cross Site Request Forgery (CSRF)</a> + <ul> + <li><a href="index.php?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="./index.php?page=register.php">Register User</a></li> + </ul> + </li> + <li> + <a href="">A6 - Security Misconfiguration</a> + <ul> + <li><a href="index.php?page=directory-browsing.php">Directory Browsing</a></li> + <li><a href="./index.php?page=user-info.php">Method Tampering (GET for POST)</a></li> + </ul> + </li> + <li> + <a href="">A7 - Insecure Cryptographic Storage</a> + <ul> + <li><a href="index.php?page=user-info.php">User Info</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">A8 - Failure to Restrict URL Access</a> + <ul> + <li><a href="index.php?page=source-viewer.php">Source Viewer</a></li> + <li><a href="index.php?page=secret-administrative-pages.php">"Secret" Administrative Pages</a></li> + <li><a href="index.php?page=robots-txt.php">Robots.txt</a></li> + </ul> + </li> + <li> + <a href="">A9 - Insufficient Transport Layer Protection</a> + <ul> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">A10 - Unvalidated Redirects and Forwards</a> + <ul> + <li><a href="?page=credits.php">Credits</a></li> + <a href="#">Setup/reset the DB (Disabled: Not Admin)</a></li> + + </ul> + </li> + </ul> + </li> + <li style="border-color: #ffffff; border-style: solid;border-width: 1px"> + <a href="#">HTML 5</a> + <ul> + <li> + <a href="">HTML 5 Web Storage</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Object Notation (JSON)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + <li> + <a href="">Asyncronous JavaScript and XML (AJAX)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + </ul> + </li> + <li style="border-color: #ffffff; border-style: solid;border-width: 1px"> + <a href="#">Others</a> + <ul> + <li> + <a href="">OWASP 2007 A3 - Malicious File Execution</a> + <ul> + <li><a href="?page=source-viewer.php">Source Viewer</a></li> + </ul> + </li> + <li> + <a href="">OWASP 2007 A6 - Information Leakage and Improper Error Handling</a> + <ul> + <li><a href="index.php">Cache Control</a></li> + <li><a href="index.php">X-Powered-By HTTP Header</a></li> + <li><a href="index.php">HTML/JavaScript Comments</a></li> + <li><a href="index.php?page=framing.php">Click-Jacking</a></li> + <li><a href="framer.html">Cross-Site Framing (Third-Party Framing)</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Denial of Service</a> + <ul> + <li><a href="?page=show-log.php">Show Web Log</a><li> + </ul> + </li> + <li> + <a href="">JavaScript "Security"</a> + <ul> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=user-info.php">User Info</a></li> + <li><a href="index.php?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="index.php?page=user-agent-impersonation.php">User-Agent Impersonation</a> + </li> + <li> + <a href="">Data Capture Pages</a> + <ul> + <li><a href="index.php?page=capture-data.php">Data Capture</a></li> + <li><a href="index.php?page=captured-data.php">View Captured Data</a></li> + </ul> + </li> + + </ul> + </li> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">Documentation</a> + <ul> + <li><a href="index.php?page=documentation/vulnerabilities.php">Listing of Vulnerabilities</a></li> + </ul> + </li> + </ul> + <br style="clear: left" /> + </div> + + <div class="label" style="text-align: center;">Developed by Adrian "Irongeek" Crenshaw and Jeremy Druin</div> + </td> + +<td valign="top"> + <blockquote> + <!-- Begin Content --> + + +<script type="text/javascript"> + $(function() { + $('[JSONInjectionPoint]').attr("title", "User input is incorporated into the JSON returned from the server"); + $('[JSONInjectionPoint]').balloon(); + }); +</script> + +<div class="page-title">Pen Test Tool Lookup</div> + + + +<script type="text/javascript"> + $(function() { + $('[HTMLEventReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[HTMLEventReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div style="margin: 5px;"> + <span style="font-weight: bold;" HTMLEventReflectedXSSExecutionPoint="1"> + <a onclick="document.location.href='';" + style="cursor:pointer;"> + <img src="./images/back-button-128px-by-128px.png" + alt="Back" + width="64px" + height="64px" + align="middle" + /> + + Back + </a> + </span> +</div> +<!-- BEGIN HTML OUTPUT --> +<script type="text/javascript"> + + var gUseJavaScriptValidation = "FALSE"; +var gDisplayError = "FALSE"; +try{ + var gPenTestToolsJSON = ( {"query": {"toolIDRequested": "3"}});alert("xss");//", "penTestTools": [{"tool_id":"3","tool_name":"Skipfish","phase_to_use":"Discovery","tool_type":"Scanner","comment":"Agressive. Fast. Uses wordlists to brute force directories."}]}} ); + }catch(e){ + alert("Error trying to evaluate JSON: " + e.message); + }; + + + var addRow = function(pRowOfData){ + try{ + var lDocRoot = window.document; + var lTBody = lDocRoot.getElementById("idDisplayTableBody"); + var lTR = lDocRoot.createElement("tr"); + + //tool_id, tool_name, phase_to_use, tool_type, comment + + var lToolIDTD = lDocRoot.createElement("td"); + var lToolNameTD = lDocRoot.createElement("td"); + var lPhaseTD = lDocRoot.createElement("td"); + var lToolTypeTD = lDocRoot.createElement("td"); + var lCommentTD = lDocRoot.createElement("td"); + + //lKeyTD.addAttribute("class", "label"); + lToolIDTD.setAttribute("class","sub-body"); + lToolNameTD.setAttribute("class","sub-body"); + lToolNameTD.setAttribute("style","color:#770000"); + lPhaseTD.setAttribute("class","sub-body"); + lToolTypeTD.setAttribute("class","sub-body"); + lCommentTD.setAttribute("class","sub-body"); + lCommentTD.setAttribute("style","font-weight: normal"); + + lToolIDTD.appendChild(lDocRoot.createTextNode(pRowOfData.tool_id)); + lToolNameTD.appendChild(lDocRoot.createTextNode(pRowOfData.tool_name)); + lPhaseTD.appendChild(lDocRoot.createTextNode(pRowOfData.phase_to_use)); + lToolTypeTD.appendChild(lDocRoot.createTextNode(pRowOfData.tool_type)); + lCommentTD.appendChild(lDocRoot.createTextNode(pRowOfData.comment)); + + lTR.appendChild(lToolIDTD); + lTR.appendChild(lToolNameTD); + lTR.appendChild(lPhaseTD); + lTR.appendChild(lToolTypeTD); + lTR.appendChild(lCommentTD); + + lTBody.appendChild(lTR); + }catch(/*Exception*/ e){ + alert("Error trying to add row in function addRow(): " + e.name + "-" + e.message); + }// end try + };//end JavaScript function addRow + + var initializePage = function(){ + try{ + document.getElementById("idToolSelect").focus(); + }catch(/*Exception*/ e){ + alert("Error trying to initialize page: " + e.message); + }// end try + };// end function + + var displayError = function(){ + try{ + if(gDisplayError == "TRUE"){ + document.getElementById("id-invalid-input-tr").style.display=""; + }// end if + }catch(/*Exception*/ e){ + alert("Error trying to display error: " + e.message); + }// end try + };// end function + + var displayPenTestTools = function(){ + try{ + var laTools = gPenTestToolsJSON.query.penTestTools; + if(laTools && laTools.length > 0){ + document.getElementById("idDisplayTable").style.display=""; + for (var i=0; i<laTools.length; i++){ + addRow(laTools[i]); + }//end for i + }// end if + }catch(/*Exception*/ e){ + alert("Error trying to parse JSON: " + e.message); + }// end try + };// end function +</script> +<span> + <a style="text-decoration: none; cursor: pointer;" href="http://localhost/mutillidae/index.php?page=pen-test-tool-lookup-ajax.php"> + <img style="vertical-align: middle;" src="./images/ajax_logo-285x300.jpg" height="75px" width="78px" /> + <span style="font-weight:bold;">Switch to AJAX Version of page</span> + </a> +</span> +<fieldset style="width: 500px;"> + <legend>Pen Test Tools</legend> + <form action="index.php?page=pen-test-tool-lookup.php" + method="post" + enctype="application/x-www-form-urlencoded" + onsubmit="" + id="idForm"> + <table> + <tr id="id-invalid-input-tr" style="display: none;"> + <td class="error-message" colspan="2"> + Error: Invalid Input - Please choose a tool to lookup. + </td> + </tr> + <tr><td> </td></tr> + <tr> + <td class="form-header" colspan="2">Select Pen Test Tool</td> + </tr> + <tr><td> </td></tr> + <tr> + <td class="label" style="text-align: right;">Pen Test Tool</td> + <td> + <select id="idToolSelect" JSONInjectionPoint="1" name="ToolID"> + <option value="0923ac83-8b50-4eda-ad81-f1aac6168c5c" selected="selected">Please Choose Tool</option> + <option value="c84326e4-7487-41d3-91fd-88280828c756">Show All</option> + <option value="1">WebSecurify</option> +<option value="2">Grendel-Scan</option> +<option value="3">Skipfish</option> +<option value="4">w3af</option> +<option value="5">Burp-Suite</option> +<option value="6">Netsparker Community Edition</option> +<option value="7">NeXpose</option> +<option value="8">Hailstorm</option> +<option value="9">Tamper Data</option> +<option value="10">DirBuster</option> +<option value="11">SQL Inject Me</option> +<option value="12">XSS Me</option> +<option value="13">GreaseMonkey</option> +<option value="14">NSLookup</option> +<option value="15">Whois</option> +<option value="16">Dig</option> +<option value="17">Fierce Domain Scanner</option> +<option value="18">host</option> +<option value="19">zaproxy</option> +<option value="20">Google intitle</option> + </select> + </td> + </tr> + <tr><td> </td></tr> + <tr> + <td colspan="2" style="text-align: center;"> + <input name="pen-test-tool-lookup-php-submit-button" type="submit" value="Lookup Tool" class="button" /> + </td> + </tr> + </table> + </form> +</fieldset> + +<table id="idDisplayTable" style="display:none;"> + <tr><td> </td></tr> + <tr> + <td class="sub-header" colspan="5">Pen Testing Tools</td> + <td> </td> + </tr> + <tr> + <td class="sub-header">Tool ID</td> + <td class="sub-header">Tool Name</td> + <td class="sub-header">Tool Type</td> + <td class="sub-header">Phase Used</td> + <td class="sub-header">Comments</td> + </tr> + <tbody id="idDisplayTableBody" style="font-weight:bold;"></tbody> + <tr><td> </td></tr> +</table> + +<script type="text/javascript"> +<!-- + initializePage(); + displayError(); + displayPenTestTools(); +//--> +</script> + + <!-- End Content --> + </blockquote> + </td> + </tr> + </table> + + +<!-- Bubble hints code --> + +<script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div ReflectedXSSExecutionPoint=\"1\" class="footer">Browser: Wget/1.20.3 (msys)</div><div class="footer">PHP Version: 5.3.28</div></body> +</html><script type="text/javascript"> + try{ + window.localStorage.setItem("LocalStorageTarget","This is set by the index.php page"); + window.sessionStorage.setItem("SessionStorageTarget","This is set by the index.php page"); + }catch(e){ + alert(e); + }; + </script><script type="text/javascript" src="./javascript/jQuery/jquery-1.7.2.js"></script><script type="text/javascript" src="./javascript/jQuery/jquery.balloon.js"></script>
\ No newline at end of file diff --git a/hw7/index.php@page=pen-test-tool-lookup.php.9 b/hw7/index.php@page=pen-test-tool-lookup.php.9 new file mode 100644 index 0000000..4c93883 --- /dev/null +++ b/hw7/index.php@page=pen-test-tool-lookup.php.9 @@ -0,0 +1,700 @@ + + <!-- I think the database password is set to blank or perhaps samurai. + It depends on whether you installed this web app from irongeeks site or + are using it inside Kevin Johnsons Samurai web testing framework. + It is ok to put the password in HTML comments because no user will ever see + this comment. I remember that security instructor saying we should use the + framework comment symbols (ASP.NET, JAVA, PHP, Etc.) + rather than HTML comments, but we all know those + security instructors are just making all this up. --> +<!-- Bubble hints code --> + +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/1999/REC-html401-19991224/loose.dtd"> +<html> +<head> + <meta content="text/html; charset=us-ascii" http-equiv="content-type"> + + <link rel="shortcut icon" href="favicon.ico" type="image/x-icon" /> + <link rel="stylesheet" type="text/css" href="./styles/global-styles.css" /> + <link rel="stylesheet" type="text/css" href="./styles/ddsmoothmenu/ddsmoothmenu.css" /> + <link rel="stylesheet" type="text/css" href="./styles/ddsmoothmenu/ddsmoothmenu-v.css" /> + + <script type="text/javascript" src="./javascript/bookmark-site.js"></script> + <script type="text/javascript" src="./javascript/ddsmoothmenu/ddsmoothmenu.js"></script> + <script type="text/javascript" src="./javascript/ddsmoothmenu/jquery.min.js"> + /*********************************************** + * Smooth Navigational Menu- (c) Dynamic Drive DHTML code library (www.dynamicdrive.com) + * This notice MUST stay intact for legal use + * Visit Dynamic Drive at http://www.dynamicdrive.com/ for full source code + ***********************************************/ + </script> + <script type="text/javascript"> + ddsmoothmenu.init({ + mainmenuid: "smoothmenu1", //menu DIV id + orientation: 'v', //Horizontal or vertical menu: Set to "h" or "v" + classname: 'ddsmoothmenu', //class added to menu's outer DIV + //customtheme: ["#cccc44", "#cccccc"], + contentsource: "markup" //"markup" or ["container_id", "path_to_menu_file"] + }); + </script> + <script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + $('[CookieTamperingAffectedArea]').attr("title", "Cookies may store system state information"); + $('[CookieTamperingAffectedArea]').balloon(); + }); + </script> +</head> +<body onload="onLoadOfBody(this);"> +<table class="main-table-frame" border="1px" cellspacing="0px" cellpadding="0px"> + <tr> + <td bgcolor="#ccccff" align="center" colspan="7"> + <table width="100%"> + <tr> + <td style="text-align:center;"> + <span style="text-align:center; font-weight: bold; font-size:30px; text-align: center;"> + <img style="vertical-align: middle; margin-right: 10px;" border="0px" width="50px" height="40px" align="top" src="./images/coykillericon.png"/> + NOWASP (Mutillidae): Hack Like You Mean It + </span> + </td> + </tr> + </table> + </td> + </tr> + <tr> + <td bgcolor="#ccccff" align="center" colspan="7"> + <span class="version-header">Version: 2.3.10</span> + <span id="idSecurityLevelHeading" class="version-header" style="margin-left: 40px;">Security Level: 0 (Hosed)</span> + <span id="idHintsStatusHeading" CookieTamperingAffectedArea="1" class="version-header" style="margin-left: 40px;">Hints: Disabled (0 - I try harder)</span> + <span id="idSystemInformationHeading" ReflectedXSSExecutionPoint="1" class="version-header" style="margin-left: 40px;">Not Logged In</span> + </td> + </tr> + <tr> + <td colspan="2" class="header-menu-table"> + <table class="header-menu-table"> + <tr> + <td><a href="index.php?page=home.php">Home</a></td> + <td>|</td> + <td> + <a href="./index.php?page=login.php">Login/Register</a> + </td> + <td>|</td> + <td><a href="./index.php?do=toggle-hints&page=pen-test-tool-lookup.php">Toggle Hints</a></td><td>|</td> <td><a href="./index.php?do=toggle-security&page=pen-test-tool-lookup.php">Toggle Security</a></td> + <td>|</td> + <td><a href="set-up-database.php">Reset DB</a></td> + <td>|</td> + <td><a href="./index.php?page=show-log.php">View Log</a></td> + <td>|</td> + <td><a href="./index.php?page=captured-data.php">View Captured Data</a></td> + <td>|</td> + <td><a href="./index.php?do=toggle-bubble-hints&page=pen-test-tool-lookup.php">Hide Popup Hints</a></td> + </tr> + </table> + </td> + </tr> + <tr> + <td style="vertical-align:top;text-align:left;background-color:#ccccff;width:10%"> + <div id="smoothmenu1" class="ddsmoothmenu"> + <ul> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">Core Controls</a> + <ul> + <li><a href="index.php?page=home.php">Home</a></li> + <li> + <a href="./index.php?page=login.php">Login/Register</a> </li> + <li><a href="./index.php?do=toggle-hints&page=pen-test-tool-lookup.php">Toggle Hints</a></li> <li><a href="./index.php?do=toggle-security&page=pen-test-tool-lookup.php">Toggle Security</a></li> + <li><a href="set-up-database.php">Setup/Reset the DB</a></li> + <li><a href="./index.php?page=show-log.php">Show Log</a></li> + <li><a href="./index.php?page=credits.php">Credits</a></li> + <li><a href="./index.php?do=toggle-bubble-hints&page=pen-test-tool-lookup.php">Hide Popup Hints</a></li> + </ul> + </li> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">OWASP Top 10</a> + <ul> + <li> + <a href="">A1 - SQL Injection</a> + <ul> + <li> + <a href="">SQLi - Extract Data</a> + <ul> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">SQLi - Bypass Authentication</a> + <ul> + <li><a href="./index.php?page=login.php">Login</a></li> + </ul> + </li> + <li> + <a href="">SQLi - Insert Injection</a> + <ul> + <li><a href="./index.php?page=register.php">Register</a></li> + </ul> + </li> + <li> + <a href="">Blind SQL via Timing</a> + <ul> + <li><a href="./index.php?page=login.php">Login</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">SQLMAP Practice Target</a> + <ul> + <li><a href="./index.php?page=view-someones-blog.php">View Someones Blog</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">Via JavaScript Object Notation (JSON)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href="">A1 - Other Injection</a> + <ul> + <li> + <a href="">HTML Injection (HTMLi)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + </ul> + </li> + <li> + <a href="">HTMLi via HTTP Headers</a> + <ul> + <li><a href="./index.php?page=site-footer-xss-discussion.php">Site Footer</a><li> + <li><a href="">HTTP Response Splitting (Hint: Difficult)</a></li> + </ul> + </li> + <li> + <a href="">HTMLi Via DOM Injection</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">HTMLi Via Cookie Injection</a> + <ul> + <li><a href="index.php?page=capture-data.php">Capture Data Page</a></li> + </ul> + </li> + <li> + <a href="">Frame Source Injection</a> + <ul> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Injection</a> + <ul> + <li><a href="./index.php">Those "Back" Buttons</a></li> + <li> + <a href="./index.php?page=password-generator.php&username=anonymous"> + Password Generator + </a> + </li> + <li><a href="./index.php?page=browser-info.php">Browser Info</a></li> + </ul> + </li> + <li> + <a href="">HTTP Parameter Pollution</a> + <ul> + <li><a href="./index.php?page=user-poll.php">Poll Question</a></li> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">Cascading Style Injection</a> + <ul> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Object Notation (JSON) Injection</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + <li> + <a href="">Buffer Overflow</a> + <ul> + <li><a href="./index.php?page=repeater.php">Repeater</a></li> + </ul> + </li> + <li> + <a href="">Parameter Addition</a> + <ul> + <li><a href="./index.php?page=repeater.php">Repeater</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href="">A2 - Cross Site Scripting (XSS)</a> + <ul> + <li> + <a href="">Reflected (First Order)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + <li><a href="./index.php?page=html5-storage.php">HTML5 Storage</a></li> + <li><a href="./index.php?page=capture-data.php">Capture Data Page</a></li> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">Persistent (Second Order)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="?page=view-someones-blog.php">View someone's blog</a></li> + <li><a href="?page=show-log.php">Show Log</a><li> + </ul> + </li> + <li> + <a href="">DOM Injection</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Via "Input" (GET/POST)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="?page=view-someones-blog.php">View someone's blog</a></li> + <li><a href="?page=show-log.php">Show Log</a><li> + <li><a href="?page=user-info.php">User Info</a></li> + <li><a href="./index.php">Missing HTTPOnly Attribute</a></li> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + </ul> + </li> + <li> + <a href="">Via HTTP Headers</a> + <ul> + <li><a href="./index.php?page=browser-info.php">Browser Info</a></li> + <li><a href="./index.php?page=show-log.php">Show Log</a><li> + <li><a href="./index.php?page=site-footer-xss-discussion.php">Site Footer</a><li> + <li><a href="./index.php?page=html5-storage.php">Those "BACK" Buttons</a></li> + </ul> + </li> + <li> + <a href="">Via Misconfiguration</a> + <ul> + <li><a href="./index.php">Missing HTTPOnly Attribute</a></li> + </ul> + </li> + <li> + <a href="">Against HTML 5 Storage</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Against JSON</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + </ul> + </li> + <li> + <a href="">Via Cookie Injection</a> + <ul> + <li><a href="index.php?page=capture-data.php">Capture Data Page</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href=""> + A3 - Broken Authentication and Session Management + </a> + <ul> + <li><a href="index.php">Cookies</a></li> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=view-user-privilege-level.php&iv=6bc24fc1ab650b25b4114e93a98f1eba">View User Privileges</a></li> + </ul> + </li> + <li> + <a href="">A4 - Insecure Direct Object References</a> + <ul> + <li><a href="index.php?page=source-viewer.php">Source Viewer</a></li> + <li><a href="index.php?page=credits.php">Credits</a></li> + <li><a href="index.php">Cookies</a></li> + <li><a href="index.php?page=arbitrary-file-inclusion.php">Arbitrary File Inclusion</a></li> + </ul> + </li> + <li> + <a href="">A5 - Cross Site Request Forgery (CSRF)</a> + <ul> + <li><a href="index.php?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="./index.php?page=register.php">Register User</a></li> + </ul> + </li> + <li> + <a href="">A6 - Security Misconfiguration</a> + <ul> + <li><a href="index.php?page=directory-browsing.php">Directory Browsing</a></li> + <li><a href="./index.php?page=user-info.php">Method Tampering (GET for POST)</a></li> + </ul> + </li> + <li> + <a href="">A7 - Insecure Cryptographic Storage</a> + <ul> + <li><a href="index.php?page=user-info.php">User Info</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">A8 - Failure to Restrict URL Access</a> + <ul> + <li><a href="index.php?page=source-viewer.php">Source Viewer</a></li> + <li><a href="index.php?page=secret-administrative-pages.php">"Secret" Administrative Pages</a></li> + <li><a href="index.php?page=robots-txt.php">Robots.txt</a></li> + </ul> + </li> + <li> + <a href="">A9 - Insufficient Transport Layer Protection</a> + <ul> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">A10 - Unvalidated Redirects and Forwards</a> + <ul> + <li><a href="?page=credits.php">Credits</a></li> + <a href="#">Setup/reset the DB (Disabled: Not Admin)</a></li> + + </ul> + </li> + </ul> + </li> + <li style="border-color: #ffffff; border-style: solid;border-width: 1px"> + <a href="#">HTML 5</a> + <ul> + <li> + <a href="">HTML 5 Web Storage</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Object Notation (JSON)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + <li> + <a href="">Asyncronous JavaScript and XML (AJAX)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + </ul> + </li> + <li style="border-color: #ffffff; border-style: solid;border-width: 1px"> + <a href="#">Others</a> + <ul> + <li> + <a href="">OWASP 2007 A3 - Malicious File Execution</a> + <ul> + <li><a href="?page=source-viewer.php">Source Viewer</a></li> + </ul> + </li> + <li> + <a href="">OWASP 2007 A6 - Information Leakage and Improper Error Handling</a> + <ul> + <li><a href="index.php">Cache Control</a></li> + <li><a href="index.php">X-Powered-By HTTP Header</a></li> + <li><a href="index.php">HTML/JavaScript Comments</a></li> + <li><a href="index.php?page=framing.php">Click-Jacking</a></li> + <li><a href="framer.html">Cross-Site Framing (Third-Party Framing)</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Denial of Service</a> + <ul> + <li><a href="?page=show-log.php">Show Web Log</a><li> + </ul> + </li> + <li> + <a href="">JavaScript "Security"</a> + <ul> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=user-info.php">User Info</a></li> + <li><a href="index.php?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="index.php?page=user-agent-impersonation.php">User-Agent Impersonation</a> + </li> + <li> + <a href="">Data Capture Pages</a> + <ul> + <li><a href="index.php?page=capture-data.php">Data Capture</a></li> + <li><a href="index.php?page=captured-data.php">View Captured Data</a></li> + </ul> + </li> + + </ul> + </li> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">Documentation</a> + <ul> + <li><a href="index.php?page=documentation/vulnerabilities.php">Listing of Vulnerabilities</a></li> + </ul> + </li> + </ul> + <br style="clear: left" /> + </div> + + <div class="label" style="text-align: center;">Developed by Adrian "Irongeek" Crenshaw and Jeremy Druin</div> + </td> + +<td valign="top"> + <blockquote> + <!-- Begin Content --> + + +<script type="text/javascript"> + $(function() { + $('[JSONInjectionPoint]').attr("title", "User input is incorporated into the JSON returned from the server"); + $('[JSONInjectionPoint]').balloon(); + }); +</script> + +<div class="page-title">Pen Test Tool Lookup</div> + + + +<script type="text/javascript"> + $(function() { + $('[HTMLEventReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[HTMLEventReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div style="margin: 5px;"> + <span style="font-weight: bold;" HTMLEventReflectedXSSExecutionPoint="1"> + <a onclick="document.location.href='';" + style="cursor:pointer;"> + <img src="./images/back-button-128px-by-128px.png" + alt="Back" + width="64px" + height="64px" + align="middle" + /> + + Back + </a> + </span> +</div> +<!-- BEGIN HTML OUTPUT --> +<script type="text/javascript"> + + var gUseJavaScriptValidation = "FALSE"; +var gDisplayError = "FALSE"; +try{ + var gPenTestToolsJSON = ( {"query": {"toolIDRequested": "3"}});alert("document.cookie");//", "penTestTools": [{"tool_id":"3","tool_name":"Skipfish","phase_to_use":"Discovery","tool_type":"Scanner","comment":"Agressive. Fast. Uses wordlists to brute force directories."}]}} ); + }catch(e){ + alert("Error trying to evaluate JSON: " + e.message); + }; + + + var addRow = function(pRowOfData){ + try{ + var lDocRoot = window.document; + var lTBody = lDocRoot.getElementById("idDisplayTableBody"); + var lTR = lDocRoot.createElement("tr"); + + //tool_id, tool_name, phase_to_use, tool_type, comment + + var lToolIDTD = lDocRoot.createElement("td"); + var lToolNameTD = lDocRoot.createElement("td"); + var lPhaseTD = lDocRoot.createElement("td"); + var lToolTypeTD = lDocRoot.createElement("td"); + var lCommentTD = lDocRoot.createElement("td"); + + //lKeyTD.addAttribute("class", "label"); + lToolIDTD.setAttribute("class","sub-body"); + lToolNameTD.setAttribute("class","sub-body"); + lToolNameTD.setAttribute("style","color:#770000"); + lPhaseTD.setAttribute("class","sub-body"); + lToolTypeTD.setAttribute("class","sub-body"); + lCommentTD.setAttribute("class","sub-body"); + lCommentTD.setAttribute("style","font-weight: normal"); + + lToolIDTD.appendChild(lDocRoot.createTextNode(pRowOfData.tool_id)); + lToolNameTD.appendChild(lDocRoot.createTextNode(pRowOfData.tool_name)); + lPhaseTD.appendChild(lDocRoot.createTextNode(pRowOfData.phase_to_use)); + lToolTypeTD.appendChild(lDocRoot.createTextNode(pRowOfData.tool_type)); + lCommentTD.appendChild(lDocRoot.createTextNode(pRowOfData.comment)); + + lTR.appendChild(lToolIDTD); + lTR.appendChild(lToolNameTD); + lTR.appendChild(lPhaseTD); + lTR.appendChild(lToolTypeTD); + lTR.appendChild(lCommentTD); + + lTBody.appendChild(lTR); + }catch(/*Exception*/ e){ + alert("Error trying to add row in function addRow(): " + e.name + "-" + e.message); + }// end try + };//end JavaScript function addRow + + var initializePage = function(){ + try{ + document.getElementById("idToolSelect").focus(); + }catch(/*Exception*/ e){ + alert("Error trying to initialize page: " + e.message); + }// end try + };// end function + + var displayError = function(){ + try{ + if(gDisplayError == "TRUE"){ + document.getElementById("id-invalid-input-tr").style.display=""; + }// end if + }catch(/*Exception*/ e){ + alert("Error trying to display error: " + e.message); + }// end try + };// end function + + var displayPenTestTools = function(){ + try{ + var laTools = gPenTestToolsJSON.query.penTestTools; + if(laTools && laTools.length > 0){ + document.getElementById("idDisplayTable").style.display=""; + for (var i=0; i<laTools.length; i++){ + addRow(laTools[i]); + }//end for i + }// end if + }catch(/*Exception*/ e){ + alert("Error trying to parse JSON: " + e.message); + }// end try + };// end function +</script> +<span> + <a style="text-decoration: none; cursor: pointer;" href="http://localhost/mutillidae/index.php?page=pen-test-tool-lookup-ajax.php"> + <img style="vertical-align: middle;" src="./images/ajax_logo-285x300.jpg" height="75px" width="78px" /> + <span style="font-weight:bold;">Switch to AJAX Version of page</span> + </a> +</span> +<fieldset style="width: 500px;"> + <legend>Pen Test Tools</legend> + <form action="index.php?page=pen-test-tool-lookup.php" + method="post" + enctype="application/x-www-form-urlencoded" + onsubmit="" + id="idForm"> + <table> + <tr id="id-invalid-input-tr" style="display: none;"> + <td class="error-message" colspan="2"> + Error: Invalid Input - Please choose a tool to lookup. + </td> + </tr> + <tr><td> </td></tr> + <tr> + <td class="form-header" colspan="2">Select Pen Test Tool</td> + </tr> + <tr><td> </td></tr> + <tr> + <td class="label" style="text-align: right;">Pen Test Tool</td> + <td> + <select id="idToolSelect" JSONInjectionPoint="1" name="ToolID"> + <option value="0923ac83-8b50-4eda-ad81-f1aac6168c5c" selected="selected">Please Choose Tool</option> + <option value="c84326e4-7487-41d3-91fd-88280828c756">Show All</option> + <option value="1">WebSecurify</option> +<option value="2">Grendel-Scan</option> +<option value="3">Skipfish</option> +<option value="4">w3af</option> +<option value="5">Burp-Suite</option> +<option value="6">Netsparker Community Edition</option> +<option value="7">NeXpose</option> +<option value="8">Hailstorm</option> +<option value="9">Tamper Data</option> +<option value="10">DirBuster</option> +<option value="11">SQL Inject Me</option> +<option value="12">XSS Me</option> +<option value="13">GreaseMonkey</option> +<option value="14">NSLookup</option> +<option value="15">Whois</option> +<option value="16">Dig</option> +<option value="17">Fierce Domain Scanner</option> +<option value="18">host</option> +<option value="19">zaproxy</option> +<option value="20">Google intitle</option> + </select> + </td> + </tr> + <tr><td> </td></tr> + <tr> + <td colspan="2" style="text-align: center;"> + <input name="pen-test-tool-lookup-php-submit-button" type="submit" value="Lookup Tool" class="button" /> + </td> + </tr> + </table> + </form> +</fieldset> + +<table id="idDisplayTable" style="display:none;"> + <tr><td> </td></tr> + <tr> + <td class="sub-header" colspan="5">Pen Testing Tools</td> + <td> </td> + </tr> + <tr> + <td class="sub-header">Tool ID</td> + <td class="sub-header">Tool Name</td> + <td class="sub-header">Tool Type</td> + <td class="sub-header">Phase Used</td> + <td class="sub-header">Comments</td> + </tr> + <tbody id="idDisplayTableBody" style="font-weight:bold;"></tbody> + <tr><td> </td></tr> +</table> + +<script type="text/javascript"> +<!-- + initializePage(); + displayError(); + displayPenTestTools(); +//--> +</script> + + <!-- End Content --> + </blockquote> + </td> + </tr> + </table> + + +<!-- Bubble hints code --> + +<script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div ReflectedXSSExecutionPoint=\"1\" class="footer">Browser: Wget/1.20.3 (msys)</div><div class="footer">PHP Version: 5.3.28</div></body> +</html><script type="text/javascript"> + try{ + window.localStorage.setItem("LocalStorageTarget","This is set by the index.php page"); + window.sessionStorage.setItem("SessionStorageTarget","This is set by the index.php page"); + }catch(e){ + alert(e); + }; + </script><script type="text/javascript" src="./javascript/jQuery/jquery-1.7.2.js"></script><script type="text/javascript" src="./javascript/jQuery/jquery.balloon.js"></script>
\ No newline at end of file diff --git a/hw7/index.php@page=show-log.php b/hw7/index.php@page=show-log.php new file mode 100644 index 0000000..693c0cd --- /dev/null +++ b/hw7/index.php@page=show-log.php @@ -0,0 +1,1054 @@ + + <!-- I think the database password is set to blank or perhaps samurai. + It depends on whether you installed this web app from irongeeks site or + are using it inside Kevin Johnsons Samurai web testing framework. + It is ok to put the password in HTML comments because no user will ever see + this comment. I remember that security instructor saying we should use the + framework comment symbols (ASP.NET, JAVA, PHP, Etc.) + rather than HTML comments, but we all know those + security instructors are just making all this up. --> +<!-- Bubble hints code --> + +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/1999/REC-html401-19991224/loose.dtd"> +<html> +<head> + <meta content="text/html; charset=us-ascii" http-equiv="content-type"> + + <link rel="shortcut icon" href="favicon.ico" type="image/x-icon" /> + <link rel="stylesheet" type="text/css" href="./styles/global-styles.css" /> + <link rel="stylesheet" type="text/css" href="./styles/ddsmoothmenu/ddsmoothmenu.css" /> + <link rel="stylesheet" type="text/css" href="./styles/ddsmoothmenu/ddsmoothmenu-v.css" /> + + <script type="text/javascript" src="./javascript/bookmark-site.js"></script> + <script type="text/javascript" src="./javascript/ddsmoothmenu/ddsmoothmenu.js"></script> + <script type="text/javascript" src="./javascript/ddsmoothmenu/jquery.min.js"> + /*********************************************** + * Smooth Navigational Menu- (c) Dynamic Drive DHTML code library (www.dynamicdrive.com) + * This notice MUST stay intact for legal use + * Visit Dynamic Drive at http://www.dynamicdrive.com/ for full source code + ***********************************************/ + </script> + <script type="text/javascript"> + ddsmoothmenu.init({ + mainmenuid: "smoothmenu1", //menu DIV id + orientation: 'v', //Horizontal or vertical menu: Set to "h" or "v" + classname: 'ddsmoothmenu', //class added to menu's outer DIV + //customtheme: ["#cccc44", "#cccccc"], + contentsource: "markup" //"markup" or ["container_id", "path_to_menu_file"] + }); + </script> + <script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + $('[CookieTamperingAffectedArea]').attr("title", "Cookies may store system state information"); + $('[CookieTamperingAffectedArea]').balloon(); + }); + </script> +</head> +<body onload="onLoadOfBody(this);"> +<table class="main-table-frame" border="1px" cellspacing="0px" cellpadding="0px"> + <tr> + <td bgcolor="#ccccff" align="center" colspan="7"> + <table width="100%"> + <tr> + <td style="text-align:center;"> + <span style="text-align:center; font-weight: bold; font-size:30px; text-align: center;"> + <img style="vertical-align: middle; margin-right: 10px;" border="0px" width="50px" height="40px" align="top" src="./images/coykillericon.png"/> + NOWASP (Mutillidae): Hack Like You Mean It + </span> + </td> + </tr> + </table> + </td> + </tr> + <tr> + <td bgcolor="#ccccff" align="center" colspan="7"> + <span class="version-header">Version: 2.3.10</span> + <span id="idSecurityLevelHeading" class="version-header" style="margin-left: 40px;">Security Level: 0 (Hosed)</span> + <span id="idHintsStatusHeading" CookieTamperingAffectedArea="1" class="version-header" style="margin-left: 40px;">Hints: Disabled (0 - I try harder)</span> + <span id="idSystemInformationHeading" ReflectedXSSExecutionPoint="1" class="version-header" style="margin-left: 40px;">Not Logged In</span> + </td> + </tr> + <tr> + <td colspan="2" class="header-menu-table"> + <table class="header-menu-table"> + <tr> + <td><a href="index.php?page=home.php">Home</a></td> + <td>|</td> + <td> + <a href="./index.php?page=login.php">Login/Register</a> + </td> + <td>|</td> + <td><a href="./index.php?do=toggle-hints&page=show-log.php">Toggle Hints</a></td><td>|</td> <td><a href="./index.php?do=toggle-security&page=show-log.php">Toggle Security</a></td> + <td>|</td> + <td><a href="set-up-database.php">Reset DB</a></td> + <td>|</td> + <td><a href="./index.php?page=show-log.php">View Log</a></td> + <td>|</td> + <td><a href="./index.php?page=captured-data.php">View Captured Data</a></td> + <td>|</td> + <td><a href="./index.php?do=toggle-bubble-hints&page=show-log.php">Hide Popup Hints</a></td> + </tr> + </table> + </td> + </tr> + <tr> + <td style="vertical-align:top;text-align:left;background-color:#ccccff;width:10%"> + <div id="smoothmenu1" class="ddsmoothmenu"> + <ul> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">Core Controls</a> + <ul> + <li><a href="index.php?page=home.php">Home</a></li> + <li> + <a href="./index.php?page=login.php">Login/Register</a> </li> + <li><a href="./index.php?do=toggle-hints&page=show-log.php">Toggle Hints</a></li> <li><a href="./index.php?do=toggle-security&page=show-log.php">Toggle Security</a></li> + <li><a href="set-up-database.php">Setup/Reset the DB</a></li> + <li><a href="./index.php?page=show-log.php">Show Log</a></li> + <li><a href="./index.php?page=credits.php">Credits</a></li> + <li><a href="./index.php?do=toggle-bubble-hints&page=show-log.php">Hide Popup Hints</a></li> + </ul> + </li> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">OWASP Top 10</a> + <ul> + <li> + <a href="">A1 - SQL Injection</a> + <ul> + <li> + <a href="">SQLi - Extract Data</a> + <ul> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">SQLi - Bypass Authentication</a> + <ul> + <li><a href="./index.php?page=login.php">Login</a></li> + </ul> + </li> + <li> + <a href="">SQLi - Insert Injection</a> + <ul> + <li><a href="./index.php?page=register.php">Register</a></li> + </ul> + </li> + <li> + <a href="">Blind SQL via Timing</a> + <ul> + <li><a href="./index.php?page=login.php">Login</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">SQLMAP Practice Target</a> + <ul> + <li><a href="./index.php?page=view-someones-blog.php">View Someones Blog</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">Via JavaScript Object Notation (JSON)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href="">A1 - Other Injection</a> + <ul> + <li> + <a href="">HTML Injection (HTMLi)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + </ul> + </li> + <li> + <a href="">HTMLi via HTTP Headers</a> + <ul> + <li><a href="./index.php?page=site-footer-xss-discussion.php">Site Footer</a><li> + <li><a href="">HTTP Response Splitting (Hint: Difficult)</a></li> + </ul> + </li> + <li> + <a href="">HTMLi Via DOM Injection</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">HTMLi Via Cookie Injection</a> + <ul> + <li><a href="index.php?page=capture-data.php">Capture Data Page</a></li> + </ul> + </li> + <li> + <a href="">Frame Source Injection</a> + <ul> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Injection</a> + <ul> + <li><a href="./index.php">Those "Back" Buttons</a></li> + <li> + <a href="./index.php?page=password-generator.php&username=anonymous"> + Password Generator + </a> + </li> + <li><a href="./index.php?page=browser-info.php">Browser Info</a></li> + </ul> + </li> + <li> + <a href="">HTTP Parameter Pollution</a> + <ul> + <li><a href="./index.php?page=user-poll.php">Poll Question</a></li> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">Cascading Style Injection</a> + <ul> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Object Notation (JSON) Injection</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + <li> + <a href="">Buffer Overflow</a> + <ul> + <li><a href="./index.php?page=repeater.php">Repeater</a></li> + </ul> + </li> + <li> + <a href="">Parameter Addition</a> + <ul> + <li><a href="./index.php?page=repeater.php">Repeater</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href="">A2 - Cross Site Scripting (XSS)</a> + <ul> + <li> + <a href="">Reflected (First Order)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + <li><a href="./index.php?page=html5-storage.php">HTML5 Storage</a></li> + <li><a href="./index.php?page=capture-data.php">Capture Data Page</a></li> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">Persistent (Second Order)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="?page=view-someones-blog.php">View someone's blog</a></li> + <li><a href="?page=show-log.php">Show Log</a><li> + </ul> + </li> + <li> + <a href="">DOM Injection</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Via "Input" (GET/POST)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="?page=view-someones-blog.php">View someone's blog</a></li> + <li><a href="?page=show-log.php">Show Log</a><li> + <li><a href="?page=user-info.php">User Info</a></li> + <li><a href="./index.php">Missing HTTPOnly Attribute</a></li> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + </ul> + </li> + <li> + <a href="">Via HTTP Headers</a> + <ul> + <li><a href="./index.php?page=browser-info.php">Browser Info</a></li> + <li><a href="./index.php?page=show-log.php">Show Log</a><li> + <li><a href="./index.php?page=site-footer-xss-discussion.php">Site Footer</a><li> + <li><a href="./index.php?page=html5-storage.php">Those "BACK" Buttons</a></li> + </ul> + </li> + <li> + <a href="">Via Misconfiguration</a> + <ul> + <li><a href="./index.php">Missing HTTPOnly Attribute</a></li> + </ul> + </li> + <li> + <a href="">Against HTML 5 Storage</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Against JSON</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + </ul> + </li> + <li> + <a href="">Via Cookie Injection</a> + <ul> + <li><a href="index.php?page=capture-data.php">Capture Data Page</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href=""> + A3 - Broken Authentication and Session Management + </a> + <ul> + <li><a href="index.php">Cookies</a></li> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=view-user-privilege-level.php&iv=6bc24fc1ab650b25b4114e93a98f1eba">View User Privileges</a></li> + </ul> + </li> + <li> + <a href="">A4 - Insecure Direct Object References</a> + <ul> + <li><a href="index.php?page=source-viewer.php">Source Viewer</a></li> + <li><a href="index.php?page=credits.php">Credits</a></li> + <li><a href="index.php">Cookies</a></li> + <li><a href="index.php?page=arbitrary-file-inclusion.php">Arbitrary File Inclusion</a></li> + </ul> + </li> + <li> + <a href="">A5 - Cross Site Request Forgery (CSRF)</a> + <ul> + <li><a href="index.php?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="./index.php?page=register.php">Register User</a></li> + </ul> + </li> + <li> + <a href="">A6 - Security Misconfiguration</a> + <ul> + <li><a href="index.php?page=directory-browsing.php">Directory Browsing</a></li> + <li><a href="./index.php?page=user-info.php">Method Tampering (GET for POST)</a></li> + </ul> + </li> + <li> + <a href="">A7 - Insecure Cryptographic Storage</a> + <ul> + <li><a href="index.php?page=user-info.php">User Info</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">A8 - Failure to Restrict URL Access</a> + <ul> + <li><a href="index.php?page=source-viewer.php">Source Viewer</a></li> + <li><a href="index.php?page=secret-administrative-pages.php">"Secret" Administrative Pages</a></li> + <li><a href="index.php?page=robots-txt.php">Robots.txt</a></li> + </ul> + </li> + <li> + <a href="">A9 - Insufficient Transport Layer Protection</a> + <ul> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">A10 - Unvalidated Redirects and Forwards</a> + <ul> + <li><a href="?page=credits.php">Credits</a></li> + <a href="#">Setup/reset the DB (Disabled: Not Admin)</a></li> + + </ul> + </li> + </ul> + </li> + <li style="border-color: #ffffff; border-style: solid;border-width: 1px"> + <a href="#">HTML 5</a> + <ul> + <li> + <a href="">HTML 5 Web Storage</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Object Notation (JSON)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + <li> + <a href="">Asyncronous JavaScript and XML (AJAX)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + </ul> + </li> + <li style="border-color: #ffffff; border-style: solid;border-width: 1px"> + <a href="#">Others</a> + <ul> + <li> + <a href="">OWASP 2007 A3 - Malicious File Execution</a> + <ul> + <li><a href="?page=source-viewer.php">Source Viewer</a></li> + </ul> + </li> + <li> + <a href="">OWASP 2007 A6 - Information Leakage and Improper Error Handling</a> + <ul> + <li><a href="index.php">Cache Control</a></li> + <li><a href="index.php">X-Powered-By HTTP Header</a></li> + <li><a href="index.php">HTML/JavaScript Comments</a></li> + <li><a href="index.php?page=framing.php">Click-Jacking</a></li> + <li><a href="framer.html">Cross-Site Framing (Third-Party Framing)</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Denial of Service</a> + <ul> + <li><a href="?page=show-log.php">Show Web Log</a><li> + </ul> + </li> + <li> + <a href="">JavaScript "Security"</a> + <ul> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=user-info.php">User Info</a></li> + <li><a href="index.php?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="index.php?page=user-agent-impersonation.php">User-Agent Impersonation</a> + </li> + <li> + <a href="">Data Capture Pages</a> + <ul> + <li><a href="index.php?page=capture-data.php">Data Capture</a></li> + <li><a href="index.php?page=captured-data.php">View Captured Data</a></li> + </ul> + </li> + + </ul> + </li> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">Documentation</a> + <ul> + <li><a href="index.php?page=documentation/vulnerabilities.php">Listing of Vulnerabilities</a></li> + </ul> + </li> + </ul> + <br style="clear: left" /> + </div> + + <div class="label" style="text-align: center;">Developed by Adrian "Irongeek" Crenshaw and Jeremy Druin</div> + </td> + +<td valign="top"> + <blockquote> + <!-- Begin Content --> + + +<!-- Bubble hints code --> + +<script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div class="page-title">Log</div> + + + +<script type="text/javascript"> + $(function() { + $('[HTMLEventReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[HTMLEventReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div style="margin: 5px;"> + <span style="font-weight: bold;" HTMLEventReflectedXSSExecutionPoint="1"> + <a onclick="document.location.href='';" + style="cursor:pointer;"> + <img src="./images/back-button-128px-by-128px.png" + alt="Back" + width="64px" + height="64px" + align="middle" + /> + + Back + </a> + </span> +</div> +<table border="1px" width="100%" class="main-table-frame"><tr class="report-header"> <td colspan="10"> <span><img width="32px" height="32px" src="./images/information-icon-64-64.png" style="vertical-align:middle;" />74 log records found<span> <span title="Click to refresh log file" onclick="document.location.reload(true);" style="cursor: pointer;margin-left:35px;margin-right:35px;white-space:nowrap;font-weight:bold;"> <img width="32px" height="32px" src="./images/refresh-button-48px-by-48px.png" style="vertical-align:middle;" /> Refresh Logs </span> <span title="Click to delete log file" onclick="document.location='./index.php?page=show-log.php&deleteLogs=deleteLogs';" style="cursor: pointer;white-space:nowrap;font-weight:bold;"> <img width="32px" height="32px" src="./images/delete-icon-256-256.png" style="vertical-align:middle;" /> Delete Logs </span> </td></tr><tr class="report-header"> + <td style="font-weight:bold;">Hostname</td> + <td style="font-weight:bold;">IP</td> + <td style="font-weight:bold;">Browser Agent</td> + <td style="font-weight:bold;">Page Viewed</td> + <td style="font-weight:bold;">Date/Time</td> + </tr><tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:28:28</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:27:25</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: browser-info.php</td> + <td>2019-10-23 12:26:52</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:23:12</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:23:10</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Wget/1.20.3 (msys)</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:22:14</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Wget/1.20.3 (msys)</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:21:02</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Wget/1.20.3 (msys)</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:19:16</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:18:05</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:16:49</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Wget/1.20.3 (msys)</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:11:02</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Wget/1.20.3 (msys)</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:10:13</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Wget/1.20.3 (msys)</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:09:44</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Wget/1.20.3 (msys)</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:09:04</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Wget/1.20.3 (msys)</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:08:25</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Wget/1.20.3 (msys)</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:07:58</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Wget/1.20.3 (msys)</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:07:35</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Wget/1.20.3 (msys)</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:06:10</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Wget/1.20.3 (msys)</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:04:20</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:03:03</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:01:58</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:00:18</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:59:44</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:59:19</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:59:01</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:52:51</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:52:34</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:52:32</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:50:55</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:50:10</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:49:10</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:48:04</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:46:43</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:45:53</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:41:52</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:41:21</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:41:08</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:40:52</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: home.php</td> + <td>2019-10-23 11:40:42</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:38:42</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:36:13</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:34:22</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:29:36</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:21:41</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:19:38</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:16:55</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:15:04</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:14:32</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:13:58</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:11:59</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:10:23</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:09:52</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:08:49</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:05:51</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:05:28</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:05:11</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: browser-info.php</td> + <td>2019-10-23 11:04:47</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: site-footer-xss-discussion.php</td> + <td>2019-10-23 11:04:30</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: browser-info.php</td> + <td>2019-10-23 11:03:44</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">Blog entry added by: anonymous</td> + <td>2019-10-23 11:01:04</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">Selected blog entries for anonymous</td> + <td>2019-10-23 11:01:04</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: add-to-your-blog.php</td> + <td>2019-10-23 11:01:04</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">Blog entry added by: anonymous</td> + <td>2019-10-23 10:58:31</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">Selected blog entries for anonymous</td> + <td>2019-10-23 10:58:31</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: add-to-your-blog.php</td> + <td>2019-10-23 10:58:31</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">Selected blog entries for anonymous</td> + <td>2019-10-23 10:57:52</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: add-to-your-blog.php</td> + <td>2019-10-23 10:57:52</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: home.php</td> + <td>2019-10-23 10:57:44</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">Selected blog entries for anonymous</td> + <td>2019-10-23 10:57:01</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: add-to-your-blog.php</td> + <td>2019-10-23 10:57:01</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: home.php</td> + <td>2019-10-23 10:56:41</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">Selected blog entries for anonymous</td> + <td>2019-10-23 10:55:53</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: add-to-your-blog.php</td> + <td>2019-10-23 10:55:53</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: home.php</td> + <td>2019-10-23 10:55:05</td> + </tr> +</table> + <!-- End Content --> + </blockquote> + </td> + </tr> + </table> + + +<!-- Bubble hints code --> + +<script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div ReflectedXSSExecutionPoint=\"1\" class="footer">Browser: TEST!</div><div class="footer">PHP Version: 5.3.28</div></body> +</html><script type="text/javascript"> + try{ + window.localStorage.setItem("LocalStorageTarget","This is set by the index.php page"); + window.sessionStorage.setItem("SessionStorageTarget","This is set by the index.php page"); + }catch(e){ + alert(e); + }; + </script><script type="text/javascript" src="./javascript/jQuery/jquery-1.7.2.js"></script><script type="text/javascript" src="./javascript/jQuery/jquery.balloon.js"></script>
\ No newline at end of file diff --git a/hw7/index.php@page=show-log.php.1 b/hw7/index.php@page=show-log.php.1 new file mode 100644 index 0000000..30cbac6 --- /dev/null +++ b/hw7/index.php@page=show-log.php.1 @@ -0,0 +1,1068 @@ + + <!-- I think the database password is set to blank or perhaps samurai. + It depends on whether you installed this web app from irongeeks site or + are using it inside Kevin Johnsons Samurai web testing framework. + It is ok to put the password in HTML comments because no user will ever see + this comment. I remember that security instructor saying we should use the + framework comment symbols (ASP.NET, JAVA, PHP, Etc.) + rather than HTML comments, but we all know those + security instructors are just making all this up. --> +<!-- Bubble hints code --> + +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/1999/REC-html401-19991224/loose.dtd"> +<html> +<head> + <meta content="text/html; charset=us-ascii" http-equiv="content-type"> + + <link rel="shortcut icon" href="favicon.ico" type="image/x-icon" /> + <link rel="stylesheet" type="text/css" href="./styles/global-styles.css" /> + <link rel="stylesheet" type="text/css" href="./styles/ddsmoothmenu/ddsmoothmenu.css" /> + <link rel="stylesheet" type="text/css" href="./styles/ddsmoothmenu/ddsmoothmenu-v.css" /> + + <script type="text/javascript" src="./javascript/bookmark-site.js"></script> + <script type="text/javascript" src="./javascript/ddsmoothmenu/ddsmoothmenu.js"></script> + <script type="text/javascript" src="./javascript/ddsmoothmenu/jquery.min.js"> + /*********************************************** + * Smooth Navigational Menu- (c) Dynamic Drive DHTML code library (www.dynamicdrive.com) + * This notice MUST stay intact for legal use + * Visit Dynamic Drive at http://www.dynamicdrive.com/ for full source code + ***********************************************/ + </script> + <script type="text/javascript"> + ddsmoothmenu.init({ + mainmenuid: "smoothmenu1", //menu DIV id + orientation: 'v', //Horizontal or vertical menu: Set to "h" or "v" + classname: 'ddsmoothmenu', //class added to menu's outer DIV + //customtheme: ["#cccc44", "#cccccc"], + contentsource: "markup" //"markup" or ["container_id", "path_to_menu_file"] + }); + </script> + <script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + $('[CookieTamperingAffectedArea]').attr("title", "Cookies may store system state information"); + $('[CookieTamperingAffectedArea]').balloon(); + }); + </script> +</head> +<body onload="onLoadOfBody(this);"> +<table class="main-table-frame" border="1px" cellspacing="0px" cellpadding="0px"> + <tr> + <td bgcolor="#ccccff" align="center" colspan="7"> + <table width="100%"> + <tr> + <td style="text-align:center;"> + <span style="text-align:center; font-weight: bold; font-size:30px; text-align: center;"> + <img style="vertical-align: middle; margin-right: 10px;" border="0px" width="50px" height="40px" align="top" src="./images/coykillericon.png"/> + NOWASP (Mutillidae): Hack Like You Mean It + </span> + </td> + </tr> + </table> + </td> + </tr> + <tr> + <td bgcolor="#ccccff" align="center" colspan="7"> + <span class="version-header">Version: 2.3.10</span> + <span id="idSecurityLevelHeading" class="version-header" style="margin-left: 40px;">Security Level: 0 (Hosed)</span> + <span id="idHintsStatusHeading" CookieTamperingAffectedArea="1" class="version-header" style="margin-left: 40px;">Hints: Disabled (0 - I try harder)</span> + <span id="idSystemInformationHeading" ReflectedXSSExecutionPoint="1" class="version-header" style="margin-left: 40px;">Not Logged In</span> + </td> + </tr> + <tr> + <td colspan="2" class="header-menu-table"> + <table class="header-menu-table"> + <tr> + <td><a href="index.php?page=home.php">Home</a></td> + <td>|</td> + <td> + <a href="./index.php?page=login.php">Login/Register</a> + </td> + <td>|</td> + <td><a href="./index.php?do=toggle-hints&page=show-log.php">Toggle Hints</a></td><td>|</td> <td><a href="./index.php?do=toggle-security&page=show-log.php">Toggle Security</a></td> + <td>|</td> + <td><a href="set-up-database.php">Reset DB</a></td> + <td>|</td> + <td><a href="./index.php?page=show-log.php">View Log</a></td> + <td>|</td> + <td><a href="./index.php?page=captured-data.php">View Captured Data</a></td> + <td>|</td> + <td><a href="./index.php?do=toggle-bubble-hints&page=show-log.php">Hide Popup Hints</a></td> + </tr> + </table> + </td> + </tr> + <tr> + <td style="vertical-align:top;text-align:left;background-color:#ccccff;width:10%"> + <div id="smoothmenu1" class="ddsmoothmenu"> + <ul> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">Core Controls</a> + <ul> + <li><a href="index.php?page=home.php">Home</a></li> + <li> + <a href="./index.php?page=login.php">Login/Register</a> </li> + <li><a href="./index.php?do=toggle-hints&page=show-log.php">Toggle Hints</a></li> <li><a href="./index.php?do=toggle-security&page=show-log.php">Toggle Security</a></li> + <li><a href="set-up-database.php">Setup/Reset the DB</a></li> + <li><a href="./index.php?page=show-log.php">Show Log</a></li> + <li><a href="./index.php?page=credits.php">Credits</a></li> + <li><a href="./index.php?do=toggle-bubble-hints&page=show-log.php">Hide Popup Hints</a></li> + </ul> + </li> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">OWASP Top 10</a> + <ul> + <li> + <a href="">A1 - SQL Injection</a> + <ul> + <li> + <a href="">SQLi - Extract Data</a> + <ul> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">SQLi - Bypass Authentication</a> + <ul> + <li><a href="./index.php?page=login.php">Login</a></li> + </ul> + </li> + <li> + <a href="">SQLi - Insert Injection</a> + <ul> + <li><a href="./index.php?page=register.php">Register</a></li> + </ul> + </li> + <li> + <a href="">Blind SQL via Timing</a> + <ul> + <li><a href="./index.php?page=login.php">Login</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">SQLMAP Practice Target</a> + <ul> + <li><a href="./index.php?page=view-someones-blog.php">View Someones Blog</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">Via JavaScript Object Notation (JSON)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href="">A1 - Other Injection</a> + <ul> + <li> + <a href="">HTML Injection (HTMLi)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + </ul> + </li> + <li> + <a href="">HTMLi via HTTP Headers</a> + <ul> + <li><a href="./index.php?page=site-footer-xss-discussion.php">Site Footer</a><li> + <li><a href="">HTTP Response Splitting (Hint: Difficult)</a></li> + </ul> + </li> + <li> + <a href="">HTMLi Via DOM Injection</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">HTMLi Via Cookie Injection</a> + <ul> + <li><a href="index.php?page=capture-data.php">Capture Data Page</a></li> + </ul> + </li> + <li> + <a href="">Frame Source Injection</a> + <ul> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Injection</a> + <ul> + <li><a href="./index.php">Those "Back" Buttons</a></li> + <li> + <a href="./index.php?page=password-generator.php&username=anonymous"> + Password Generator + </a> + </li> + <li><a href="./index.php?page=browser-info.php">Browser Info</a></li> + </ul> + </li> + <li> + <a href="">HTTP Parameter Pollution</a> + <ul> + <li><a href="./index.php?page=user-poll.php">Poll Question</a></li> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">Cascading Style Injection</a> + <ul> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Object Notation (JSON) Injection</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + <li> + <a href="">Buffer Overflow</a> + <ul> + <li><a href="./index.php?page=repeater.php">Repeater</a></li> + </ul> + </li> + <li> + <a href="">Parameter Addition</a> + <ul> + <li><a href="./index.php?page=repeater.php">Repeater</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href="">A2 - Cross Site Scripting (XSS)</a> + <ul> + <li> + <a href="">Reflected (First Order)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + <li><a href="./index.php?page=html5-storage.php">HTML5 Storage</a></li> + <li><a href="./index.php?page=capture-data.php">Capture Data Page</a></li> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">Persistent (Second Order)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="?page=view-someones-blog.php">View someone's blog</a></li> + <li><a href="?page=show-log.php">Show Log</a><li> + </ul> + </li> + <li> + <a href="">DOM Injection</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Via "Input" (GET/POST)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="?page=view-someones-blog.php">View someone's blog</a></li> + <li><a href="?page=show-log.php">Show Log</a><li> + <li><a href="?page=user-info.php">User Info</a></li> + <li><a href="./index.php">Missing HTTPOnly Attribute</a></li> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + </ul> + </li> + <li> + <a href="">Via HTTP Headers</a> + <ul> + <li><a href="./index.php?page=browser-info.php">Browser Info</a></li> + <li><a href="./index.php?page=show-log.php">Show Log</a><li> + <li><a href="./index.php?page=site-footer-xss-discussion.php">Site Footer</a><li> + <li><a href="./index.php?page=html5-storage.php">Those "BACK" Buttons</a></li> + </ul> + </li> + <li> + <a href="">Via Misconfiguration</a> + <ul> + <li><a href="./index.php">Missing HTTPOnly Attribute</a></li> + </ul> + </li> + <li> + <a href="">Against HTML 5 Storage</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Against JSON</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + </ul> + </li> + <li> + <a href="">Via Cookie Injection</a> + <ul> + <li><a href="index.php?page=capture-data.php">Capture Data Page</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href=""> + A3 - Broken Authentication and Session Management + </a> + <ul> + <li><a href="index.php">Cookies</a></li> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=view-user-privilege-level.php&iv=6bc24fc1ab650b25b4114e93a98f1eba">View User Privileges</a></li> + </ul> + </li> + <li> + <a href="">A4 - Insecure Direct Object References</a> + <ul> + <li><a href="index.php?page=source-viewer.php">Source Viewer</a></li> + <li><a href="index.php?page=credits.php">Credits</a></li> + <li><a href="index.php">Cookies</a></li> + <li><a href="index.php?page=arbitrary-file-inclusion.php">Arbitrary File Inclusion</a></li> + </ul> + </li> + <li> + <a href="">A5 - Cross Site Request Forgery (CSRF)</a> + <ul> + <li><a href="index.php?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="./index.php?page=register.php">Register User</a></li> + </ul> + </li> + <li> + <a href="">A6 - Security Misconfiguration</a> + <ul> + <li><a href="index.php?page=directory-browsing.php">Directory Browsing</a></li> + <li><a href="./index.php?page=user-info.php">Method Tampering (GET for POST)</a></li> + </ul> + </li> + <li> + <a href="">A7 - Insecure Cryptographic Storage</a> + <ul> + <li><a href="index.php?page=user-info.php">User Info</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">A8 - Failure to Restrict URL Access</a> + <ul> + <li><a href="index.php?page=source-viewer.php">Source Viewer</a></li> + <li><a href="index.php?page=secret-administrative-pages.php">"Secret" Administrative Pages</a></li> + <li><a href="index.php?page=robots-txt.php">Robots.txt</a></li> + </ul> + </li> + <li> + <a href="">A9 - Insufficient Transport Layer Protection</a> + <ul> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">A10 - Unvalidated Redirects and Forwards</a> + <ul> + <li><a href="?page=credits.php">Credits</a></li> + <a href="#">Setup/reset the DB (Disabled: Not Admin)</a></li> + + </ul> + </li> + </ul> + </li> + <li style="border-color: #ffffff; border-style: solid;border-width: 1px"> + <a href="#">HTML 5</a> + <ul> + <li> + <a href="">HTML 5 Web Storage</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Object Notation (JSON)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + <li> + <a href="">Asyncronous JavaScript and XML (AJAX)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + </ul> + </li> + <li style="border-color: #ffffff; border-style: solid;border-width: 1px"> + <a href="#">Others</a> + <ul> + <li> + <a href="">OWASP 2007 A3 - Malicious File Execution</a> + <ul> + <li><a href="?page=source-viewer.php">Source Viewer</a></li> + </ul> + </li> + <li> + <a href="">OWASP 2007 A6 - Information Leakage and Improper Error Handling</a> + <ul> + <li><a href="index.php">Cache Control</a></li> + <li><a href="index.php">X-Powered-By HTTP Header</a></li> + <li><a href="index.php">HTML/JavaScript Comments</a></li> + <li><a href="index.php?page=framing.php">Click-Jacking</a></li> + <li><a href="framer.html">Cross-Site Framing (Third-Party Framing)</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Denial of Service</a> + <ul> + <li><a href="?page=show-log.php">Show Web Log</a><li> + </ul> + </li> + <li> + <a href="">JavaScript "Security"</a> + <ul> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=user-info.php">User Info</a></li> + <li><a href="index.php?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="index.php?page=user-agent-impersonation.php">User-Agent Impersonation</a> + </li> + <li> + <a href="">Data Capture Pages</a> + <ul> + <li><a href="index.php?page=capture-data.php">Data Capture</a></li> + <li><a href="index.php?page=captured-data.php">View Captured Data</a></li> + </ul> + </li> + + </ul> + </li> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">Documentation</a> + <ul> + <li><a href="index.php?page=documentation/vulnerabilities.php">Listing of Vulnerabilities</a></li> + </ul> + </li> + </ul> + <br style="clear: left" /> + </div> + + <div class="label" style="text-align: center;">Developed by Adrian "Irongeek" Crenshaw and Jeremy Druin</div> + </td> + +<td valign="top"> + <blockquote> + <!-- Begin Content --> + + +<!-- Bubble hints code --> + +<script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div class="page-title">Log</div> + + + +<script type="text/javascript"> + $(function() { + $('[HTMLEventReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[HTMLEventReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div style="margin: 5px;"> + <span style="font-weight: bold;" HTMLEventReflectedXSSExecutionPoint="1"> + <a onclick="document.location.href='';" + style="cursor:pointer;"> + <img src="./images/back-button-128px-by-128px.png" + alt="Back" + width="64px" + height="64px" + align="middle" + /> + + Back + </a> + </span> +</div> +<table border="1px" width="100%" class="main-table-frame"><tr class="report-header"> <td colspan="10"> <span><img width="32px" height="32px" src="./images/information-icon-64-64.png" style="vertical-align:middle;" />76 log records found<span> <span title="Click to refresh log file" onclick="document.location.reload(true);" style="cursor: pointer;margin-left:35px;margin-right:35px;white-space:nowrap;font-weight:bold;"> <img width="32px" height="32px" src="./images/refresh-button-48px-by-48px.png" style="vertical-align:middle;" /> Refresh Logs </span> <span title="Click to delete log file" onclick="document.location='./index.php?page=show-log.php&deleteLogs=deleteLogs';" style="cursor: pointer;white-space:nowrap;font-weight:bold;"> <img width="32px" height="32px" src="./images/delete-icon-256-256.png" style="vertical-align:middle;" /> Delete Logs </span> </td></tr><tr class="report-header"> + <td style="font-weight:bold;">Hostname</td> + <td style="font-weight:bold;">IP</td> + <td style="font-weight:bold;">Browser Agent</td> + <td style="font-weight:bold;">Page Viewed</td> + <td style="font-weight:bold;">Date/Time</td> + </tr><tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:29:34</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">TEST!</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:29:28</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:28:28</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:27:25</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: browser-info.php</td> + <td>2019-10-23 12:26:52</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:23:12</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:23:10</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Wget/1.20.3 (msys)</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:22:14</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Wget/1.20.3 (msys)</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:21:02</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Wget/1.20.3 (msys)</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:19:16</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:18:05</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:16:49</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Wget/1.20.3 (msys)</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:11:02</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Wget/1.20.3 (msys)</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:10:13</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Wget/1.20.3 (msys)</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:09:44</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Wget/1.20.3 (msys)</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:09:04</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Wget/1.20.3 (msys)</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:08:25</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Wget/1.20.3 (msys)</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:07:58</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Wget/1.20.3 (msys)</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:07:35</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Wget/1.20.3 (msys)</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:06:10</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Wget/1.20.3 (msys)</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:04:20</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:03:03</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:01:58</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:00:18</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:59:44</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:59:19</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:59:01</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:52:51</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:52:34</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:52:32</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:50:55</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:50:10</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:49:10</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:48:04</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:46:43</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:45:53</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:41:52</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:41:21</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:41:08</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:40:52</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: home.php</td> + <td>2019-10-23 11:40:42</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:38:42</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:36:13</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:34:22</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:29:36</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:21:41</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:19:38</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:16:55</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:15:04</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:14:32</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:13:58</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:11:59</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:10:23</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:09:52</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:08:49</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:05:51</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:05:28</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:05:11</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: browser-info.php</td> + <td>2019-10-23 11:04:47</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: site-footer-xss-discussion.php</td> + <td>2019-10-23 11:04:30</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: browser-info.php</td> + <td>2019-10-23 11:03:44</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">Blog entry added by: anonymous</td> + <td>2019-10-23 11:01:04</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">Selected blog entries for anonymous</td> + <td>2019-10-23 11:01:04</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: add-to-your-blog.php</td> + <td>2019-10-23 11:01:04</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">Blog entry added by: anonymous</td> + <td>2019-10-23 10:58:31</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">Selected blog entries for anonymous</td> + <td>2019-10-23 10:58:31</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: add-to-your-blog.php</td> + <td>2019-10-23 10:58:31</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">Selected blog entries for anonymous</td> + <td>2019-10-23 10:57:52</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: add-to-your-blog.php</td> + <td>2019-10-23 10:57:52</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: home.php</td> + <td>2019-10-23 10:57:44</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">Selected blog entries for anonymous</td> + <td>2019-10-23 10:57:01</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: add-to-your-blog.php</td> + <td>2019-10-23 10:57:01</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: home.php</td> + <td>2019-10-23 10:56:41</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">Selected blog entries for anonymous</td> + <td>2019-10-23 10:55:53</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: add-to-your-blog.php</td> + <td>2019-10-23 10:55:53</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: home.php</td> + <td>2019-10-23 10:55:05</td> + </tr> +</table> + <!-- End Content --> + </blockquote> + </td> + </tr> + </table> + + +<!-- Bubble hints code --> + +<script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div ReflectedXSSExecutionPoint=\"1\" class="footer">Browser: <b>test</b></div><div class="footer">PHP Version: 5.3.28</div></body> +</html><script type="text/javascript"> + try{ + window.localStorage.setItem("LocalStorageTarget","This is set by the index.php page"); + window.sessionStorage.setItem("SessionStorageTarget","This is set by the index.php page"); + }catch(e){ + alert(e); + }; + </script><script type="text/javascript" src="./javascript/jQuery/jquery-1.7.2.js"></script><script type="text/javascript" src="./javascript/jQuery/jquery.balloon.js"></script>
\ No newline at end of file diff --git a/hw7/index.php@page=show-log.php.10 b/hw7/index.php@page=show-log.php.10 new file mode 100644 index 0000000..7cddd75 --- /dev/null +++ b/hw7/index.php@page=show-log.php.10 @@ -0,0 +1,613 @@ + + <!-- I think the database password is set to blank or perhaps samurai. + It depends on whether you installed this web app from irongeeks site or + are using it inside Kevin Johnsons Samurai web testing framework. + It is ok to put the password in HTML comments because no user will ever see + this comment. I remember that security instructor saying we should use the + framework comment symbols (ASP.NET, JAVA, PHP, Etc.) + rather than HTML comments, but we all know those + security instructors are just making all this up. --> +<!-- Bubble hints code --> + +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/1999/REC-html401-19991224/loose.dtd"> +<html> +<head> + <meta content="text/html; charset=us-ascii" http-equiv="content-type"> + + <link rel="shortcut icon" href="favicon.ico" type="image/x-icon" /> + <link rel="stylesheet" type="text/css" href="./styles/global-styles.css" /> + <link rel="stylesheet" type="text/css" href="./styles/ddsmoothmenu/ddsmoothmenu.css" /> + <link rel="stylesheet" type="text/css" href="./styles/ddsmoothmenu/ddsmoothmenu-v.css" /> + + <script type="text/javascript" src="./javascript/bookmark-site.js"></script> + <script type="text/javascript" src="./javascript/ddsmoothmenu/ddsmoothmenu.js"></script> + <script type="text/javascript" src="./javascript/ddsmoothmenu/jquery.min.js"> + /*********************************************** + * Smooth Navigational Menu- (c) Dynamic Drive DHTML code library (www.dynamicdrive.com) + * This notice MUST stay intact for legal use + * Visit Dynamic Drive at http://www.dynamicdrive.com/ for full source code + ***********************************************/ + </script> + <script type="text/javascript"> + ddsmoothmenu.init({ + mainmenuid: "smoothmenu1", //menu DIV id + orientation: 'v', //Horizontal or vertical menu: Set to "h" or "v" + classname: 'ddsmoothmenu', //class added to menu's outer DIV + //customtheme: ["#cccc44", "#cccccc"], + contentsource: "markup" //"markup" or ["container_id", "path_to_menu_file"] + }); + </script> + <script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + $('[CookieTamperingAffectedArea]').attr("title", "Cookies may store system state information"); + $('[CookieTamperingAffectedArea]').balloon(); + }); + </script> +</head> +<body onload="onLoadOfBody(this);"> +<table class="main-table-frame" border="1px" cellspacing="0px" cellpadding="0px"> + <tr> + <td bgcolor="#ccccff" align="center" colspan="7"> + <table width="100%"> + <tr> + <td style="text-align:center;"> + <span style="text-align:center; font-weight: bold; font-size:30px; text-align: center;"> + <img style="vertical-align: middle; margin-right: 10px;" border="0px" width="50px" height="40px" align="top" src="./images/coykillericon.png"/> + NOWASP (Mutillidae): Hack Like You Mean It + </span> + </td> + </tr> + </table> + </td> + </tr> + <tr> + <td bgcolor="#ccccff" align="center" colspan="7"> + <span class="version-header">Version: 2.3.10</span> + <span id="idSecurityLevelHeading" class="version-header" style="margin-left: 40px;">Security Level: 0 (Hosed)</span> + <span id="idHintsStatusHeading" CookieTamperingAffectedArea="1" class="version-header" style="margin-left: 40px;">Hints: Disabled (0 - I try harder)</span> + <span id="idSystemInformationHeading" ReflectedXSSExecutionPoint="1" class="version-header" style="margin-left: 40px;">Not Logged In</span> + </td> + </tr> + <tr> + <td colspan="2" class="header-menu-table"> + <table class="header-menu-table"> + <tr> + <td><a href="index.php?page=home.php">Home</a></td> + <td>|</td> + <td> + <a href="./index.php?page=login.php">Login/Register</a> + </td> + <td>|</td> + <td><a href="./index.php?do=toggle-hints&page=show-log.php">Toggle Hints</a></td><td>|</td> <td><a href="./index.php?do=toggle-security&page=show-log.php">Toggle Security</a></td> + <td>|</td> + <td><a href="set-up-database.php">Reset DB</a></td> + <td>|</td> + <td><a href="./index.php?page=show-log.php">View Log</a></td> + <td>|</td> + <td><a href="./index.php?page=captured-data.php">View Captured Data</a></td> + <td>|</td> + <td><a href="./index.php?do=toggle-bubble-hints&page=show-log.php">Hide Popup Hints</a></td> + </tr> + </table> + </td> + </tr> + <tr> + <td style="vertical-align:top;text-align:left;background-color:#ccccff;width:10%"> + <div id="smoothmenu1" class="ddsmoothmenu"> + <ul> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">Core Controls</a> + <ul> + <li><a href="index.php?page=home.php">Home</a></li> + <li> + <a href="./index.php?page=login.php">Login/Register</a> </li> + <li><a href="./index.php?do=toggle-hints&page=show-log.php">Toggle Hints</a></li> <li><a href="./index.php?do=toggle-security&page=show-log.php">Toggle Security</a></li> + <li><a href="set-up-database.php">Setup/Reset the DB</a></li> + <li><a href="./index.php?page=show-log.php">Show Log</a></li> + <li><a href="./index.php?page=credits.php">Credits</a></li> + <li><a href="./index.php?do=toggle-bubble-hints&page=show-log.php">Hide Popup Hints</a></li> + </ul> + </li> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">OWASP Top 10</a> + <ul> + <li> + <a href="">A1 - SQL Injection</a> + <ul> + <li> + <a href="">SQLi - Extract Data</a> + <ul> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">SQLi - Bypass Authentication</a> + <ul> + <li><a href="./index.php?page=login.php">Login</a></li> + </ul> + </li> + <li> + <a href="">SQLi - Insert Injection</a> + <ul> + <li><a href="./index.php?page=register.php">Register</a></li> + </ul> + </li> + <li> + <a href="">Blind SQL via Timing</a> + <ul> + <li><a href="./index.php?page=login.php">Login</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">SQLMAP Practice Target</a> + <ul> + <li><a href="./index.php?page=view-someones-blog.php">View Someones Blog</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">Via JavaScript Object Notation (JSON)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href="">A1 - Other Injection</a> + <ul> + <li> + <a href="">HTML Injection (HTMLi)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + </ul> + </li> + <li> + <a href="">HTMLi via HTTP Headers</a> + <ul> + <li><a href="./index.php?page=site-footer-xss-discussion.php">Site Footer</a><li> + <li><a href="">HTTP Response Splitting (Hint: Difficult)</a></li> + </ul> + </li> + <li> + <a href="">HTMLi Via DOM Injection</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">HTMLi Via Cookie Injection</a> + <ul> + <li><a href="index.php?page=capture-data.php">Capture Data Page</a></li> + </ul> + </li> + <li> + <a href="">Frame Source Injection</a> + <ul> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Injection</a> + <ul> + <li><a href="./index.php">Those "Back" Buttons</a></li> + <li> + <a href="./index.php?page=password-generator.php&username=anonymous"> + Password Generator + </a> + </li> + <li><a href="./index.php?page=browser-info.php">Browser Info</a></li> + </ul> + </li> + <li> + <a href="">HTTP Parameter Pollution</a> + <ul> + <li><a href="./index.php?page=user-poll.php">Poll Question</a></li> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">Cascading Style Injection</a> + <ul> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Object Notation (JSON) Injection</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + <li> + <a href="">Buffer Overflow</a> + <ul> + <li><a href="./index.php?page=repeater.php">Repeater</a></li> + </ul> + </li> + <li> + <a href="">Parameter Addition</a> + <ul> + <li><a href="./index.php?page=repeater.php">Repeater</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href="">A2 - Cross Site Scripting (XSS)</a> + <ul> + <li> + <a href="">Reflected (First Order)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + <li><a href="./index.php?page=html5-storage.php">HTML5 Storage</a></li> + <li><a href="./index.php?page=capture-data.php">Capture Data Page</a></li> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">Persistent (Second Order)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="?page=view-someones-blog.php">View someone's blog</a></li> + <li><a href="?page=show-log.php">Show Log</a><li> + </ul> + </li> + <li> + <a href="">DOM Injection</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Via "Input" (GET/POST)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="?page=view-someones-blog.php">View someone's blog</a></li> + <li><a href="?page=show-log.php">Show Log</a><li> + <li><a href="?page=user-info.php">User Info</a></li> + <li><a href="./index.php">Missing HTTPOnly Attribute</a></li> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + </ul> + </li> + <li> + <a href="">Via HTTP Headers</a> + <ul> + <li><a href="./index.php?page=browser-info.php">Browser Info</a></li> + <li><a href="./index.php?page=show-log.php">Show Log</a><li> + <li><a href="./index.php?page=site-footer-xss-discussion.php">Site Footer</a><li> + <li><a href="./index.php?page=html5-storage.php">Those "BACK" Buttons</a></li> + </ul> + </li> + <li> + <a href="">Via Misconfiguration</a> + <ul> + <li><a href="./index.php">Missing HTTPOnly Attribute</a></li> + </ul> + </li> + <li> + <a href="">Against HTML 5 Storage</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Against JSON</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + </ul> + </li> + <li> + <a href="">Via Cookie Injection</a> + <ul> + <li><a href="index.php?page=capture-data.php">Capture Data Page</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href=""> + A3 - Broken Authentication and Session Management + </a> + <ul> + <li><a href="index.php">Cookies</a></li> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=view-user-privilege-level.php&iv=6bc24fc1ab650b25b4114e93a98f1eba">View User Privileges</a></li> + </ul> + </li> + <li> + <a href="">A4 - Insecure Direct Object References</a> + <ul> + <li><a href="index.php?page=source-viewer.php">Source Viewer</a></li> + <li><a href="index.php?page=credits.php">Credits</a></li> + <li><a href="index.php">Cookies</a></li> + <li><a href="index.php?page=arbitrary-file-inclusion.php">Arbitrary File Inclusion</a></li> + </ul> + </li> + <li> + <a href="">A5 - Cross Site Request Forgery (CSRF)</a> + <ul> + <li><a href="index.php?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="./index.php?page=register.php">Register User</a></li> + </ul> + </li> + <li> + <a href="">A6 - Security Misconfiguration</a> + <ul> + <li><a href="index.php?page=directory-browsing.php">Directory Browsing</a></li> + <li><a href="./index.php?page=user-info.php">Method Tampering (GET for POST)</a></li> + </ul> + </li> + <li> + <a href="">A7 - Insecure Cryptographic Storage</a> + <ul> + <li><a href="index.php?page=user-info.php">User Info</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">A8 - Failure to Restrict URL Access</a> + <ul> + <li><a href="index.php?page=source-viewer.php">Source Viewer</a></li> + <li><a href="index.php?page=secret-administrative-pages.php">"Secret" Administrative Pages</a></li> + <li><a href="index.php?page=robots-txt.php">Robots.txt</a></li> + </ul> + </li> + <li> + <a href="">A9 - Insufficient Transport Layer Protection</a> + <ul> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">A10 - Unvalidated Redirects and Forwards</a> + <ul> + <li><a href="?page=credits.php">Credits</a></li> + <a href="#">Setup/reset the DB (Disabled: Not Admin)</a></li> + + </ul> + </li> + </ul> + </li> + <li style="border-color: #ffffff; border-style: solid;border-width: 1px"> + <a href="#">HTML 5</a> + <ul> + <li> + <a href="">HTML 5 Web Storage</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Object Notation (JSON)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + <li> + <a href="">Asyncronous JavaScript and XML (AJAX)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + </ul> + </li> + <li style="border-color: #ffffff; border-style: solid;border-width: 1px"> + <a href="#">Others</a> + <ul> + <li> + <a href="">OWASP 2007 A3 - Malicious File Execution</a> + <ul> + <li><a href="?page=source-viewer.php">Source Viewer</a></li> + </ul> + </li> + <li> + <a href="">OWASP 2007 A6 - Information Leakage and Improper Error Handling</a> + <ul> + <li><a href="index.php">Cache Control</a></li> + <li><a href="index.php">X-Powered-By HTTP Header</a></li> + <li><a href="index.php">HTML/JavaScript Comments</a></li> + <li><a href="index.php?page=framing.php">Click-Jacking</a></li> + <li><a href="framer.html">Cross-Site Framing (Third-Party Framing)</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Denial of Service</a> + <ul> + <li><a href="?page=show-log.php">Show Web Log</a><li> + </ul> + </li> + <li> + <a href="">JavaScript "Security"</a> + <ul> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=user-info.php">User Info</a></li> + <li><a href="index.php?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="index.php?page=user-agent-impersonation.php">User-Agent Impersonation</a> + </li> + <li> + <a href="">Data Capture Pages</a> + <ul> + <li><a href="index.php?page=capture-data.php">Data Capture</a></li> + <li><a href="index.php?page=captured-data.php">View Captured Data</a></li> + </ul> + </li> + + </ul> + </li> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">Documentation</a> + <ul> + <li><a href="index.php?page=documentation/vulnerabilities.php">Listing of Vulnerabilities</a></li> + </ul> + </li> + </ul> + <br style="clear: left" /> + </div> + + <div class="label" style="text-align: center;">Developed by Adrian "Irongeek" Crenshaw and Jeremy Druin</div> + </td> + +<td valign="top"> + <blockquote> + <!-- Begin Content --> + + +<!-- Bubble hints code --> + +<script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div class="page-title">Log</div> + + + +<script type="text/javascript"> + $(function() { + $('[HTMLEventReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[HTMLEventReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div style="margin: 5px;"> + <span style="font-weight: bold;" HTMLEventReflectedXSSExecutionPoint="1"> + <a onclick="document.location.href='';" + style="cursor:pointer;"> + <img src="./images/back-button-128px-by-128px.png" + alt="Back" + width="64px" + height="64px" + align="middle" + /> + + Back + </a> + </span> +</div> +<table border="1px" width="100%" class="main-table-frame"><tr class="report-header"> <td colspan="10"> <span><img width="32px" height="32px" src="./images/information-icon-64-64.png" style="vertical-align:middle;" />11 log records found<span> <span title="Click to refresh log file" onclick="document.location.reload(true);" style="cursor: pointer;margin-left:35px;margin-right:35px;white-space:nowrap;font-weight:bold;"> <img width="32px" height="32px" src="./images/refresh-button-48px-by-48px.png" style="vertical-align:middle;" /> Refresh Logs </span> <span title="Click to delete log file" onclick="document.location='./index.php?page=show-log.php&deleteLogs=deleteLogs';" style="cursor: pointer;white-space:nowrap;font-weight:bold;"> <img width="32px" height="32px" src="./images/delete-icon-256-256.png" style="vertical-align:middle;" /> Delete Logs </span> </td></tr><tr class="report-header"> + <td style="font-weight:bold;">Hostname</td> + <td style="font-weight:bold;">IP</td> + <td style="font-weight:bold;">Browser Agent</td> + <td style="font-weight:bold;">Page Viewed</td> + <td style="font-weight:bold;">Date/Time</td> + </tr><tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:39:52</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1"><script>console.log(1)</script></td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:39:48</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:39:19</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:38:55</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1"><script>/*test*/</script></td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:38:52</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:38:39</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1"><u>test2</u></td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:38:37</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:38:26</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:38:25</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:38:24</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:38:19</td> + </tr> +</table> + <!-- End Content --> + </blockquote> + </td> + </tr> + </table> + + +<!-- Bubble hints code --> + +<script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div ReflectedXSSExecutionPoint=\"1\" class="footer">Browser: <script>console.log(document.cookie)</script></div><div class="footer">PHP Version: 5.3.28</div></body> +</html><script type="text/javascript"> + try{ + window.localStorage.setItem("LocalStorageTarget","This is set by the index.php page"); + window.sessionStorage.setItem("SessionStorageTarget","This is set by the index.php page"); + }catch(e){ + alert(e); + }; + </script><script type="text/javascript" src="./javascript/jQuery/jquery-1.7.2.js"></script><script type="text/javascript" src="./javascript/jQuery/jquery.balloon.js"></script>
\ No newline at end of file diff --git a/hw7/index.php@page=show-log.php.11 b/hw7/index.php@page=show-log.php.11 new file mode 100644 index 0000000..814ea10 --- /dev/null +++ b/hw7/index.php@page=show-log.php.11 @@ -0,0 +1,634 @@ + + <!-- I think the database password is set to blank or perhaps samurai. + It depends on whether you installed this web app from irongeeks site or + are using it inside Kevin Johnsons Samurai web testing framework. + It is ok to put the password in HTML comments because no user will ever see + this comment. I remember that security instructor saying we should use the + framework comment symbols (ASP.NET, JAVA, PHP, Etc.) + rather than HTML comments, but we all know those + security instructors are just making all this up. --> +<!-- Bubble hints code --> + +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/1999/REC-html401-19991224/loose.dtd"> +<html> +<head> + <meta content="text/html; charset=us-ascii" http-equiv="content-type"> + + <link rel="shortcut icon" href="favicon.ico" type="image/x-icon" /> + <link rel="stylesheet" type="text/css" href="./styles/global-styles.css" /> + <link rel="stylesheet" type="text/css" href="./styles/ddsmoothmenu/ddsmoothmenu.css" /> + <link rel="stylesheet" type="text/css" href="./styles/ddsmoothmenu/ddsmoothmenu-v.css" /> + + <script type="text/javascript" src="./javascript/bookmark-site.js"></script> + <script type="text/javascript" src="./javascript/ddsmoothmenu/ddsmoothmenu.js"></script> + <script type="text/javascript" src="./javascript/ddsmoothmenu/jquery.min.js"> + /*********************************************** + * Smooth Navigational Menu- (c) Dynamic Drive DHTML code library (www.dynamicdrive.com) + * This notice MUST stay intact for legal use + * Visit Dynamic Drive at http://www.dynamicdrive.com/ for full source code + ***********************************************/ + </script> + <script type="text/javascript"> + ddsmoothmenu.init({ + mainmenuid: "smoothmenu1", //menu DIV id + orientation: 'v', //Horizontal or vertical menu: Set to "h" or "v" + classname: 'ddsmoothmenu', //class added to menu's outer DIV + //customtheme: ["#cccc44", "#cccccc"], + contentsource: "markup" //"markup" or ["container_id", "path_to_menu_file"] + }); + </script> + <script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + $('[CookieTamperingAffectedArea]').attr("title", "Cookies may store system state information"); + $('[CookieTamperingAffectedArea]').balloon(); + }); + </script> +</head> +<body onload="onLoadOfBody(this);"> +<table class="main-table-frame" border="1px" cellspacing="0px" cellpadding="0px"> + <tr> + <td bgcolor="#ccccff" align="center" colspan="7"> + <table width="100%"> + <tr> + <td style="text-align:center;"> + <span style="text-align:center; font-weight: bold; font-size:30px; text-align: center;"> + <img style="vertical-align: middle; margin-right: 10px;" border="0px" width="50px" height="40px" align="top" src="./images/coykillericon.png"/> + NOWASP (Mutillidae): Hack Like You Mean It + </span> + </td> + </tr> + </table> + </td> + </tr> + <tr> + <td bgcolor="#ccccff" align="center" colspan="7"> + <span class="version-header">Version: 2.3.10</span> + <span id="idSecurityLevelHeading" class="version-header" style="margin-left: 40px;">Security Level: 0 (Hosed)</span> + <span id="idHintsStatusHeading" CookieTamperingAffectedArea="1" class="version-header" style="margin-left: 40px;">Hints: Disabled (0 - I try harder)</span> + <span id="idSystemInformationHeading" ReflectedXSSExecutionPoint="1" class="version-header" style="margin-left: 40px;">Not Logged In</span> + </td> + </tr> + <tr> + <td colspan="2" class="header-menu-table"> + <table class="header-menu-table"> + <tr> + <td><a href="index.php?page=home.php">Home</a></td> + <td>|</td> + <td> + <a href="./index.php?page=login.php">Login/Register</a> + </td> + <td>|</td> + <td><a href="./index.php?do=toggle-hints&page=show-log.php">Toggle Hints</a></td><td>|</td> <td><a href="./index.php?do=toggle-security&page=show-log.php">Toggle Security</a></td> + <td>|</td> + <td><a href="set-up-database.php">Reset DB</a></td> + <td>|</td> + <td><a href="./index.php?page=show-log.php">View Log</a></td> + <td>|</td> + <td><a href="./index.php?page=captured-data.php">View Captured Data</a></td> + <td>|</td> + <td><a href="./index.php?do=toggle-bubble-hints&page=show-log.php">Hide Popup Hints</a></td> + </tr> + </table> + </td> + </tr> + <tr> + <td style="vertical-align:top;text-align:left;background-color:#ccccff;width:10%"> + <div id="smoothmenu1" class="ddsmoothmenu"> + <ul> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">Core Controls</a> + <ul> + <li><a href="index.php?page=home.php">Home</a></li> + <li> + <a href="./index.php?page=login.php">Login/Register</a> </li> + <li><a href="./index.php?do=toggle-hints&page=show-log.php">Toggle Hints</a></li> <li><a href="./index.php?do=toggle-security&page=show-log.php">Toggle Security</a></li> + <li><a href="set-up-database.php">Setup/Reset the DB</a></li> + <li><a href="./index.php?page=show-log.php">Show Log</a></li> + <li><a href="./index.php?page=credits.php">Credits</a></li> + <li><a href="./index.php?do=toggle-bubble-hints&page=show-log.php">Hide Popup Hints</a></li> + </ul> + </li> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">OWASP Top 10</a> + <ul> + <li> + <a href="">A1 - SQL Injection</a> + <ul> + <li> + <a href="">SQLi - Extract Data</a> + <ul> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">SQLi - Bypass Authentication</a> + <ul> + <li><a href="./index.php?page=login.php">Login</a></li> + </ul> + </li> + <li> + <a href="">SQLi - Insert Injection</a> + <ul> + <li><a href="./index.php?page=register.php">Register</a></li> + </ul> + </li> + <li> + <a href="">Blind SQL via Timing</a> + <ul> + <li><a href="./index.php?page=login.php">Login</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">SQLMAP Practice Target</a> + <ul> + <li><a href="./index.php?page=view-someones-blog.php">View Someones Blog</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">Via JavaScript Object Notation (JSON)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href="">A1 - Other Injection</a> + <ul> + <li> + <a href="">HTML Injection (HTMLi)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + </ul> + </li> + <li> + <a href="">HTMLi via HTTP Headers</a> + <ul> + <li><a href="./index.php?page=site-footer-xss-discussion.php">Site Footer</a><li> + <li><a href="">HTTP Response Splitting (Hint: Difficult)</a></li> + </ul> + </li> + <li> + <a href="">HTMLi Via DOM Injection</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">HTMLi Via Cookie Injection</a> + <ul> + <li><a href="index.php?page=capture-data.php">Capture Data Page</a></li> + </ul> + </li> + <li> + <a href="">Frame Source Injection</a> + <ul> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Injection</a> + <ul> + <li><a href="./index.php">Those "Back" Buttons</a></li> + <li> + <a href="./index.php?page=password-generator.php&username=anonymous"> + Password Generator + </a> + </li> + <li><a href="./index.php?page=browser-info.php">Browser Info</a></li> + </ul> + </li> + <li> + <a href="">HTTP Parameter Pollution</a> + <ul> + <li><a href="./index.php?page=user-poll.php">Poll Question</a></li> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">Cascading Style Injection</a> + <ul> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Object Notation (JSON) Injection</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + <li> + <a href="">Buffer Overflow</a> + <ul> + <li><a href="./index.php?page=repeater.php">Repeater</a></li> + </ul> + </li> + <li> + <a href="">Parameter Addition</a> + <ul> + <li><a href="./index.php?page=repeater.php">Repeater</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href="">A2 - Cross Site Scripting (XSS)</a> + <ul> + <li> + <a href="">Reflected (First Order)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + <li><a href="./index.php?page=html5-storage.php">HTML5 Storage</a></li> + <li><a href="./index.php?page=capture-data.php">Capture Data Page</a></li> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">Persistent (Second Order)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="?page=view-someones-blog.php">View someone's blog</a></li> + <li><a href="?page=show-log.php">Show Log</a><li> + </ul> + </li> + <li> + <a href="">DOM Injection</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Via "Input" (GET/POST)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="?page=view-someones-blog.php">View someone's blog</a></li> + <li><a href="?page=show-log.php">Show Log</a><li> + <li><a href="?page=user-info.php">User Info</a></li> + <li><a href="./index.php">Missing HTTPOnly Attribute</a></li> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + </ul> + </li> + <li> + <a href="">Via HTTP Headers</a> + <ul> + <li><a href="./index.php?page=browser-info.php">Browser Info</a></li> + <li><a href="./index.php?page=show-log.php">Show Log</a><li> + <li><a href="./index.php?page=site-footer-xss-discussion.php">Site Footer</a><li> + <li><a href="./index.php?page=html5-storage.php">Those "BACK" Buttons</a></li> + </ul> + </li> + <li> + <a href="">Via Misconfiguration</a> + <ul> + <li><a href="./index.php">Missing HTTPOnly Attribute</a></li> + </ul> + </li> + <li> + <a href="">Against HTML 5 Storage</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Against JSON</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + </ul> + </li> + <li> + <a href="">Via Cookie Injection</a> + <ul> + <li><a href="index.php?page=capture-data.php">Capture Data Page</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href=""> + A3 - Broken Authentication and Session Management + </a> + <ul> + <li><a href="index.php">Cookies</a></li> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=view-user-privilege-level.php&iv=6bc24fc1ab650b25b4114e93a98f1eba">View User Privileges</a></li> + </ul> + </li> + <li> + <a href="">A4 - Insecure Direct Object References</a> + <ul> + <li><a href="index.php?page=source-viewer.php">Source Viewer</a></li> + <li><a href="index.php?page=credits.php">Credits</a></li> + <li><a href="index.php">Cookies</a></li> + <li><a href="index.php?page=arbitrary-file-inclusion.php">Arbitrary File Inclusion</a></li> + </ul> + </li> + <li> + <a href="">A5 - Cross Site Request Forgery (CSRF)</a> + <ul> + <li><a href="index.php?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="./index.php?page=register.php">Register User</a></li> + </ul> + </li> + <li> + <a href="">A6 - Security Misconfiguration</a> + <ul> + <li><a href="index.php?page=directory-browsing.php">Directory Browsing</a></li> + <li><a href="./index.php?page=user-info.php">Method Tampering (GET for POST)</a></li> + </ul> + </li> + <li> + <a href="">A7 - Insecure Cryptographic Storage</a> + <ul> + <li><a href="index.php?page=user-info.php">User Info</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">A8 - Failure to Restrict URL Access</a> + <ul> + <li><a href="index.php?page=source-viewer.php">Source Viewer</a></li> + <li><a href="index.php?page=secret-administrative-pages.php">"Secret" Administrative Pages</a></li> + <li><a href="index.php?page=robots-txt.php">Robots.txt</a></li> + </ul> + </li> + <li> + <a href="">A9 - Insufficient Transport Layer Protection</a> + <ul> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">A10 - Unvalidated Redirects and Forwards</a> + <ul> + <li><a href="?page=credits.php">Credits</a></li> + <a href="#">Setup/reset the DB (Disabled: Not Admin)</a></li> + + </ul> + </li> + </ul> + </li> + <li style="border-color: #ffffff; border-style: solid;border-width: 1px"> + <a href="#">HTML 5</a> + <ul> + <li> + <a href="">HTML 5 Web Storage</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Object Notation (JSON)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + <li> + <a href="">Asyncronous JavaScript and XML (AJAX)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + </ul> + </li> + <li style="border-color: #ffffff; border-style: solid;border-width: 1px"> + <a href="#">Others</a> + <ul> + <li> + <a href="">OWASP 2007 A3 - Malicious File Execution</a> + <ul> + <li><a href="?page=source-viewer.php">Source Viewer</a></li> + </ul> + </li> + <li> + <a href="">OWASP 2007 A6 - Information Leakage and Improper Error Handling</a> + <ul> + <li><a href="index.php">Cache Control</a></li> + <li><a href="index.php">X-Powered-By HTTP Header</a></li> + <li><a href="index.php">HTML/JavaScript Comments</a></li> + <li><a href="index.php?page=framing.php">Click-Jacking</a></li> + <li><a href="framer.html">Cross-Site Framing (Third-Party Framing)</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Denial of Service</a> + <ul> + <li><a href="?page=show-log.php">Show Web Log</a><li> + </ul> + </li> + <li> + <a href="">JavaScript "Security"</a> + <ul> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=user-info.php">User Info</a></li> + <li><a href="index.php?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="index.php?page=user-agent-impersonation.php">User-Agent Impersonation</a> + </li> + <li> + <a href="">Data Capture Pages</a> + <ul> + <li><a href="index.php?page=capture-data.php">Data Capture</a></li> + <li><a href="index.php?page=captured-data.php">View Captured Data</a></li> + </ul> + </li> + + </ul> + </li> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">Documentation</a> + <ul> + <li><a href="index.php?page=documentation/vulnerabilities.php">Listing of Vulnerabilities</a></li> + </ul> + </li> + </ul> + <br style="clear: left" /> + </div> + + <div class="label" style="text-align: center;">Developed by Adrian "Irongeek" Crenshaw and Jeremy Druin</div> + </td> + +<td valign="top"> + <blockquote> + <!-- Begin Content --> + + +<!-- Bubble hints code --> + +<script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div class="page-title">Log</div> + + + +<script type="text/javascript"> + $(function() { + $('[HTMLEventReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[HTMLEventReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div style="margin: 5px;"> + <span style="font-weight: bold;" HTMLEventReflectedXSSExecutionPoint="1"> + <a onclick="document.location.href='';" + style="cursor:pointer;"> + <img src="./images/back-button-128px-by-128px.png" + alt="Back" + width="64px" + height="64px" + align="middle" + /> + + Back + </a> + </span> +</div> +<table border="1px" width="100%" class="main-table-frame"><tr class="report-header"> <td colspan="10"> <span><img width="32px" height="32px" src="./images/information-icon-64-64.png" style="vertical-align:middle;" />14 log records found<span> <span title="Click to refresh log file" onclick="document.location.reload(true);" style="cursor: pointer;margin-left:35px;margin-right:35px;white-space:nowrap;font-weight:bold;"> <img width="32px" height="32px" src="./images/refresh-button-48px-by-48px.png" style="vertical-align:middle;" /> Refresh Logs </span> <span title="Click to delete log file" onclick="document.location='./index.php?page=show-log.php&deleteLogs=deleteLogs';" style="cursor: pointer;white-space:nowrap;font-weight:bold;"> <img width="32px" height="32px" src="./images/delete-icon-256-256.png" style="vertical-align:middle;" /> Delete Logs </span> </td></tr><tr class="report-header"> + <td style="font-weight:bold;">Hostname</td> + <td style="font-weight:bold;">IP</td> + <td style="font-weight:bold;">Browser Agent</td> + <td style="font-weight:bold;">Page Viewed</td> + <td style="font-weight:bold;">Date/Time</td> + </tr><tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:40:15</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:40:13</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1"><script>console.log(document.cookie)</script></td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:40:10</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:39:52</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1"><script>console.log(1)</script></td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:39:48</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:39:19</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:38:55</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1"><script>/*test*/</script></td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:38:52</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:38:39</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1"><u>test2</u></td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:38:37</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:38:26</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:38:25</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:38:24</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:38:19</td> + </tr> +</table> + <!-- End Content --> + </blockquote> + </td> + </tr> + </table> + + +<!-- Bubble hints code --> + +<script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div ReflectedXSSExecutionPoint=\"1\" class="footer">Browser: <script>globalThis[%22alert%22]</script></div><div class="footer">PHP Version: 5.3.28</div></body> +</html><script type="text/javascript"> + try{ + window.localStorage.setItem("LocalStorageTarget","This is set by the index.php page"); + window.sessionStorage.setItem("SessionStorageTarget","This is set by the index.php page"); + }catch(e){ + alert(e); + }; + </script><script type="text/javascript" src="./javascript/jQuery/jquery-1.7.2.js"></script><script type="text/javascript" src="./javascript/jQuery/jquery.balloon.js"></script>
\ No newline at end of file diff --git a/hw7/index.php@page=show-log.php.12 b/hw7/index.php@page=show-log.php.12 new file mode 100644 index 0000000..85048b1 --- /dev/null +++ b/hw7/index.php@page=show-log.php.12 @@ -0,0 +1,678 @@ + + <!-- I think the database password is set to blank or perhaps samurai. + It depends on whether you installed this web app from irongeeks site or + are using it inside Kevin Johnsons Samurai web testing framework. + It is ok to put the password in HTML comments because no user will ever see + this comment. I remember that security instructor saying we should use the + framework comment symbols (ASP.NET, JAVA, PHP, Etc.) + rather than HTML comments, but we all know those + security instructors are just making all this up. --> +<!-- Bubble hints code --> + +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/1999/REC-html401-19991224/loose.dtd"> +<html> +<head> + <meta content="text/html; charset=us-ascii" http-equiv="content-type"> + + <link rel="shortcut icon" href="favicon.ico" type="image/x-icon" /> + <link rel="stylesheet" type="text/css" href="./styles/global-styles.css" /> + <link rel="stylesheet" type="text/css" href="./styles/ddsmoothmenu/ddsmoothmenu.css" /> + <link rel="stylesheet" type="text/css" href="./styles/ddsmoothmenu/ddsmoothmenu-v.css" /> + + <script type="text/javascript" src="./javascript/bookmark-site.js"></script> + <script type="text/javascript" src="./javascript/ddsmoothmenu/ddsmoothmenu.js"></script> + <script type="text/javascript" src="./javascript/ddsmoothmenu/jquery.min.js"> + /*********************************************** + * Smooth Navigational Menu- (c) Dynamic Drive DHTML code library (www.dynamicdrive.com) + * This notice MUST stay intact for legal use + * Visit Dynamic Drive at http://www.dynamicdrive.com/ for full source code + ***********************************************/ + </script> + <script type="text/javascript"> + ddsmoothmenu.init({ + mainmenuid: "smoothmenu1", //menu DIV id + orientation: 'v', //Horizontal or vertical menu: Set to "h" or "v" + classname: 'ddsmoothmenu', //class added to menu's outer DIV + //customtheme: ["#cccc44", "#cccccc"], + contentsource: "markup" //"markup" or ["container_id", "path_to_menu_file"] + }); + </script> + <script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + $('[CookieTamperingAffectedArea]').attr("title", "Cookies may store system state information"); + $('[CookieTamperingAffectedArea]').balloon(); + }); + </script> +</head> +<body onload="onLoadOfBody(this);"> +<table class="main-table-frame" border="1px" cellspacing="0px" cellpadding="0px"> + <tr> + <td bgcolor="#ccccff" align="center" colspan="7"> + <table width="100%"> + <tr> + <td style="text-align:center;"> + <span style="text-align:center; font-weight: bold; font-size:30px; text-align: center;"> + <img style="vertical-align: middle; margin-right: 10px;" border="0px" width="50px" height="40px" align="top" src="./images/coykillericon.png"/> + NOWASP (Mutillidae): Hack Like You Mean It + </span> + </td> + </tr> + </table> + </td> + </tr> + <tr> + <td bgcolor="#ccccff" align="center" colspan="7"> + <span class="version-header">Version: 2.3.10</span> + <span id="idSecurityLevelHeading" class="version-header" style="margin-left: 40px;">Security Level: 0 (Hosed)</span> + <span id="idHintsStatusHeading" CookieTamperingAffectedArea="1" class="version-header" style="margin-left: 40px;">Hints: Disabled (0 - I try harder)</span> + <span id="idSystemInformationHeading" ReflectedXSSExecutionPoint="1" class="version-header" style="margin-left: 40px;">Not Logged In</span> + </td> + </tr> + <tr> + <td colspan="2" class="header-menu-table"> + <table class="header-menu-table"> + <tr> + <td><a href="index.php?page=home.php">Home</a></td> + <td>|</td> + <td> + <a href="./index.php?page=login.php">Login/Register</a> + </td> + <td>|</td> + <td><a href="./index.php?do=toggle-hints&page=show-log.php">Toggle Hints</a></td><td>|</td> <td><a href="./index.php?do=toggle-security&page=show-log.php">Toggle Security</a></td> + <td>|</td> + <td><a href="set-up-database.php">Reset DB</a></td> + <td>|</td> + <td><a href="./index.php?page=show-log.php">View Log</a></td> + <td>|</td> + <td><a href="./index.php?page=captured-data.php">View Captured Data</a></td> + <td>|</td> + <td><a href="./index.php?do=toggle-bubble-hints&page=show-log.php">Hide Popup Hints</a></td> + </tr> + </table> + </td> + </tr> + <tr> + <td style="vertical-align:top;text-align:left;background-color:#ccccff;width:10%"> + <div id="smoothmenu1" class="ddsmoothmenu"> + <ul> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">Core Controls</a> + <ul> + <li><a href="index.php?page=home.php">Home</a></li> + <li> + <a href="./index.php?page=login.php">Login/Register</a> </li> + <li><a href="./index.php?do=toggle-hints&page=show-log.php">Toggle Hints</a></li> <li><a href="./index.php?do=toggle-security&page=show-log.php">Toggle Security</a></li> + <li><a href="set-up-database.php">Setup/Reset the DB</a></li> + <li><a href="./index.php?page=show-log.php">Show Log</a></li> + <li><a href="./index.php?page=credits.php">Credits</a></li> + <li><a href="./index.php?do=toggle-bubble-hints&page=show-log.php">Hide Popup Hints</a></li> + </ul> + </li> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">OWASP Top 10</a> + <ul> + <li> + <a href="">A1 - SQL Injection</a> + <ul> + <li> + <a href="">SQLi - Extract Data</a> + <ul> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">SQLi - Bypass Authentication</a> + <ul> + <li><a href="./index.php?page=login.php">Login</a></li> + </ul> + </li> + <li> + <a href="">SQLi - Insert Injection</a> + <ul> + <li><a href="./index.php?page=register.php">Register</a></li> + </ul> + </li> + <li> + <a href="">Blind SQL via Timing</a> + <ul> + <li><a href="./index.php?page=login.php">Login</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">SQLMAP Practice Target</a> + <ul> + <li><a href="./index.php?page=view-someones-blog.php">View Someones Blog</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">Via JavaScript Object Notation (JSON)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href="">A1 - Other Injection</a> + <ul> + <li> + <a href="">HTML Injection (HTMLi)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + </ul> + </li> + <li> + <a href="">HTMLi via HTTP Headers</a> + <ul> + <li><a href="./index.php?page=site-footer-xss-discussion.php">Site Footer</a><li> + <li><a href="">HTTP Response Splitting (Hint: Difficult)</a></li> + </ul> + </li> + <li> + <a href="">HTMLi Via DOM Injection</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">HTMLi Via Cookie Injection</a> + <ul> + <li><a href="index.php?page=capture-data.php">Capture Data Page</a></li> + </ul> + </li> + <li> + <a href="">Frame Source Injection</a> + <ul> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Injection</a> + <ul> + <li><a href="./index.php">Those "Back" Buttons</a></li> + <li> + <a href="./index.php?page=password-generator.php&username=anonymous"> + Password Generator + </a> + </li> + <li><a href="./index.php?page=browser-info.php">Browser Info</a></li> + </ul> + </li> + <li> + <a href="">HTTP Parameter Pollution</a> + <ul> + <li><a href="./index.php?page=user-poll.php">Poll Question</a></li> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">Cascading Style Injection</a> + <ul> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Object Notation (JSON) Injection</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + <li> + <a href="">Buffer Overflow</a> + <ul> + <li><a href="./index.php?page=repeater.php">Repeater</a></li> + </ul> + </li> + <li> + <a href="">Parameter Addition</a> + <ul> + <li><a href="./index.php?page=repeater.php">Repeater</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href="">A2 - Cross Site Scripting (XSS)</a> + <ul> + <li> + <a href="">Reflected (First Order)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + <li><a href="./index.php?page=html5-storage.php">HTML5 Storage</a></li> + <li><a href="./index.php?page=capture-data.php">Capture Data Page</a></li> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">Persistent (Second Order)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="?page=view-someones-blog.php">View someone's blog</a></li> + <li><a href="?page=show-log.php">Show Log</a><li> + </ul> + </li> + <li> + <a href="">DOM Injection</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Via "Input" (GET/POST)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="?page=view-someones-blog.php">View someone's blog</a></li> + <li><a href="?page=show-log.php">Show Log</a><li> + <li><a href="?page=user-info.php">User Info</a></li> + <li><a href="./index.php">Missing HTTPOnly Attribute</a></li> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + </ul> + </li> + <li> + <a href="">Via HTTP Headers</a> + <ul> + <li><a href="./index.php?page=browser-info.php">Browser Info</a></li> + <li><a href="./index.php?page=show-log.php">Show Log</a><li> + <li><a href="./index.php?page=site-footer-xss-discussion.php">Site Footer</a><li> + <li><a href="./index.php?page=html5-storage.php">Those "BACK" Buttons</a></li> + </ul> + </li> + <li> + <a href="">Via Misconfiguration</a> + <ul> + <li><a href="./index.php">Missing HTTPOnly Attribute</a></li> + </ul> + </li> + <li> + <a href="">Against HTML 5 Storage</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Against JSON</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + </ul> + </li> + <li> + <a href="">Via Cookie Injection</a> + <ul> + <li><a href="index.php?page=capture-data.php">Capture Data Page</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href=""> + A3 - Broken Authentication and Session Management + </a> + <ul> + <li><a href="index.php">Cookies</a></li> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=view-user-privilege-level.php&iv=6bc24fc1ab650b25b4114e93a98f1eba">View User Privileges</a></li> + </ul> + </li> + <li> + <a href="">A4 - Insecure Direct Object References</a> + <ul> + <li><a href="index.php?page=source-viewer.php">Source Viewer</a></li> + <li><a href="index.php?page=credits.php">Credits</a></li> + <li><a href="index.php">Cookies</a></li> + <li><a href="index.php?page=arbitrary-file-inclusion.php">Arbitrary File Inclusion</a></li> + </ul> + </li> + <li> + <a href="">A5 - Cross Site Request Forgery (CSRF)</a> + <ul> + <li><a href="index.php?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="./index.php?page=register.php">Register User</a></li> + </ul> + </li> + <li> + <a href="">A6 - Security Misconfiguration</a> + <ul> + <li><a href="index.php?page=directory-browsing.php">Directory Browsing</a></li> + <li><a href="./index.php?page=user-info.php">Method Tampering (GET for POST)</a></li> + </ul> + </li> + <li> + <a href="">A7 - Insecure Cryptographic Storage</a> + <ul> + <li><a href="index.php?page=user-info.php">User Info</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">A8 - Failure to Restrict URL Access</a> + <ul> + <li><a href="index.php?page=source-viewer.php">Source Viewer</a></li> + <li><a href="index.php?page=secret-administrative-pages.php">"Secret" Administrative Pages</a></li> + <li><a href="index.php?page=robots-txt.php">Robots.txt</a></li> + </ul> + </li> + <li> + <a href="">A9 - Insufficient Transport Layer Protection</a> + <ul> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">A10 - Unvalidated Redirects and Forwards</a> + <ul> + <li><a href="?page=credits.php">Credits</a></li> + <a href="#">Setup/reset the DB (Disabled: Not Admin)</a></li> + + </ul> + </li> + </ul> + </li> + <li style="border-color: #ffffff; border-style: solid;border-width: 1px"> + <a href="#">HTML 5</a> + <ul> + <li> + <a href="">HTML 5 Web Storage</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Object Notation (JSON)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + <li> + <a href="">Asyncronous JavaScript and XML (AJAX)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + </ul> + </li> + <li style="border-color: #ffffff; border-style: solid;border-width: 1px"> + <a href="#">Others</a> + <ul> + <li> + <a href="">OWASP 2007 A3 - Malicious File Execution</a> + <ul> + <li><a href="?page=source-viewer.php">Source Viewer</a></li> + </ul> + </li> + <li> + <a href="">OWASP 2007 A6 - Information Leakage and Improper Error Handling</a> + <ul> + <li><a href="index.php">Cache Control</a></li> + <li><a href="index.php">X-Powered-By HTTP Header</a></li> + <li><a href="index.php">HTML/JavaScript Comments</a></li> + <li><a href="index.php?page=framing.php">Click-Jacking</a></li> + <li><a href="framer.html">Cross-Site Framing (Third-Party Framing)</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Denial of Service</a> + <ul> + <li><a href="?page=show-log.php">Show Web Log</a><li> + </ul> + </li> + <li> + <a href="">JavaScript "Security"</a> + <ul> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=user-info.php">User Info</a></li> + <li><a href="index.php?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="index.php?page=user-agent-impersonation.php">User-Agent Impersonation</a> + </li> + <li> + <a href="">Data Capture Pages</a> + <ul> + <li><a href="index.php?page=capture-data.php">Data Capture</a></li> + <li><a href="index.php?page=captured-data.php">View Captured Data</a></li> + </ul> + </li> + + </ul> + </li> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">Documentation</a> + <ul> + <li><a href="index.php?page=documentation/vulnerabilities.php">Listing of Vulnerabilities</a></li> + </ul> + </li> + </ul> + <br style="clear: left" /> + </div> + + <div class="label" style="text-align: center;">Developed by Adrian "Irongeek" Crenshaw and Jeremy Druin</div> + </td> + +<td valign="top"> + <blockquote> + <!-- Begin Content --> + + +<!-- Bubble hints code --> + +<script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div class="page-title">Log</div> + + + +<script type="text/javascript"> + $(function() { + $('[HTMLEventReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[HTMLEventReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div style="margin: 5px;"> + <span style="font-weight: bold;" HTMLEventReflectedXSSExecutionPoint="1"> + <a onclick="document.location.href='';" + style="cursor:pointer;"> + <img src="./images/back-button-128px-by-128px.png" + alt="Back" + width="64px" + height="64px" + align="middle" + /> + + Back + </a> + </span> +</div> +<table border="1px" width="100%" class="main-table-frame"><tr class="report-header"> <td colspan="10"> <span><img width="32px" height="32px" src="./images/information-icon-64-64.png" style="vertical-align:middle;" />16 log records found<span> <span title="Click to refresh log file" onclick="document.location.reload(true);" style="cursor: pointer;margin-left:35px;margin-right:35px;white-space:nowrap;font-weight:bold;"> <img width="32px" height="32px" src="./images/refresh-button-48px-by-48px.png" style="vertical-align:middle;" /> Refresh Logs </span> <span title="Click to delete log file" onclick="document.location='./index.php?page=show-log.php&deleteLogs=deleteLogs';" style="cursor: pointer;white-space:nowrap;font-weight:bold;"> <img width="32px" height="32px" src="./images/delete-icon-256-256.png" style="vertical-align:middle;" /> Delete Logs </span> </td></tr><tr class="report-header"> + <td style="font-weight:bold;">Hostname</td> + <td style="font-weight:bold;">IP</td> + <td style="font-weight:bold;">Browser Agent</td> + <td style="font-weight:bold;">Page Viewed</td> + <td style="font-weight:bold;">Date/Time</td> + </tr><tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:45:31</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1"><script>globalThis[%22alert%22]</script></td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:45:27</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:40:15</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:40:13</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1"><script>console.log(document.cookie)</script></td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:40:10</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:39:52</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1"><script>console.log(1)</script></td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:39:48</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:39:19</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:38:55</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1"><script>/*test*/</script></td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:38:52</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:38:39</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1"><u>test2</u></td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:38:37</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:38:26</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:38:25</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:38:24</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:38:19</td> + </tr> +</table> + <!-- End Content --> + </blockquote> + </td> + </tr> + </table> + + +<!-- Bubble hints code --> + +<script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div ReflectedXSSExecutionPoint=\"1\" class="footer">Browser: <script>globalThis['alert']</script></div><div class="footer">PHP Version: 5.3.28</div></body> +</html><table> + <tr><td colspan="2"> </td></tr> + <tr> + <td colspan="2" class="error-header">Error: Failure is always an option and this situation proves it</td> + </tr> + <tr> + <td class="error-label">Line</td><td class="error-detail">101</td> + </tr> + <tr> + <td class="error-label">Code</td><td class="error-detail">0</td> + </tr> + <tr> + <td class="error-label">File</td><td class="error-detail">C:\inetpub\wwwroot\coliseum\sandboxes\117238-101163\BODY\inner\classes\LogHandler.php</td> + </tr> + <tr> + <td class="error-label">Message</td><td class="error-detail">Error attempting to write to log table: C:\inetpub\wwwroot\coliseum\sandboxes\117238-101163\BODY\inner\classes\MySQLHandler.php on line 249: Error executing query: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'alert']</script>', 'User visited: show-log.php', now() )' at line 1 () (0) [Exception] <br /> +</td> + </tr> + <tr> + <td class="error-label">Trace</td><td class="error-detail">#0 C:\inetpub\wwwroot\coliseum\sandboxes\117238-101163\BODY\inner\includes\log-visit.php(17): LogHandler->writeToLog('User visited: s...') +#1 C:\inetpub\wwwroot\coliseum\sandboxes\117238-101163\BODY\inner\index.php(603): require_once('C:\inetpub\wwwr...') +#2 {main}</td> + </tr> + <tr> + <td class="error-label">Diagnotic Information</td><td class="error-detail"></td> + </tr> + <tr> + <td colspan="2" class="error-header" style="text-align: center;">Did you <a href="set-up-database.php">setup/reset the DB</a>?</td> + </tr> + <tr><td colspan="2"> </td></tr> + </table><script type="text/javascript"> + try{ + window.localStorage.setItem("LocalStorageTarget","This is set by the index.php page"); + window.sessionStorage.setItem("SessionStorageTarget","This is set by the index.php page"); + }catch(e){ + alert(e); + }; + </script><script type="text/javascript" src="./javascript/jQuery/jquery-1.7.2.js"></script><script type="text/javascript" src="./javascript/jQuery/jquery.balloon.js"></script>
\ No newline at end of file diff --git a/hw7/index.php@page=show-log.php.13 b/hw7/index.php@page=show-log.php.13 new file mode 100644 index 0000000..39246f9 --- /dev/null +++ b/hw7/index.php@page=show-log.php.13 @@ -0,0 +1,594 @@ + + <!-- I think the database password is set to blank or perhaps samurai. + It depends on whether you installed this web app from irongeeks site or + are using it inside Kevin Johnsons Samurai web testing framework. + It is ok to put the password in HTML comments because no user will ever see + this comment. I remember that security instructor saying we should use the + framework comment symbols (ASP.NET, JAVA, PHP, Etc.) + rather than HTML comments, but we all know those + security instructors are just making all this up. --> +<!-- Bubble hints code --> + +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/1999/REC-html401-19991224/loose.dtd"> +<html> +<head> + <meta content="text/html; charset=us-ascii" http-equiv="content-type"> + + <link rel="shortcut icon" href="favicon.ico" type="image/x-icon" /> + <link rel="stylesheet" type="text/css" href="./styles/global-styles.css" /> + <link rel="stylesheet" type="text/css" href="./styles/ddsmoothmenu/ddsmoothmenu.css" /> + <link rel="stylesheet" type="text/css" href="./styles/ddsmoothmenu/ddsmoothmenu-v.css" /> + + <script type="text/javascript" src="./javascript/bookmark-site.js"></script> + <script type="text/javascript" src="./javascript/ddsmoothmenu/ddsmoothmenu.js"></script> + <script type="text/javascript" src="./javascript/ddsmoothmenu/jquery.min.js"> + /*********************************************** + * Smooth Navigational Menu- (c) Dynamic Drive DHTML code library (www.dynamicdrive.com) + * This notice MUST stay intact for legal use + * Visit Dynamic Drive at http://www.dynamicdrive.com/ for full source code + ***********************************************/ + </script> + <script type="text/javascript"> + ddsmoothmenu.init({ + mainmenuid: "smoothmenu1", //menu DIV id + orientation: 'v', //Horizontal or vertical menu: Set to "h" or "v" + classname: 'ddsmoothmenu', //class added to menu's outer DIV + //customtheme: ["#cccc44", "#cccccc"], + contentsource: "markup" //"markup" or ["container_id", "path_to_menu_file"] + }); + </script> + <script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + $('[CookieTamperingAffectedArea]').attr("title", "Cookies may store system state information"); + $('[CookieTamperingAffectedArea]').balloon(); + }); + </script> +</head> +<body onload="onLoadOfBody(this);"> +<table class="main-table-frame" border="1px" cellspacing="0px" cellpadding="0px"> + <tr> + <td bgcolor="#ccccff" align="center" colspan="7"> + <table width="100%"> + <tr> + <td style="text-align:center;"> + <span style="text-align:center; font-weight: bold; font-size:30px; text-align: center;"> + <img style="vertical-align: middle; margin-right: 10px;" border="0px" width="50px" height="40px" align="top" src="./images/coykillericon.png"/> + NOWASP (Mutillidae): Hack Like You Mean It + </span> + </td> + </tr> + </table> + </td> + </tr> + <tr> + <td bgcolor="#ccccff" align="center" colspan="7"> + <span class="version-header">Version: 2.3.10</span> + <span id="idSecurityLevelHeading" class="version-header" style="margin-left: 40px;">Security Level: 0 (Hosed)</span> + <span id="idHintsStatusHeading" CookieTamperingAffectedArea="1" class="version-header" style="margin-left: 40px;">Hints: Disabled (0 - I try harder)</span> + <span id="idSystemInformationHeading" ReflectedXSSExecutionPoint="1" class="version-header" style="margin-left: 40px;">Not Logged In</span> + </td> + </tr> + <tr> + <td colspan="2" class="header-menu-table"> + <table class="header-menu-table"> + <tr> + <td><a href="index.php?page=home.php">Home</a></td> + <td>|</td> + <td> + <a href="./index.php?page=login.php">Login/Register</a> + </td> + <td>|</td> + <td><a href="./index.php?do=toggle-hints&page=show-log.php">Toggle Hints</a></td><td>|</td> <td><a href="./index.php?do=toggle-security&page=show-log.php">Toggle Security</a></td> + <td>|</td> + <td><a href="set-up-database.php">Reset DB</a></td> + <td>|</td> + <td><a href="./index.php?page=show-log.php">View Log</a></td> + <td>|</td> + <td><a href="./index.php?page=captured-data.php">View Captured Data</a></td> + <td>|</td> + <td><a href="./index.php?do=toggle-bubble-hints&page=show-log.php">Hide Popup Hints</a></td> + </tr> + </table> + </td> + </tr> + <tr> + <td style="vertical-align:top;text-align:left;background-color:#ccccff;width:10%"> + <div id="smoothmenu1" class="ddsmoothmenu"> + <ul> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">Core Controls</a> + <ul> + <li><a href="index.php?page=home.php">Home</a></li> + <li> + <a href="./index.php?page=login.php">Login/Register</a> </li> + <li><a href="./index.php?do=toggle-hints&page=show-log.php">Toggle Hints</a></li> <li><a href="./index.php?do=toggle-security&page=show-log.php">Toggle Security</a></li> + <li><a href="set-up-database.php">Setup/Reset the DB</a></li> + <li><a href="./index.php?page=show-log.php">Show Log</a></li> + <li><a href="./index.php?page=credits.php">Credits</a></li> + <li><a href="./index.php?do=toggle-bubble-hints&page=show-log.php">Hide Popup Hints</a></li> + </ul> + </li> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">OWASP Top 10</a> + <ul> + <li> + <a href="">A1 - SQL Injection</a> + <ul> + <li> + <a href="">SQLi - Extract Data</a> + <ul> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">SQLi - Bypass Authentication</a> + <ul> + <li><a href="./index.php?page=login.php">Login</a></li> + </ul> + </li> + <li> + <a href="">SQLi - Insert Injection</a> + <ul> + <li><a href="./index.php?page=register.php">Register</a></li> + </ul> + </li> + <li> + <a href="">Blind SQL via Timing</a> + <ul> + <li><a href="./index.php?page=login.php">Login</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">SQLMAP Practice Target</a> + <ul> + <li><a href="./index.php?page=view-someones-blog.php">View Someones Blog</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">Via JavaScript Object Notation (JSON)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href="">A1 - Other Injection</a> + <ul> + <li> + <a href="">HTML Injection (HTMLi)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + </ul> + </li> + <li> + <a href="">HTMLi via HTTP Headers</a> + <ul> + <li><a href="./index.php?page=site-footer-xss-discussion.php">Site Footer</a><li> + <li><a href="">HTTP Response Splitting (Hint: Difficult)</a></li> + </ul> + </li> + <li> + <a href="">HTMLi Via DOM Injection</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">HTMLi Via Cookie Injection</a> + <ul> + <li><a href="index.php?page=capture-data.php">Capture Data Page</a></li> + </ul> + </li> + <li> + <a href="">Frame Source Injection</a> + <ul> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Injection</a> + <ul> + <li><a href="./index.php">Those "Back" Buttons</a></li> + <li> + <a href="./index.php?page=password-generator.php&username=anonymous"> + Password Generator + </a> + </li> + <li><a href="./index.php?page=browser-info.php">Browser Info</a></li> + </ul> + </li> + <li> + <a href="">HTTP Parameter Pollution</a> + <ul> + <li><a href="./index.php?page=user-poll.php">Poll Question</a></li> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">Cascading Style Injection</a> + <ul> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Object Notation (JSON) Injection</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + <li> + <a href="">Buffer Overflow</a> + <ul> + <li><a href="./index.php?page=repeater.php">Repeater</a></li> + </ul> + </li> + <li> + <a href="">Parameter Addition</a> + <ul> + <li><a href="./index.php?page=repeater.php">Repeater</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href="">A2 - Cross Site Scripting (XSS)</a> + <ul> + <li> + <a href="">Reflected (First Order)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + <li><a href="./index.php?page=html5-storage.php">HTML5 Storage</a></li> + <li><a href="./index.php?page=capture-data.php">Capture Data Page</a></li> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">Persistent (Second Order)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="?page=view-someones-blog.php">View someone's blog</a></li> + <li><a href="?page=show-log.php">Show Log</a><li> + </ul> + </li> + <li> + <a href="">DOM Injection</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Via "Input" (GET/POST)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="?page=view-someones-blog.php">View someone's blog</a></li> + <li><a href="?page=show-log.php">Show Log</a><li> + <li><a href="?page=user-info.php">User Info</a></li> + <li><a href="./index.php">Missing HTTPOnly Attribute</a></li> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + </ul> + </li> + <li> + <a href="">Via HTTP Headers</a> + <ul> + <li><a href="./index.php?page=browser-info.php">Browser Info</a></li> + <li><a href="./index.php?page=show-log.php">Show Log</a><li> + <li><a href="./index.php?page=site-footer-xss-discussion.php">Site Footer</a><li> + <li><a href="./index.php?page=html5-storage.php">Those "BACK" Buttons</a></li> + </ul> + </li> + <li> + <a href="">Via Misconfiguration</a> + <ul> + <li><a href="./index.php">Missing HTTPOnly Attribute</a></li> + </ul> + </li> + <li> + <a href="">Against HTML 5 Storage</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Against JSON</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + </ul> + </li> + <li> + <a href="">Via Cookie Injection</a> + <ul> + <li><a href="index.php?page=capture-data.php">Capture Data Page</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href=""> + A3 - Broken Authentication and Session Management + </a> + <ul> + <li><a href="index.php">Cookies</a></li> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=view-user-privilege-level.php&iv=6bc24fc1ab650b25b4114e93a98f1eba">View User Privileges</a></li> + </ul> + </li> + <li> + <a href="">A4 - Insecure Direct Object References</a> + <ul> + <li><a href="index.php?page=source-viewer.php">Source Viewer</a></li> + <li><a href="index.php?page=credits.php">Credits</a></li> + <li><a href="index.php">Cookies</a></li> + <li><a href="index.php?page=arbitrary-file-inclusion.php">Arbitrary File Inclusion</a></li> + </ul> + </li> + <li> + <a href="">A5 - Cross Site Request Forgery (CSRF)</a> + <ul> + <li><a href="index.php?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="./index.php?page=register.php">Register User</a></li> + </ul> + </li> + <li> + <a href="">A6 - Security Misconfiguration</a> + <ul> + <li><a href="index.php?page=directory-browsing.php">Directory Browsing</a></li> + <li><a href="./index.php?page=user-info.php">Method Tampering (GET for POST)</a></li> + </ul> + </li> + <li> + <a href="">A7 - Insecure Cryptographic Storage</a> + <ul> + <li><a href="index.php?page=user-info.php">User Info</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">A8 - Failure to Restrict URL Access</a> + <ul> + <li><a href="index.php?page=source-viewer.php">Source Viewer</a></li> + <li><a href="index.php?page=secret-administrative-pages.php">"Secret" Administrative Pages</a></li> + <li><a href="index.php?page=robots-txt.php">Robots.txt</a></li> + </ul> + </li> + <li> + <a href="">A9 - Insufficient Transport Layer Protection</a> + <ul> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">A10 - Unvalidated Redirects and Forwards</a> + <ul> + <li><a href="?page=credits.php">Credits</a></li> + <a href="#">Setup/reset the DB (Disabled: Not Admin)</a></li> + + </ul> + </li> + </ul> + </li> + <li style="border-color: #ffffff; border-style: solid;border-width: 1px"> + <a href="#">HTML 5</a> + <ul> + <li> + <a href="">HTML 5 Web Storage</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Object Notation (JSON)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + <li> + <a href="">Asyncronous JavaScript and XML (AJAX)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + </ul> + </li> + <li style="border-color: #ffffff; border-style: solid;border-width: 1px"> + <a href="#">Others</a> + <ul> + <li> + <a href="">OWASP 2007 A3 - Malicious File Execution</a> + <ul> + <li><a href="?page=source-viewer.php">Source Viewer</a></li> + </ul> + </li> + <li> + <a href="">OWASP 2007 A6 - Information Leakage and Improper Error Handling</a> + <ul> + <li><a href="index.php">Cache Control</a></li> + <li><a href="index.php">X-Powered-By HTTP Header</a></li> + <li><a href="index.php">HTML/JavaScript Comments</a></li> + <li><a href="index.php?page=framing.php">Click-Jacking</a></li> + <li><a href="framer.html">Cross-Site Framing (Third-Party Framing)</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Denial of Service</a> + <ul> + <li><a href="?page=show-log.php">Show Web Log</a><li> + </ul> + </li> + <li> + <a href="">JavaScript "Security"</a> + <ul> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=user-info.php">User Info</a></li> + <li><a href="index.php?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="index.php?page=user-agent-impersonation.php">User-Agent Impersonation</a> + </li> + <li> + <a href="">Data Capture Pages</a> + <ul> + <li><a href="index.php?page=capture-data.php">Data Capture</a></li> + <li><a href="index.php?page=captured-data.php">View Captured Data</a></li> + </ul> + </li> + + </ul> + </li> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">Documentation</a> + <ul> + <li><a href="index.php?page=documentation/vulnerabilities.php">Listing of Vulnerabilities</a></li> + </ul> + </li> + </ul> + <br style="clear: left" /> + </div> + + <div class="label" style="text-align: center;">Developed by Adrian "Irongeek" Crenshaw and Jeremy Druin</div> + </td> + +<td valign="top"> + <blockquote> + <!-- Begin Content --> + + +<!-- Bubble hints code --> + +<script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div class="page-title">Log</div> + + + +<script type="text/javascript"> + $(function() { + $('[HTMLEventReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[HTMLEventReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div style="margin: 5px;"> + <span style="font-weight: bold;" HTMLEventReflectedXSSExecutionPoint="1"> + <a onclick="document.location.href='';" + style="cursor:pointer;"> + <img src="./images/back-button-128px-by-128px.png" + alt="Back" + width="64px" + height="64px" + align="middle" + /> + + Back + </a> + </span> +</div> +<table border="1px" width="100%" class="main-table-frame"><tr class="report-header"> <td colspan="10"> <span><img width="32px" height="32px" src="./images/information-icon-64-64.png" style="vertical-align:middle;" />4 log records found<span> <span title="Click to refresh log file" onclick="document.location.reload(true);" style="cursor: pointer;margin-left:35px;margin-right:35px;white-space:nowrap;font-weight:bold;"> <img width="32px" height="32px" src="./images/refresh-button-48px-by-48px.png" style="vertical-align:middle;" /> Refresh Logs </span> <span title="Click to delete log file" onclick="document.location='./index.php?page=show-log.php&deleteLogs=deleteLogs';" style="cursor: pointer;white-space:nowrap;font-weight:bold;"> <img width="32px" height="32px" src="./images/delete-icon-256-256.png" style="vertical-align:middle;" /> Delete Logs </span> </td></tr><tr class="report-header"> + <td style="font-weight:bold;">Hostname</td> + <td style="font-weight:bold;">IP</td> + <td style="font-weight:bold;">Browser Agent</td> + <td style="font-weight:bold;">Page Viewed</td> + <td style="font-weight:bold;">Date/Time</td> + </tr><tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:46:29</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:46:28</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:46:25</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:46:21</td> + </tr> +</table> + <!-- End Content --> + </blockquote> + </td> + </tr> + </table> + + +<!-- Bubble hints code --> + +<script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div ReflectedXSSExecutionPoint=\"1\" class="footer">Browser: <script>globalThis['alert']</script></div><div class="footer">PHP Version: 5.3.28</div></body> +</html><table> + <tr><td colspan="2"> </td></tr> + <tr> + <td colspan="2" class="error-header">Error: Failure is always an option and this situation proves it</td> + </tr> + <tr> + <td class="error-label">Line</td><td class="error-detail">101</td> + </tr> + <tr> + <td class="error-label">Code</td><td class="error-detail">0</td> + </tr> + <tr> + <td class="error-label">File</td><td class="error-detail">C:\inetpub\wwwroot\coliseum\sandboxes\117238-101163\BODY\inner\classes\LogHandler.php</td> + </tr> + <tr> + <td class="error-label">Message</td><td class="error-detail">Error attempting to write to log table: C:\inetpub\wwwroot\coliseum\sandboxes\117238-101163\BODY\inner\classes\MySQLHandler.php on line 249: Error executing query: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'alert']</script>', 'User visited: show-log.php', now() )' at line 1 () (0) [Exception] <br /> +</td> + </tr> + <tr> + <td class="error-label">Trace</td><td class="error-detail">#0 C:\inetpub\wwwroot\coliseum\sandboxes\117238-101163\BODY\inner\includes\log-visit.php(17): LogHandler->writeToLog('User visited: s...') +#1 C:\inetpub\wwwroot\coliseum\sandboxes\117238-101163\BODY\inner\index.php(603): require_once('C:\inetpub\wwwr...') +#2 {main}</td> + </tr> + <tr> + <td class="error-label">Diagnotic Information</td><td class="error-detail"></td> + </tr> + <tr> + <td colspan="2" class="error-header" style="text-align: center;">Did you <a href="set-up-database.php">setup/reset the DB</a>?</td> + </tr> + <tr><td colspan="2"> </td></tr> + </table><script type="text/javascript"> + try{ + window.localStorage.setItem("LocalStorageTarget","This is set by the index.php page"); + window.sessionStorage.setItem("SessionStorageTarget","This is set by the index.php page"); + }catch(e){ + alert(e); + }; + </script><script type="text/javascript" src="./javascript/jQuery/jquery-1.7.2.js"></script><script type="text/javascript" src="./javascript/jQuery/jquery.balloon.js"></script>
\ No newline at end of file diff --git a/hw7/index.php@page=show-log.php.14 b/hw7/index.php@page=show-log.php.14 new file mode 100644 index 0000000..84dd4f8 --- /dev/null +++ b/hw7/index.php@page=show-log.php.14 @@ -0,0 +1,601 @@ + + <!-- I think the database password is set to blank or perhaps samurai. + It depends on whether you installed this web app from irongeeks site or + are using it inside Kevin Johnsons Samurai web testing framework. + It is ok to put the password in HTML comments because no user will ever see + this comment. I remember that security instructor saying we should use the + framework comment symbols (ASP.NET, JAVA, PHP, Etc.) + rather than HTML comments, but we all know those + security instructors are just making all this up. --> +<!-- Bubble hints code --> + +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/1999/REC-html401-19991224/loose.dtd"> +<html> +<head> + <meta content="text/html; charset=us-ascii" http-equiv="content-type"> + + <link rel="shortcut icon" href="favicon.ico" type="image/x-icon" /> + <link rel="stylesheet" type="text/css" href="./styles/global-styles.css" /> + <link rel="stylesheet" type="text/css" href="./styles/ddsmoothmenu/ddsmoothmenu.css" /> + <link rel="stylesheet" type="text/css" href="./styles/ddsmoothmenu/ddsmoothmenu-v.css" /> + + <script type="text/javascript" src="./javascript/bookmark-site.js"></script> + <script type="text/javascript" src="./javascript/ddsmoothmenu/ddsmoothmenu.js"></script> + <script type="text/javascript" src="./javascript/ddsmoothmenu/jquery.min.js"> + /*********************************************** + * Smooth Navigational Menu- (c) Dynamic Drive DHTML code library (www.dynamicdrive.com) + * This notice MUST stay intact for legal use + * Visit Dynamic Drive at http://www.dynamicdrive.com/ for full source code + ***********************************************/ + </script> + <script type="text/javascript"> + ddsmoothmenu.init({ + mainmenuid: "smoothmenu1", //menu DIV id + orientation: 'v', //Horizontal or vertical menu: Set to "h" or "v" + classname: 'ddsmoothmenu', //class added to menu's outer DIV + //customtheme: ["#cccc44", "#cccccc"], + contentsource: "markup" //"markup" or ["container_id", "path_to_menu_file"] + }); + </script> + <script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + $('[CookieTamperingAffectedArea]').attr("title", "Cookies may store system state information"); + $('[CookieTamperingAffectedArea]').balloon(); + }); + </script> +</head> +<body onload="onLoadOfBody(this);"> +<table class="main-table-frame" border="1px" cellspacing="0px" cellpadding="0px"> + <tr> + <td bgcolor="#ccccff" align="center" colspan="7"> + <table width="100%"> + <tr> + <td style="text-align:center;"> + <span style="text-align:center; font-weight: bold; font-size:30px; text-align: center;"> + <img style="vertical-align: middle; margin-right: 10px;" border="0px" width="50px" height="40px" align="top" src="./images/coykillericon.png"/> + NOWASP (Mutillidae): Hack Like You Mean It + </span> + </td> + </tr> + </table> + </td> + </tr> + <tr> + <td bgcolor="#ccccff" align="center" colspan="7"> + <span class="version-header">Version: 2.3.10</span> + <span id="idSecurityLevelHeading" class="version-header" style="margin-left: 40px;">Security Level: 0 (Hosed)</span> + <span id="idHintsStatusHeading" CookieTamperingAffectedArea="1" class="version-header" style="margin-left: 40px;">Hints: Disabled (0 - I try harder)</span> + <span id="idSystemInformationHeading" ReflectedXSSExecutionPoint="1" class="version-header" style="margin-left: 40px;">Not Logged In</span> + </td> + </tr> + <tr> + <td colspan="2" class="header-menu-table"> + <table class="header-menu-table"> + <tr> + <td><a href="index.php?page=home.php">Home</a></td> + <td>|</td> + <td> + <a href="./index.php?page=login.php">Login/Register</a> + </td> + <td>|</td> + <td><a href="./index.php?do=toggle-hints&page=show-log.php">Toggle Hints</a></td><td>|</td> <td><a href="./index.php?do=toggle-security&page=show-log.php">Toggle Security</a></td> + <td>|</td> + <td><a href="set-up-database.php">Reset DB</a></td> + <td>|</td> + <td><a href="./index.php?page=show-log.php">View Log</a></td> + <td>|</td> + <td><a href="./index.php?page=captured-data.php">View Captured Data</a></td> + <td>|</td> + <td><a href="./index.php?do=toggle-bubble-hints&page=show-log.php">Hide Popup Hints</a></td> + </tr> + </table> + </td> + </tr> + <tr> + <td style="vertical-align:top;text-align:left;background-color:#ccccff;width:10%"> + <div id="smoothmenu1" class="ddsmoothmenu"> + <ul> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">Core Controls</a> + <ul> + <li><a href="index.php?page=home.php">Home</a></li> + <li> + <a href="./index.php?page=login.php">Login/Register</a> </li> + <li><a href="./index.php?do=toggle-hints&page=show-log.php">Toggle Hints</a></li> <li><a href="./index.php?do=toggle-security&page=show-log.php">Toggle Security</a></li> + <li><a href="set-up-database.php">Setup/Reset the DB</a></li> + <li><a href="./index.php?page=show-log.php">Show Log</a></li> + <li><a href="./index.php?page=credits.php">Credits</a></li> + <li><a href="./index.php?do=toggle-bubble-hints&page=show-log.php">Hide Popup Hints</a></li> + </ul> + </li> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">OWASP Top 10</a> + <ul> + <li> + <a href="">A1 - SQL Injection</a> + <ul> + <li> + <a href="">SQLi - Extract Data</a> + <ul> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">SQLi - Bypass Authentication</a> + <ul> + <li><a href="./index.php?page=login.php">Login</a></li> + </ul> + </li> + <li> + <a href="">SQLi - Insert Injection</a> + <ul> + <li><a href="./index.php?page=register.php">Register</a></li> + </ul> + </li> + <li> + <a href="">Blind SQL via Timing</a> + <ul> + <li><a href="./index.php?page=login.php">Login</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">SQLMAP Practice Target</a> + <ul> + <li><a href="./index.php?page=view-someones-blog.php">View Someones Blog</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">Via JavaScript Object Notation (JSON)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href="">A1 - Other Injection</a> + <ul> + <li> + <a href="">HTML Injection (HTMLi)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + </ul> + </li> + <li> + <a href="">HTMLi via HTTP Headers</a> + <ul> + <li><a href="./index.php?page=site-footer-xss-discussion.php">Site Footer</a><li> + <li><a href="">HTTP Response Splitting (Hint: Difficult)</a></li> + </ul> + </li> + <li> + <a href="">HTMLi Via DOM Injection</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">HTMLi Via Cookie Injection</a> + <ul> + <li><a href="index.php?page=capture-data.php">Capture Data Page</a></li> + </ul> + </li> + <li> + <a href="">Frame Source Injection</a> + <ul> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Injection</a> + <ul> + <li><a href="./index.php">Those "Back" Buttons</a></li> + <li> + <a href="./index.php?page=password-generator.php&username=anonymous"> + Password Generator + </a> + </li> + <li><a href="./index.php?page=browser-info.php">Browser Info</a></li> + </ul> + </li> + <li> + <a href="">HTTP Parameter Pollution</a> + <ul> + <li><a href="./index.php?page=user-poll.php">Poll Question</a></li> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">Cascading Style Injection</a> + <ul> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Object Notation (JSON) Injection</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + <li> + <a href="">Buffer Overflow</a> + <ul> + <li><a href="./index.php?page=repeater.php">Repeater</a></li> + </ul> + </li> + <li> + <a href="">Parameter Addition</a> + <ul> + <li><a href="./index.php?page=repeater.php">Repeater</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href="">A2 - Cross Site Scripting (XSS)</a> + <ul> + <li> + <a href="">Reflected (First Order)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + <li><a href="./index.php?page=html5-storage.php">HTML5 Storage</a></li> + <li><a href="./index.php?page=capture-data.php">Capture Data Page</a></li> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">Persistent (Second Order)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="?page=view-someones-blog.php">View someone's blog</a></li> + <li><a href="?page=show-log.php">Show Log</a><li> + </ul> + </li> + <li> + <a href="">DOM Injection</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Via "Input" (GET/POST)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="?page=view-someones-blog.php">View someone's blog</a></li> + <li><a href="?page=show-log.php">Show Log</a><li> + <li><a href="?page=user-info.php">User Info</a></li> + <li><a href="./index.php">Missing HTTPOnly Attribute</a></li> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + </ul> + </li> + <li> + <a href="">Via HTTP Headers</a> + <ul> + <li><a href="./index.php?page=browser-info.php">Browser Info</a></li> + <li><a href="./index.php?page=show-log.php">Show Log</a><li> + <li><a href="./index.php?page=site-footer-xss-discussion.php">Site Footer</a><li> + <li><a href="./index.php?page=html5-storage.php">Those "BACK" Buttons</a></li> + </ul> + </li> + <li> + <a href="">Via Misconfiguration</a> + <ul> + <li><a href="./index.php">Missing HTTPOnly Attribute</a></li> + </ul> + </li> + <li> + <a href="">Against HTML 5 Storage</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Against JSON</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + </ul> + </li> + <li> + <a href="">Via Cookie Injection</a> + <ul> + <li><a href="index.php?page=capture-data.php">Capture Data Page</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href=""> + A3 - Broken Authentication and Session Management + </a> + <ul> + <li><a href="index.php">Cookies</a></li> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=view-user-privilege-level.php&iv=6bc24fc1ab650b25b4114e93a98f1eba">View User Privileges</a></li> + </ul> + </li> + <li> + <a href="">A4 - Insecure Direct Object References</a> + <ul> + <li><a href="index.php?page=source-viewer.php">Source Viewer</a></li> + <li><a href="index.php?page=credits.php">Credits</a></li> + <li><a href="index.php">Cookies</a></li> + <li><a href="index.php?page=arbitrary-file-inclusion.php">Arbitrary File Inclusion</a></li> + </ul> + </li> + <li> + <a href="">A5 - Cross Site Request Forgery (CSRF)</a> + <ul> + <li><a href="index.php?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="./index.php?page=register.php">Register User</a></li> + </ul> + </li> + <li> + <a href="">A6 - Security Misconfiguration</a> + <ul> + <li><a href="index.php?page=directory-browsing.php">Directory Browsing</a></li> + <li><a href="./index.php?page=user-info.php">Method Tampering (GET for POST)</a></li> + </ul> + </li> + <li> + <a href="">A7 - Insecure Cryptographic Storage</a> + <ul> + <li><a href="index.php?page=user-info.php">User Info</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">A8 - Failure to Restrict URL Access</a> + <ul> + <li><a href="index.php?page=source-viewer.php">Source Viewer</a></li> + <li><a href="index.php?page=secret-administrative-pages.php">"Secret" Administrative Pages</a></li> + <li><a href="index.php?page=robots-txt.php">Robots.txt</a></li> + </ul> + </li> + <li> + <a href="">A9 - Insufficient Transport Layer Protection</a> + <ul> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">A10 - Unvalidated Redirects and Forwards</a> + <ul> + <li><a href="?page=credits.php">Credits</a></li> + <a href="#">Setup/reset the DB (Disabled: Not Admin)</a></li> + + </ul> + </li> + </ul> + </li> + <li style="border-color: #ffffff; border-style: solid;border-width: 1px"> + <a href="#">HTML 5</a> + <ul> + <li> + <a href="">HTML 5 Web Storage</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Object Notation (JSON)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + <li> + <a href="">Asyncronous JavaScript and XML (AJAX)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + </ul> + </li> + <li style="border-color: #ffffff; border-style: solid;border-width: 1px"> + <a href="#">Others</a> + <ul> + <li> + <a href="">OWASP 2007 A3 - Malicious File Execution</a> + <ul> + <li><a href="?page=source-viewer.php">Source Viewer</a></li> + </ul> + </li> + <li> + <a href="">OWASP 2007 A6 - Information Leakage and Improper Error Handling</a> + <ul> + <li><a href="index.php">Cache Control</a></li> + <li><a href="index.php">X-Powered-By HTTP Header</a></li> + <li><a href="index.php">HTML/JavaScript Comments</a></li> + <li><a href="index.php?page=framing.php">Click-Jacking</a></li> + <li><a href="framer.html">Cross-Site Framing (Third-Party Framing)</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Denial of Service</a> + <ul> + <li><a href="?page=show-log.php">Show Web Log</a><li> + </ul> + </li> + <li> + <a href="">JavaScript "Security"</a> + <ul> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=user-info.php">User Info</a></li> + <li><a href="index.php?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="index.php?page=user-agent-impersonation.php">User-Agent Impersonation</a> + </li> + <li> + <a href="">Data Capture Pages</a> + <ul> + <li><a href="index.php?page=capture-data.php">Data Capture</a></li> + <li><a href="index.php?page=captured-data.php">View Captured Data</a></li> + </ul> + </li> + + </ul> + </li> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">Documentation</a> + <ul> + <li><a href="index.php?page=documentation/vulnerabilities.php">Listing of Vulnerabilities</a></li> + </ul> + </li> + </ul> + <br style="clear: left" /> + </div> + + <div class="label" style="text-align: center;">Developed by Adrian "Irongeek" Crenshaw and Jeremy Druin</div> + </td> + +<td valign="top"> + <blockquote> + <!-- Begin Content --> + + +<!-- Bubble hints code --> + +<script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div class="page-title">Log</div> + + + +<script type="text/javascript"> + $(function() { + $('[HTMLEventReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[HTMLEventReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div style="margin: 5px;"> + <span style="font-weight: bold;" HTMLEventReflectedXSSExecutionPoint="1"> + <a onclick="document.location.href='';" + style="cursor:pointer;"> + <img src="./images/back-button-128px-by-128px.png" + alt="Back" + width="64px" + height="64px" + align="middle" + /> + + Back + </a> + </span> +</div> +<table border="1px" width="100%" class="main-table-frame"><tr class="report-header"> <td colspan="10"> <span><img width="32px" height="32px" src="./images/information-icon-64-64.png" style="vertical-align:middle;" />5 log records found<span> <span title="Click to refresh log file" onclick="document.location.reload(true);" style="cursor: pointer;margin-left:35px;margin-right:35px;white-space:nowrap;font-weight:bold;"> <img width="32px" height="32px" src="./images/refresh-button-48px-by-48px.png" style="vertical-align:middle;" /> Refresh Logs </span> <span title="Click to delete log file" onclick="document.location='./index.php?page=show-log.php&deleteLogs=deleteLogs';" style="cursor: pointer;white-space:nowrap;font-weight:bold;"> <img width="32px" height="32px" src="./images/delete-icon-256-256.png" style="vertical-align:middle;" /> Delete Logs </span> </td></tr><tr class="report-header"> + <td style="font-weight:bold;">Hostname</td> + <td style="font-weight:bold;">IP</td> + <td style="font-weight:bold;">Browser Agent</td> + <td style="font-weight:bold;">Page Viewed</td> + <td style="font-weight:bold;">Date/Time</td> + </tr><tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:46:37</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:46:29</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:46:28</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:46:25</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:46:21</td> + </tr> +</table> + <!-- End Content --> + </blockquote> + </td> + </tr> + </table> + + +<!-- Bubble hints code --> + +<script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div ReflectedXSSExecutionPoint=\"1\" class="footer">Browser: blah<script>globalThis['alert']</script></div><div class="footer">PHP Version: 5.3.28</div></body> +</html><table> + <tr><td colspan="2"> </td></tr> + <tr> + <td colspan="2" class="error-header">Error: Failure is always an option and this situation proves it</td> + </tr> + <tr> + <td class="error-label">Line</td><td class="error-detail">101</td> + </tr> + <tr> + <td class="error-label">Code</td><td class="error-detail">0</td> + </tr> + <tr> + <td class="error-label">File</td><td class="error-detail">C:\inetpub\wwwroot\coliseum\sandboxes\117238-101163\BODY\inner\classes\LogHandler.php</td> + </tr> + <tr> + <td class="error-label">Message</td><td class="error-detail">Error attempting to write to log table: C:\inetpub\wwwroot\coliseum\sandboxes\117238-101163\BODY\inner\classes\MySQLHandler.php on line 249: Error executing query: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'alert']</script>', 'User visited: show-log.php', now() )' at line 1 () (0) [Exception] <br /> +</td> + </tr> + <tr> + <td class="error-label">Trace</td><td class="error-detail">#0 C:\inetpub\wwwroot\coliseum\sandboxes\117238-101163\BODY\inner\includes\log-visit.php(17): LogHandler->writeToLog('User visited: s...') +#1 C:\inetpub\wwwroot\coliseum\sandboxes\117238-101163\BODY\inner\index.php(603): require_once('C:\inetpub\wwwr...') +#2 {main}</td> + </tr> + <tr> + <td class="error-label">Diagnotic Information</td><td class="error-detail"></td> + </tr> + <tr> + <td colspan="2" class="error-header" style="text-align: center;">Did you <a href="set-up-database.php">setup/reset the DB</a>?</td> + </tr> + <tr><td colspan="2"> </td></tr> + </table><script type="text/javascript"> + try{ + window.localStorage.setItem("LocalStorageTarget","This is set by the index.php page"); + window.sessionStorage.setItem("SessionStorageTarget","This is set by the index.php page"); + }catch(e){ + alert(e); + }; + </script><script type="text/javascript" src="./javascript/jQuery/jquery-1.7.2.js"></script><script type="text/javascript" src="./javascript/jQuery/jquery.balloon.js"></script>
\ No newline at end of file diff --git a/hw7/index.php@page=show-log.php.15 b/hw7/index.php@page=show-log.php.15 new file mode 100644 index 0000000..ec87307 --- /dev/null +++ b/hw7/index.php@page=show-log.php.15 @@ -0,0 +1,578 @@ + + <!-- I think the database password is set to blank or perhaps samurai. + It depends on whether you installed this web app from irongeeks site or + are using it inside Kevin Johnsons Samurai web testing framework. + It is ok to put the password in HTML comments because no user will ever see + this comment. I remember that security instructor saying we should use the + framework comment symbols (ASP.NET, JAVA, PHP, Etc.) + rather than HTML comments, but we all know those + security instructors are just making all this up. --> +<!-- Bubble hints code --> + +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/1999/REC-html401-19991224/loose.dtd"> +<html> +<head> + <meta content="text/html; charset=us-ascii" http-equiv="content-type"> + + <link rel="shortcut icon" href="favicon.ico" type="image/x-icon" /> + <link rel="stylesheet" type="text/css" href="./styles/global-styles.css" /> + <link rel="stylesheet" type="text/css" href="./styles/ddsmoothmenu/ddsmoothmenu.css" /> + <link rel="stylesheet" type="text/css" href="./styles/ddsmoothmenu/ddsmoothmenu-v.css" /> + + <script type="text/javascript" src="./javascript/bookmark-site.js"></script> + <script type="text/javascript" src="./javascript/ddsmoothmenu/ddsmoothmenu.js"></script> + <script type="text/javascript" src="./javascript/ddsmoothmenu/jquery.min.js"> + /*********************************************** + * Smooth Navigational Menu- (c) Dynamic Drive DHTML code library (www.dynamicdrive.com) + * This notice MUST stay intact for legal use + * Visit Dynamic Drive at http://www.dynamicdrive.com/ for full source code + ***********************************************/ + </script> + <script type="text/javascript"> + ddsmoothmenu.init({ + mainmenuid: "smoothmenu1", //menu DIV id + orientation: 'v', //Horizontal or vertical menu: Set to "h" or "v" + classname: 'ddsmoothmenu', //class added to menu's outer DIV + //customtheme: ["#cccc44", "#cccccc"], + contentsource: "markup" //"markup" or ["container_id", "path_to_menu_file"] + }); + </script> + <script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + $('[CookieTamperingAffectedArea]').attr("title", "Cookies may store system state information"); + $('[CookieTamperingAffectedArea]').balloon(); + }); + </script> +</head> +<body onload="onLoadOfBody(this);"> +<table class="main-table-frame" border="1px" cellspacing="0px" cellpadding="0px"> + <tr> + <td bgcolor="#ccccff" align="center" colspan="7"> + <table width="100%"> + <tr> + <td style="text-align:center;"> + <span style="text-align:center; font-weight: bold; font-size:30px; text-align: center;"> + <img style="vertical-align: middle; margin-right: 10px;" border="0px" width="50px" height="40px" align="top" src="./images/coykillericon.png"/> + NOWASP (Mutillidae): Hack Like You Mean It + </span> + </td> + </tr> + </table> + </td> + </tr> + <tr> + <td bgcolor="#ccccff" align="center" colspan="7"> + <span class="version-header">Version: 2.3.10</span> + <span id="idSecurityLevelHeading" class="version-header" style="margin-left: 40px;">Security Level: 0 (Hosed)</span> + <span id="idHintsStatusHeading" CookieTamperingAffectedArea="1" class="version-header" style="margin-left: 40px;">Hints: Disabled (0 - I try harder)</span> + <span id="idSystemInformationHeading" ReflectedXSSExecutionPoint="1" class="version-header" style="margin-left: 40px;">Not Logged In</span> + </td> + </tr> + <tr> + <td colspan="2" class="header-menu-table"> + <table class="header-menu-table"> + <tr> + <td><a href="index.php?page=home.php">Home</a></td> + <td>|</td> + <td> + <a href="./index.php?page=login.php">Login/Register</a> + </td> + <td>|</td> + <td><a href="./index.php?do=toggle-hints&page=show-log.php">Toggle Hints</a></td><td>|</td> <td><a href="./index.php?do=toggle-security&page=show-log.php">Toggle Security</a></td> + <td>|</td> + <td><a href="set-up-database.php">Reset DB</a></td> + <td>|</td> + <td><a href="./index.php?page=show-log.php">View Log</a></td> + <td>|</td> + <td><a href="./index.php?page=captured-data.php">View Captured Data</a></td> + <td>|</td> + <td><a href="./index.php?do=toggle-bubble-hints&page=show-log.php">Hide Popup Hints</a></td> + </tr> + </table> + </td> + </tr> + <tr> + <td style="vertical-align:top;text-align:left;background-color:#ccccff;width:10%"> + <div id="smoothmenu1" class="ddsmoothmenu"> + <ul> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">Core Controls</a> + <ul> + <li><a href="index.php?page=home.php">Home</a></li> + <li> + <a href="./index.php?page=login.php">Login/Register</a> </li> + <li><a href="./index.php?do=toggle-hints&page=show-log.php">Toggle Hints</a></li> <li><a href="./index.php?do=toggle-security&page=show-log.php">Toggle Security</a></li> + <li><a href="set-up-database.php">Setup/Reset the DB</a></li> + <li><a href="./index.php?page=show-log.php">Show Log</a></li> + <li><a href="./index.php?page=credits.php">Credits</a></li> + <li><a href="./index.php?do=toggle-bubble-hints&page=show-log.php">Hide Popup Hints</a></li> + </ul> + </li> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">OWASP Top 10</a> + <ul> + <li> + <a href="">A1 - SQL Injection</a> + <ul> + <li> + <a href="">SQLi - Extract Data</a> + <ul> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">SQLi - Bypass Authentication</a> + <ul> + <li><a href="./index.php?page=login.php">Login</a></li> + </ul> + </li> + <li> + <a href="">SQLi - Insert Injection</a> + <ul> + <li><a href="./index.php?page=register.php">Register</a></li> + </ul> + </li> + <li> + <a href="">Blind SQL via Timing</a> + <ul> + <li><a href="./index.php?page=login.php">Login</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">SQLMAP Practice Target</a> + <ul> + <li><a href="./index.php?page=view-someones-blog.php">View Someones Blog</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">Via JavaScript Object Notation (JSON)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href="">A1 - Other Injection</a> + <ul> + <li> + <a href="">HTML Injection (HTMLi)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + </ul> + </li> + <li> + <a href="">HTMLi via HTTP Headers</a> + <ul> + <li><a href="./index.php?page=site-footer-xss-discussion.php">Site Footer</a><li> + <li><a href="">HTTP Response Splitting (Hint: Difficult)</a></li> + </ul> + </li> + <li> + <a href="">HTMLi Via DOM Injection</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">HTMLi Via Cookie Injection</a> + <ul> + <li><a href="index.php?page=capture-data.php">Capture Data Page</a></li> + </ul> + </li> + <li> + <a href="">Frame Source Injection</a> + <ul> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Injection</a> + <ul> + <li><a href="./index.php">Those "Back" Buttons</a></li> + <li> + <a href="./index.php?page=password-generator.php&username=anonymous"> + Password Generator + </a> + </li> + <li><a href="./index.php?page=browser-info.php">Browser Info</a></li> + </ul> + </li> + <li> + <a href="">HTTP Parameter Pollution</a> + <ul> + <li><a href="./index.php?page=user-poll.php">Poll Question</a></li> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">Cascading Style Injection</a> + <ul> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Object Notation (JSON) Injection</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + <li> + <a href="">Buffer Overflow</a> + <ul> + <li><a href="./index.php?page=repeater.php">Repeater</a></li> + </ul> + </li> + <li> + <a href="">Parameter Addition</a> + <ul> + <li><a href="./index.php?page=repeater.php">Repeater</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href="">A2 - Cross Site Scripting (XSS)</a> + <ul> + <li> + <a href="">Reflected (First Order)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + <li><a href="./index.php?page=html5-storage.php">HTML5 Storage</a></li> + <li><a href="./index.php?page=capture-data.php">Capture Data Page</a></li> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">Persistent (Second Order)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="?page=view-someones-blog.php">View someone's blog</a></li> + <li><a href="?page=show-log.php">Show Log</a><li> + </ul> + </li> + <li> + <a href="">DOM Injection</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Via "Input" (GET/POST)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="?page=view-someones-blog.php">View someone's blog</a></li> + <li><a href="?page=show-log.php">Show Log</a><li> + <li><a href="?page=user-info.php">User Info</a></li> + <li><a href="./index.php">Missing HTTPOnly Attribute</a></li> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + </ul> + </li> + <li> + <a href="">Via HTTP Headers</a> + <ul> + <li><a href="./index.php?page=browser-info.php">Browser Info</a></li> + <li><a href="./index.php?page=show-log.php">Show Log</a><li> + <li><a href="./index.php?page=site-footer-xss-discussion.php">Site Footer</a><li> + <li><a href="./index.php?page=html5-storage.php">Those "BACK" Buttons</a></li> + </ul> + </li> + <li> + <a href="">Via Misconfiguration</a> + <ul> + <li><a href="./index.php">Missing HTTPOnly Attribute</a></li> + </ul> + </li> + <li> + <a href="">Against HTML 5 Storage</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Against JSON</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + </ul> + </li> + <li> + <a href="">Via Cookie Injection</a> + <ul> + <li><a href="index.php?page=capture-data.php">Capture Data Page</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href=""> + A3 - Broken Authentication and Session Management + </a> + <ul> + <li><a href="index.php">Cookies</a></li> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=view-user-privilege-level.php&iv=6bc24fc1ab650b25b4114e93a98f1eba">View User Privileges</a></li> + </ul> + </li> + <li> + <a href="">A4 - Insecure Direct Object References</a> + <ul> + <li><a href="index.php?page=source-viewer.php">Source Viewer</a></li> + <li><a href="index.php?page=credits.php">Credits</a></li> + <li><a href="index.php">Cookies</a></li> + <li><a href="index.php?page=arbitrary-file-inclusion.php">Arbitrary File Inclusion</a></li> + </ul> + </li> + <li> + <a href="">A5 - Cross Site Request Forgery (CSRF)</a> + <ul> + <li><a href="index.php?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="./index.php?page=register.php">Register User</a></li> + </ul> + </li> + <li> + <a href="">A6 - Security Misconfiguration</a> + <ul> + <li><a href="index.php?page=directory-browsing.php">Directory Browsing</a></li> + <li><a href="./index.php?page=user-info.php">Method Tampering (GET for POST)</a></li> + </ul> + </li> + <li> + <a href="">A7 - Insecure Cryptographic Storage</a> + <ul> + <li><a href="index.php?page=user-info.php">User Info</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">A8 - Failure to Restrict URL Access</a> + <ul> + <li><a href="index.php?page=source-viewer.php">Source Viewer</a></li> + <li><a href="index.php?page=secret-administrative-pages.php">"Secret" Administrative Pages</a></li> + <li><a href="index.php?page=robots-txt.php">Robots.txt</a></li> + </ul> + </li> + <li> + <a href="">A9 - Insufficient Transport Layer Protection</a> + <ul> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">A10 - Unvalidated Redirects and Forwards</a> + <ul> + <li><a href="?page=credits.php">Credits</a></li> + <a href="#">Setup/reset the DB (Disabled: Not Admin)</a></li> + + </ul> + </li> + </ul> + </li> + <li style="border-color: #ffffff; border-style: solid;border-width: 1px"> + <a href="#">HTML 5</a> + <ul> + <li> + <a href="">HTML 5 Web Storage</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Object Notation (JSON)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + <li> + <a href="">Asyncronous JavaScript and XML (AJAX)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + </ul> + </li> + <li style="border-color: #ffffff; border-style: solid;border-width: 1px"> + <a href="#">Others</a> + <ul> + <li> + <a href="">OWASP 2007 A3 - Malicious File Execution</a> + <ul> + <li><a href="?page=source-viewer.php">Source Viewer</a></li> + </ul> + </li> + <li> + <a href="">OWASP 2007 A6 - Information Leakage and Improper Error Handling</a> + <ul> + <li><a href="index.php">Cache Control</a></li> + <li><a href="index.php">X-Powered-By HTTP Header</a></li> + <li><a href="index.php">HTML/JavaScript Comments</a></li> + <li><a href="index.php?page=framing.php">Click-Jacking</a></li> + <li><a href="framer.html">Cross-Site Framing (Third-Party Framing)</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Denial of Service</a> + <ul> + <li><a href="?page=show-log.php">Show Web Log</a><li> + </ul> + </li> + <li> + <a href="">JavaScript "Security"</a> + <ul> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=user-info.php">User Info</a></li> + <li><a href="index.php?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="index.php?page=user-agent-impersonation.php">User-Agent Impersonation</a> + </li> + <li> + <a href="">Data Capture Pages</a> + <ul> + <li><a href="index.php?page=capture-data.php">Data Capture</a></li> + <li><a href="index.php?page=captured-data.php">View Captured Data</a></li> + </ul> + </li> + + </ul> + </li> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">Documentation</a> + <ul> + <li><a href="index.php?page=documentation/vulnerabilities.php">Listing of Vulnerabilities</a></li> + </ul> + </li> + </ul> + <br style="clear: left" /> + </div> + + <div class="label" style="text-align: center;">Developed by Adrian "Irongeek" Crenshaw and Jeremy Druin</div> + </td> + +<td valign="top"> + <blockquote> + <!-- Begin Content --> + + +<!-- Bubble hints code --> + +<script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div class="page-title">Log</div> + + + +<script type="text/javascript"> + $(function() { + $('[HTMLEventReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[HTMLEventReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div style="margin: 5px;"> + <span style="font-weight: bold;" HTMLEventReflectedXSSExecutionPoint="1"> + <a onclick="document.location.href='';" + style="cursor:pointer;"> + <img src="./images/back-button-128px-by-128px.png" + alt="Back" + width="64px" + height="64px" + align="middle" + /> + + Back + </a> + </span> +</div> +<table border="1px" width="100%" class="main-table-frame"><tr class="report-header"> <td colspan="10"> <span><img width="32px" height="32px" src="./images/information-icon-64-64.png" style="vertical-align:middle;" />6 log records found<span> <span title="Click to refresh log file" onclick="document.location.reload(true);" style="cursor: pointer;margin-left:35px;margin-right:35px;white-space:nowrap;font-weight:bold;"> <img width="32px" height="32px" src="./images/refresh-button-48px-by-48px.png" style="vertical-align:middle;" /> Refresh Logs </span> <span title="Click to delete log file" onclick="document.location='./index.php?page=show-log.php&deleteLogs=deleteLogs';" style="cursor: pointer;white-space:nowrap;font-weight:bold;"> <img width="32px" height="32px" src="./images/delete-icon-256-256.png" style="vertical-align:middle;" /> Delete Logs </span> </td></tr><tr class="report-header"> + <td style="font-weight:bold;">Hostname</td> + <td style="font-weight:bold;">IP</td> + <td style="font-weight:bold;">Browser Agent</td> + <td style="font-weight:bold;">Page Viewed</td> + <td style="font-weight:bold;">Date/Time</td> + </tr><tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:46:59</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:46:37</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:46:29</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:46:28</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:46:25</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:46:21</td> + </tr> +</table> + <!-- End Content --> + </blockquote> + </td> + </tr> + </table> + + +<!-- Bubble hints code --> + +<script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div ReflectedXSSExecutionPoint=\"1\" class="footer">Browser: blah</div><div class="footer">PHP Version: 5.3.28</div></body> +</html><script type="text/javascript"> + try{ + window.localStorage.setItem("LocalStorageTarget","This is set by the index.php page"); + window.sessionStorage.setItem("SessionStorageTarget","This is set by the index.php page"); + }catch(e){ + alert(e); + }; + </script><script type="text/javascript" src="./javascript/jQuery/jquery-1.7.2.js"></script><script type="text/javascript" src="./javascript/jQuery/jquery.balloon.js"></script>
\ No newline at end of file diff --git a/hw7/index.php@page=show-log.php.16 b/hw7/index.php@page=show-log.php.16 new file mode 100644 index 0000000..f2164ad --- /dev/null +++ b/hw7/index.php@page=show-log.php.16 @@ -0,0 +1,622 @@ + + <!-- I think the database password is set to blank or perhaps samurai. + It depends on whether you installed this web app from irongeeks site or + are using it inside Kevin Johnsons Samurai web testing framework. + It is ok to put the password in HTML comments because no user will ever see + this comment. I remember that security instructor saying we should use the + framework comment symbols (ASP.NET, JAVA, PHP, Etc.) + rather than HTML comments, but we all know those + security instructors are just making all this up. --> +<!-- Bubble hints code --> + +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/1999/REC-html401-19991224/loose.dtd"> +<html> +<head> + <meta content="text/html; charset=us-ascii" http-equiv="content-type"> + + <link rel="shortcut icon" href="favicon.ico" type="image/x-icon" /> + <link rel="stylesheet" type="text/css" href="./styles/global-styles.css" /> + <link rel="stylesheet" type="text/css" href="./styles/ddsmoothmenu/ddsmoothmenu.css" /> + <link rel="stylesheet" type="text/css" href="./styles/ddsmoothmenu/ddsmoothmenu-v.css" /> + + <script type="text/javascript" src="./javascript/bookmark-site.js"></script> + <script type="text/javascript" src="./javascript/ddsmoothmenu/ddsmoothmenu.js"></script> + <script type="text/javascript" src="./javascript/ddsmoothmenu/jquery.min.js"> + /*********************************************** + * Smooth Navigational Menu- (c) Dynamic Drive DHTML code library (www.dynamicdrive.com) + * This notice MUST stay intact for legal use + * Visit Dynamic Drive at http://www.dynamicdrive.com/ for full source code + ***********************************************/ + </script> + <script type="text/javascript"> + ddsmoothmenu.init({ + mainmenuid: "smoothmenu1", //menu DIV id + orientation: 'v', //Horizontal or vertical menu: Set to "h" or "v" + classname: 'ddsmoothmenu', //class added to menu's outer DIV + //customtheme: ["#cccc44", "#cccccc"], + contentsource: "markup" //"markup" or ["container_id", "path_to_menu_file"] + }); + </script> + <script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + $('[CookieTamperingAffectedArea]').attr("title", "Cookies may store system state information"); + $('[CookieTamperingAffectedArea]').balloon(); + }); + </script> +</head> +<body onload="onLoadOfBody(this);"> +<table class="main-table-frame" border="1px" cellspacing="0px" cellpadding="0px"> + <tr> + <td bgcolor="#ccccff" align="center" colspan="7"> + <table width="100%"> + <tr> + <td style="text-align:center;"> + <span style="text-align:center; font-weight: bold; font-size:30px; text-align: center;"> + <img style="vertical-align: middle; margin-right: 10px;" border="0px" width="50px" height="40px" align="top" src="./images/coykillericon.png"/> + NOWASP (Mutillidae): Hack Like You Mean It + </span> + </td> + </tr> + </table> + </td> + </tr> + <tr> + <td bgcolor="#ccccff" align="center" colspan="7"> + <span class="version-header">Version: 2.3.10</span> + <span id="idSecurityLevelHeading" class="version-header" style="margin-left: 40px;">Security Level: 0 (Hosed)</span> + <span id="idHintsStatusHeading" CookieTamperingAffectedArea="1" class="version-header" style="margin-left: 40px;">Hints: Disabled (0 - I try harder)</span> + <span id="idSystemInformationHeading" ReflectedXSSExecutionPoint="1" class="version-header" style="margin-left: 40px;">Not Logged In</span> + </td> + </tr> + <tr> + <td colspan="2" class="header-menu-table"> + <table class="header-menu-table"> + <tr> + <td><a href="index.php?page=home.php">Home</a></td> + <td>|</td> + <td> + <a href="./index.php?page=login.php">Login/Register</a> + </td> + <td>|</td> + <td><a href="./index.php?do=toggle-hints&page=show-log.php">Toggle Hints</a></td><td>|</td> <td><a href="./index.php?do=toggle-security&page=show-log.php">Toggle Security</a></td> + <td>|</td> + <td><a href="set-up-database.php">Reset DB</a></td> + <td>|</td> + <td><a href="./index.php?page=show-log.php">View Log</a></td> + <td>|</td> + <td><a href="./index.php?page=captured-data.php">View Captured Data</a></td> + <td>|</td> + <td><a href="./index.php?do=toggle-bubble-hints&page=show-log.php">Hide Popup Hints</a></td> + </tr> + </table> + </td> + </tr> + <tr> + <td style="vertical-align:top;text-align:left;background-color:#ccccff;width:10%"> + <div id="smoothmenu1" class="ddsmoothmenu"> + <ul> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">Core Controls</a> + <ul> + <li><a href="index.php?page=home.php">Home</a></li> + <li> + <a href="./index.php?page=login.php">Login/Register</a> </li> + <li><a href="./index.php?do=toggle-hints&page=show-log.php">Toggle Hints</a></li> <li><a href="./index.php?do=toggle-security&page=show-log.php">Toggle Security</a></li> + <li><a href="set-up-database.php">Setup/Reset the DB</a></li> + <li><a href="./index.php?page=show-log.php">Show Log</a></li> + <li><a href="./index.php?page=credits.php">Credits</a></li> + <li><a href="./index.php?do=toggle-bubble-hints&page=show-log.php">Hide Popup Hints</a></li> + </ul> + </li> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">OWASP Top 10</a> + <ul> + <li> + <a href="">A1 - SQL Injection</a> + <ul> + <li> + <a href="">SQLi - Extract Data</a> + <ul> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">SQLi - Bypass Authentication</a> + <ul> + <li><a href="./index.php?page=login.php">Login</a></li> + </ul> + </li> + <li> + <a href="">SQLi - Insert Injection</a> + <ul> + <li><a href="./index.php?page=register.php">Register</a></li> + </ul> + </li> + <li> + <a href="">Blind SQL via Timing</a> + <ul> + <li><a href="./index.php?page=login.php">Login</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">SQLMAP Practice Target</a> + <ul> + <li><a href="./index.php?page=view-someones-blog.php">View Someones Blog</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">Via JavaScript Object Notation (JSON)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href="">A1 - Other Injection</a> + <ul> + <li> + <a href="">HTML Injection (HTMLi)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + </ul> + </li> + <li> + <a href="">HTMLi via HTTP Headers</a> + <ul> + <li><a href="./index.php?page=site-footer-xss-discussion.php">Site Footer</a><li> + <li><a href="">HTTP Response Splitting (Hint: Difficult)</a></li> + </ul> + </li> + <li> + <a href="">HTMLi Via DOM Injection</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">HTMLi Via Cookie Injection</a> + <ul> + <li><a href="index.php?page=capture-data.php">Capture Data Page</a></li> + </ul> + </li> + <li> + <a href="">Frame Source Injection</a> + <ul> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Injection</a> + <ul> + <li><a href="./index.php">Those "Back" Buttons</a></li> + <li> + <a href="./index.php?page=password-generator.php&username=anonymous"> + Password Generator + </a> + </li> + <li><a href="./index.php?page=browser-info.php">Browser Info</a></li> + </ul> + </li> + <li> + <a href="">HTTP Parameter Pollution</a> + <ul> + <li><a href="./index.php?page=user-poll.php">Poll Question</a></li> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">Cascading Style Injection</a> + <ul> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Object Notation (JSON) Injection</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + <li> + <a href="">Buffer Overflow</a> + <ul> + <li><a href="./index.php?page=repeater.php">Repeater</a></li> + </ul> + </li> + <li> + <a href="">Parameter Addition</a> + <ul> + <li><a href="./index.php?page=repeater.php">Repeater</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href="">A2 - Cross Site Scripting (XSS)</a> + <ul> + <li> + <a href="">Reflected (First Order)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + <li><a href="./index.php?page=html5-storage.php">HTML5 Storage</a></li> + <li><a href="./index.php?page=capture-data.php">Capture Data Page</a></li> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">Persistent (Second Order)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="?page=view-someones-blog.php">View someone's blog</a></li> + <li><a href="?page=show-log.php">Show Log</a><li> + </ul> + </li> + <li> + <a href="">DOM Injection</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Via "Input" (GET/POST)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="?page=view-someones-blog.php">View someone's blog</a></li> + <li><a href="?page=show-log.php">Show Log</a><li> + <li><a href="?page=user-info.php">User Info</a></li> + <li><a href="./index.php">Missing HTTPOnly Attribute</a></li> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + </ul> + </li> + <li> + <a href="">Via HTTP Headers</a> + <ul> + <li><a href="./index.php?page=browser-info.php">Browser Info</a></li> + <li><a href="./index.php?page=show-log.php">Show Log</a><li> + <li><a href="./index.php?page=site-footer-xss-discussion.php">Site Footer</a><li> + <li><a href="./index.php?page=html5-storage.php">Those "BACK" Buttons</a></li> + </ul> + </li> + <li> + <a href="">Via Misconfiguration</a> + <ul> + <li><a href="./index.php">Missing HTTPOnly Attribute</a></li> + </ul> + </li> + <li> + <a href="">Against HTML 5 Storage</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Against JSON</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + </ul> + </li> + <li> + <a href="">Via Cookie Injection</a> + <ul> + <li><a href="index.php?page=capture-data.php">Capture Data Page</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href=""> + A3 - Broken Authentication and Session Management + </a> + <ul> + <li><a href="index.php">Cookies</a></li> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=view-user-privilege-level.php&iv=6bc24fc1ab650b25b4114e93a98f1eba">View User Privileges</a></li> + </ul> + </li> + <li> + <a href="">A4 - Insecure Direct Object References</a> + <ul> + <li><a href="index.php?page=source-viewer.php">Source Viewer</a></li> + <li><a href="index.php?page=credits.php">Credits</a></li> + <li><a href="index.php">Cookies</a></li> + <li><a href="index.php?page=arbitrary-file-inclusion.php">Arbitrary File Inclusion</a></li> + </ul> + </li> + <li> + <a href="">A5 - Cross Site Request Forgery (CSRF)</a> + <ul> + <li><a href="index.php?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="./index.php?page=register.php">Register User</a></li> + </ul> + </li> + <li> + <a href="">A6 - Security Misconfiguration</a> + <ul> + <li><a href="index.php?page=directory-browsing.php">Directory Browsing</a></li> + <li><a href="./index.php?page=user-info.php">Method Tampering (GET for POST)</a></li> + </ul> + </li> + <li> + <a href="">A7 - Insecure Cryptographic Storage</a> + <ul> + <li><a href="index.php?page=user-info.php">User Info</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">A8 - Failure to Restrict URL Access</a> + <ul> + <li><a href="index.php?page=source-viewer.php">Source Viewer</a></li> + <li><a href="index.php?page=secret-administrative-pages.php">"Secret" Administrative Pages</a></li> + <li><a href="index.php?page=robots-txt.php">Robots.txt</a></li> + </ul> + </li> + <li> + <a href="">A9 - Insufficient Transport Layer Protection</a> + <ul> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">A10 - Unvalidated Redirects and Forwards</a> + <ul> + <li><a href="?page=credits.php">Credits</a></li> + <a href="#">Setup/reset the DB (Disabled: Not Admin)</a></li> + + </ul> + </li> + </ul> + </li> + <li style="border-color: #ffffff; border-style: solid;border-width: 1px"> + <a href="#">HTML 5</a> + <ul> + <li> + <a href="">HTML 5 Web Storage</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Object Notation (JSON)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + <li> + <a href="">Asyncronous JavaScript and XML (AJAX)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + </ul> + </li> + <li style="border-color: #ffffff; border-style: solid;border-width: 1px"> + <a href="#">Others</a> + <ul> + <li> + <a href="">OWASP 2007 A3 - Malicious File Execution</a> + <ul> + <li><a href="?page=source-viewer.php">Source Viewer</a></li> + </ul> + </li> + <li> + <a href="">OWASP 2007 A6 - Information Leakage and Improper Error Handling</a> + <ul> + <li><a href="index.php">Cache Control</a></li> + <li><a href="index.php">X-Powered-By HTTP Header</a></li> + <li><a href="index.php">HTML/JavaScript Comments</a></li> + <li><a href="index.php?page=framing.php">Click-Jacking</a></li> + <li><a href="framer.html">Cross-Site Framing (Third-Party Framing)</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Denial of Service</a> + <ul> + <li><a href="?page=show-log.php">Show Web Log</a><li> + </ul> + </li> + <li> + <a href="">JavaScript "Security"</a> + <ul> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=user-info.php">User Info</a></li> + <li><a href="index.php?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="index.php?page=user-agent-impersonation.php">User-Agent Impersonation</a> + </li> + <li> + <a href="">Data Capture Pages</a> + <ul> + <li><a href="index.php?page=capture-data.php">Data Capture</a></li> + <li><a href="index.php?page=captured-data.php">View Captured Data</a></li> + </ul> + </li> + + </ul> + </li> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">Documentation</a> + <ul> + <li><a href="index.php?page=documentation/vulnerabilities.php">Listing of Vulnerabilities</a></li> + </ul> + </li> + </ul> + <br style="clear: left" /> + </div> + + <div class="label" style="text-align: center;">Developed by Adrian "Irongeek" Crenshaw and Jeremy Druin</div> + </td> + +<td valign="top"> + <blockquote> + <!-- Begin Content --> + + +<!-- Bubble hints code --> + +<script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div class="page-title">Log</div> + + + +<script type="text/javascript"> + $(function() { + $('[HTMLEventReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[HTMLEventReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div style="margin: 5px;"> + <span style="font-weight: bold;" HTMLEventReflectedXSSExecutionPoint="1"> + <a onclick="document.location.href='';" + style="cursor:pointer;"> + <img src="./images/back-button-128px-by-128px.png" + alt="Back" + width="64px" + height="64px" + align="middle" + /> + + Back + </a> + </span> +</div> +<table border="1px" width="100%" class="main-table-frame"><tr class="report-header"> <td colspan="10"> <span><img width="32px" height="32px" src="./images/information-icon-64-64.png" style="vertical-align:middle;" />8 log records found<span> <span title="Click to refresh log file" onclick="document.location.reload(true);" style="cursor: pointer;margin-left:35px;margin-right:35px;white-space:nowrap;font-weight:bold;"> <img width="32px" height="32px" src="./images/refresh-button-48px-by-48px.png" style="vertical-align:middle;" /> Refresh Logs </span> <span title="Click to delete log file" onclick="document.location='./index.php?page=show-log.php&deleteLogs=deleteLogs';" style="cursor: pointer;white-space:nowrap;font-weight:bold;"> <img width="32px" height="32px" src="./images/delete-icon-256-256.png" style="vertical-align:middle;" /> Delete Logs </span> </td></tr><tr class="report-header"> + <td style="font-weight:bold;">Hostname</td> + <td style="font-weight:bold;">IP</td> + <td style="font-weight:bold;">Browser Agent</td> + <td style="font-weight:bold;">Page Viewed</td> + <td style="font-weight:bold;">Date/Time</td> + </tr><tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:47:35</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">blah</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:47:30</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:46:59</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:46:37</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:46:29</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:46:28</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:46:25</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:46:21</td> + </tr> +</table> + <!-- End Content --> + </blockquote> + </td> + </tr> + </table> + + +<!-- Bubble hints code --> + +<script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div ReflectedXSSExecutionPoint=\"1\" class="footer">Browser: blah<script>globalThis['alert']</script></div><div class="footer">PHP Version: 5.3.28</div></body> +</html><table> + <tr><td colspan="2"> </td></tr> + <tr> + <td colspan="2" class="error-header">Error: Failure is always an option and this situation proves it</td> + </tr> + <tr> + <td class="error-label">Line</td><td class="error-detail">101</td> + </tr> + <tr> + <td class="error-label">Code</td><td class="error-detail">0</td> + </tr> + <tr> + <td class="error-label">File</td><td class="error-detail">C:\inetpub\wwwroot\coliseum\sandboxes\117238-101163\BODY\inner\classes\LogHandler.php</td> + </tr> + <tr> + <td class="error-label">Message</td><td class="error-detail">Error attempting to write to log table: C:\inetpub\wwwroot\coliseum\sandboxes\117238-101163\BODY\inner\classes\MySQLHandler.php on line 249: Error executing query: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'alert']</script>', 'User visited: show-log.php', now() )' at line 1 () (0) [Exception] <br /> +</td> + </tr> + <tr> + <td class="error-label">Trace</td><td class="error-detail">#0 C:\inetpub\wwwroot\coliseum\sandboxes\117238-101163\BODY\inner\includes\log-visit.php(17): LogHandler->writeToLog('User visited: s...') +#1 C:\inetpub\wwwroot\coliseum\sandboxes\117238-101163\BODY\inner\index.php(603): require_once('C:\inetpub\wwwr...') +#2 {main}</td> + </tr> + <tr> + <td class="error-label">Diagnotic Information</td><td class="error-detail"></td> + </tr> + <tr> + <td colspan="2" class="error-header" style="text-align: center;">Did you <a href="set-up-database.php">setup/reset the DB</a>?</td> + </tr> + <tr><td colspan="2"> </td></tr> + </table><script type="text/javascript"> + try{ + window.localStorage.setItem("LocalStorageTarget","This is set by the index.php page"); + window.sessionStorage.setItem("SessionStorageTarget","This is set by the index.php page"); + }catch(e){ + alert(e); + }; + </script><script type="text/javascript" src="./javascript/jQuery/jquery-1.7.2.js"></script><script type="text/javascript" src="./javascript/jQuery/jquery.balloon.js"></script>
\ No newline at end of file diff --git a/hw7/index.php@page=show-log.php.17 b/hw7/index.php@page=show-log.php.17 new file mode 100644 index 0000000..82872d4 --- /dev/null +++ b/hw7/index.php@page=show-log.php.17 @@ -0,0 +1,629 @@ + + <!-- I think the database password is set to blank or perhaps samurai. + It depends on whether you installed this web app from irongeeks site or + are using it inside Kevin Johnsons Samurai web testing framework. + It is ok to put the password in HTML comments because no user will ever see + this comment. I remember that security instructor saying we should use the + framework comment symbols (ASP.NET, JAVA, PHP, Etc.) + rather than HTML comments, but we all know those + security instructors are just making all this up. --> +<!-- Bubble hints code --> + +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/1999/REC-html401-19991224/loose.dtd"> +<html> +<head> + <meta content="text/html; charset=us-ascii" http-equiv="content-type"> + + <link rel="shortcut icon" href="favicon.ico" type="image/x-icon" /> + <link rel="stylesheet" type="text/css" href="./styles/global-styles.css" /> + <link rel="stylesheet" type="text/css" href="./styles/ddsmoothmenu/ddsmoothmenu.css" /> + <link rel="stylesheet" type="text/css" href="./styles/ddsmoothmenu/ddsmoothmenu-v.css" /> + + <script type="text/javascript" src="./javascript/bookmark-site.js"></script> + <script type="text/javascript" src="./javascript/ddsmoothmenu/ddsmoothmenu.js"></script> + <script type="text/javascript" src="./javascript/ddsmoothmenu/jquery.min.js"> + /*********************************************** + * Smooth Navigational Menu- (c) Dynamic Drive DHTML code library (www.dynamicdrive.com) + * This notice MUST stay intact for legal use + * Visit Dynamic Drive at http://www.dynamicdrive.com/ for full source code + ***********************************************/ + </script> + <script type="text/javascript"> + ddsmoothmenu.init({ + mainmenuid: "smoothmenu1", //menu DIV id + orientation: 'v', //Horizontal or vertical menu: Set to "h" or "v" + classname: 'ddsmoothmenu', //class added to menu's outer DIV + //customtheme: ["#cccc44", "#cccccc"], + contentsource: "markup" //"markup" or ["container_id", "path_to_menu_file"] + }); + </script> + <script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + $('[CookieTamperingAffectedArea]').attr("title", "Cookies may store system state information"); + $('[CookieTamperingAffectedArea]').balloon(); + }); + </script> +</head> +<body onload="onLoadOfBody(this);"> +<table class="main-table-frame" border="1px" cellspacing="0px" cellpadding="0px"> + <tr> + <td bgcolor="#ccccff" align="center" colspan="7"> + <table width="100%"> + <tr> + <td style="text-align:center;"> + <span style="text-align:center; font-weight: bold; font-size:30px; text-align: center;"> + <img style="vertical-align: middle; margin-right: 10px;" border="0px" width="50px" height="40px" align="top" src="./images/coykillericon.png"/> + NOWASP (Mutillidae): Hack Like You Mean It + </span> + </td> + </tr> + </table> + </td> + </tr> + <tr> + <td bgcolor="#ccccff" align="center" colspan="7"> + <span class="version-header">Version: 2.3.10</span> + <span id="idSecurityLevelHeading" class="version-header" style="margin-left: 40px;">Security Level: 0 (Hosed)</span> + <span id="idHintsStatusHeading" CookieTamperingAffectedArea="1" class="version-header" style="margin-left: 40px;">Hints: Disabled (0 - I try harder)</span> + <span id="idSystemInformationHeading" ReflectedXSSExecutionPoint="1" class="version-header" style="margin-left: 40px;">Not Logged In</span> + </td> + </tr> + <tr> + <td colspan="2" class="header-menu-table"> + <table class="header-menu-table"> + <tr> + <td><a href="index.php?page=home.php">Home</a></td> + <td>|</td> + <td> + <a href="./index.php?page=login.php">Login/Register</a> + </td> + <td>|</td> + <td><a href="./index.php?do=toggle-hints&page=show-log.php">Toggle Hints</a></td><td>|</td> <td><a href="./index.php?do=toggle-security&page=show-log.php">Toggle Security</a></td> + <td>|</td> + <td><a href="set-up-database.php">Reset DB</a></td> + <td>|</td> + <td><a href="./index.php?page=show-log.php">View Log</a></td> + <td>|</td> + <td><a href="./index.php?page=captured-data.php">View Captured Data</a></td> + <td>|</td> + <td><a href="./index.php?do=toggle-bubble-hints&page=show-log.php">Hide Popup Hints</a></td> + </tr> + </table> + </td> + </tr> + <tr> + <td style="vertical-align:top;text-align:left;background-color:#ccccff;width:10%"> + <div id="smoothmenu1" class="ddsmoothmenu"> + <ul> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">Core Controls</a> + <ul> + <li><a href="index.php?page=home.php">Home</a></li> + <li> + <a href="./index.php?page=login.php">Login/Register</a> </li> + <li><a href="./index.php?do=toggle-hints&page=show-log.php">Toggle Hints</a></li> <li><a href="./index.php?do=toggle-security&page=show-log.php">Toggle Security</a></li> + <li><a href="set-up-database.php">Setup/Reset the DB</a></li> + <li><a href="./index.php?page=show-log.php">Show Log</a></li> + <li><a href="./index.php?page=credits.php">Credits</a></li> + <li><a href="./index.php?do=toggle-bubble-hints&page=show-log.php">Hide Popup Hints</a></li> + </ul> + </li> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">OWASP Top 10</a> + <ul> + <li> + <a href="">A1 - SQL Injection</a> + <ul> + <li> + <a href="">SQLi - Extract Data</a> + <ul> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">SQLi - Bypass Authentication</a> + <ul> + <li><a href="./index.php?page=login.php">Login</a></li> + </ul> + </li> + <li> + <a href="">SQLi - Insert Injection</a> + <ul> + <li><a href="./index.php?page=register.php">Register</a></li> + </ul> + </li> + <li> + <a href="">Blind SQL via Timing</a> + <ul> + <li><a href="./index.php?page=login.php">Login</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">SQLMAP Practice Target</a> + <ul> + <li><a href="./index.php?page=view-someones-blog.php">View Someones Blog</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">Via JavaScript Object Notation (JSON)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href="">A1 - Other Injection</a> + <ul> + <li> + <a href="">HTML Injection (HTMLi)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + </ul> + </li> + <li> + <a href="">HTMLi via HTTP Headers</a> + <ul> + <li><a href="./index.php?page=site-footer-xss-discussion.php">Site Footer</a><li> + <li><a href="">HTTP Response Splitting (Hint: Difficult)</a></li> + </ul> + </li> + <li> + <a href="">HTMLi Via DOM Injection</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">HTMLi Via Cookie Injection</a> + <ul> + <li><a href="index.php?page=capture-data.php">Capture Data Page</a></li> + </ul> + </li> + <li> + <a href="">Frame Source Injection</a> + <ul> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Injection</a> + <ul> + <li><a href="./index.php">Those "Back" Buttons</a></li> + <li> + <a href="./index.php?page=password-generator.php&username=anonymous"> + Password Generator + </a> + </li> + <li><a href="./index.php?page=browser-info.php">Browser Info</a></li> + </ul> + </li> + <li> + <a href="">HTTP Parameter Pollution</a> + <ul> + <li><a href="./index.php?page=user-poll.php">Poll Question</a></li> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">Cascading Style Injection</a> + <ul> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Object Notation (JSON) Injection</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + <li> + <a href="">Buffer Overflow</a> + <ul> + <li><a href="./index.php?page=repeater.php">Repeater</a></li> + </ul> + </li> + <li> + <a href="">Parameter Addition</a> + <ul> + <li><a href="./index.php?page=repeater.php">Repeater</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href="">A2 - Cross Site Scripting (XSS)</a> + <ul> + <li> + <a href="">Reflected (First Order)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + <li><a href="./index.php?page=html5-storage.php">HTML5 Storage</a></li> + <li><a href="./index.php?page=capture-data.php">Capture Data Page</a></li> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">Persistent (Second Order)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="?page=view-someones-blog.php">View someone's blog</a></li> + <li><a href="?page=show-log.php">Show Log</a><li> + </ul> + </li> + <li> + <a href="">DOM Injection</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Via "Input" (GET/POST)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="?page=view-someones-blog.php">View someone's blog</a></li> + <li><a href="?page=show-log.php">Show Log</a><li> + <li><a href="?page=user-info.php">User Info</a></li> + <li><a href="./index.php">Missing HTTPOnly Attribute</a></li> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + </ul> + </li> + <li> + <a href="">Via HTTP Headers</a> + <ul> + <li><a href="./index.php?page=browser-info.php">Browser Info</a></li> + <li><a href="./index.php?page=show-log.php">Show Log</a><li> + <li><a href="./index.php?page=site-footer-xss-discussion.php">Site Footer</a><li> + <li><a href="./index.php?page=html5-storage.php">Those "BACK" Buttons</a></li> + </ul> + </li> + <li> + <a href="">Via Misconfiguration</a> + <ul> + <li><a href="./index.php">Missing HTTPOnly Attribute</a></li> + </ul> + </li> + <li> + <a href="">Against HTML 5 Storage</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Against JSON</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + </ul> + </li> + <li> + <a href="">Via Cookie Injection</a> + <ul> + <li><a href="index.php?page=capture-data.php">Capture Data Page</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href=""> + A3 - Broken Authentication and Session Management + </a> + <ul> + <li><a href="index.php">Cookies</a></li> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=view-user-privilege-level.php&iv=6bc24fc1ab650b25b4114e93a98f1eba">View User Privileges</a></li> + </ul> + </li> + <li> + <a href="">A4 - Insecure Direct Object References</a> + <ul> + <li><a href="index.php?page=source-viewer.php">Source Viewer</a></li> + <li><a href="index.php?page=credits.php">Credits</a></li> + <li><a href="index.php">Cookies</a></li> + <li><a href="index.php?page=arbitrary-file-inclusion.php">Arbitrary File Inclusion</a></li> + </ul> + </li> + <li> + <a href="">A5 - Cross Site Request Forgery (CSRF)</a> + <ul> + <li><a href="index.php?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="./index.php?page=register.php">Register User</a></li> + </ul> + </li> + <li> + <a href="">A6 - Security Misconfiguration</a> + <ul> + <li><a href="index.php?page=directory-browsing.php">Directory Browsing</a></li> + <li><a href="./index.php?page=user-info.php">Method Tampering (GET for POST)</a></li> + </ul> + </li> + <li> + <a href="">A7 - Insecure Cryptographic Storage</a> + <ul> + <li><a href="index.php?page=user-info.php">User Info</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">A8 - Failure to Restrict URL Access</a> + <ul> + <li><a href="index.php?page=source-viewer.php">Source Viewer</a></li> + <li><a href="index.php?page=secret-administrative-pages.php">"Secret" Administrative Pages</a></li> + <li><a href="index.php?page=robots-txt.php">Robots.txt</a></li> + </ul> + </li> + <li> + <a href="">A9 - Insufficient Transport Layer Protection</a> + <ul> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">A10 - Unvalidated Redirects and Forwards</a> + <ul> + <li><a href="?page=credits.php">Credits</a></li> + <a href="#">Setup/reset the DB (Disabled: Not Admin)</a></li> + + </ul> + </li> + </ul> + </li> + <li style="border-color: #ffffff; border-style: solid;border-width: 1px"> + <a href="#">HTML 5</a> + <ul> + <li> + <a href="">HTML 5 Web Storage</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Object Notation (JSON)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + <li> + <a href="">Asyncronous JavaScript and XML (AJAX)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + </ul> + </li> + <li style="border-color: #ffffff; border-style: solid;border-width: 1px"> + <a href="#">Others</a> + <ul> + <li> + <a href="">OWASP 2007 A3 - Malicious File Execution</a> + <ul> + <li><a href="?page=source-viewer.php">Source Viewer</a></li> + </ul> + </li> + <li> + <a href="">OWASP 2007 A6 - Information Leakage and Improper Error Handling</a> + <ul> + <li><a href="index.php">Cache Control</a></li> + <li><a href="index.php">X-Powered-By HTTP Header</a></li> + <li><a href="index.php">HTML/JavaScript Comments</a></li> + <li><a href="index.php?page=framing.php">Click-Jacking</a></li> + <li><a href="framer.html">Cross-Site Framing (Third-Party Framing)</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Denial of Service</a> + <ul> + <li><a href="?page=show-log.php">Show Web Log</a><li> + </ul> + </li> + <li> + <a href="">JavaScript "Security"</a> + <ul> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=user-info.php">User Info</a></li> + <li><a href="index.php?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="index.php?page=user-agent-impersonation.php">User-Agent Impersonation</a> + </li> + <li> + <a href="">Data Capture Pages</a> + <ul> + <li><a href="index.php?page=capture-data.php">Data Capture</a></li> + <li><a href="index.php?page=captured-data.php">View Captured Data</a></li> + </ul> + </li> + + </ul> + </li> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">Documentation</a> + <ul> + <li><a href="index.php?page=documentation/vulnerabilities.php">Listing of Vulnerabilities</a></li> + </ul> + </li> + </ul> + <br style="clear: left" /> + </div> + + <div class="label" style="text-align: center;">Developed by Adrian "Irongeek" Crenshaw and Jeremy Druin</div> + </td> + +<td valign="top"> + <blockquote> + <!-- Begin Content --> + + +<!-- Bubble hints code --> + +<script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div class="page-title">Log</div> + + + +<script type="text/javascript"> + $(function() { + $('[HTMLEventReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[HTMLEventReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div style="margin: 5px;"> + <span style="font-weight: bold;" HTMLEventReflectedXSSExecutionPoint="1"> + <a onclick="document.location.href='';" + style="cursor:pointer;"> + <img src="./images/back-button-128px-by-128px.png" + alt="Back" + width="64px" + height="64px" + align="middle" + /> + + Back + </a> + </span> +</div> +<table border="1px" width="100%" class="main-table-frame"><tr class="report-header"> <td colspan="10"> <span><img width="32px" height="32px" src="./images/information-icon-64-64.png" style="vertical-align:middle;" />9 log records found<span> <span title="Click to refresh log file" onclick="document.location.reload(true);" style="cursor: pointer;margin-left:35px;margin-right:35px;white-space:nowrap;font-weight:bold;"> <img width="32px" height="32px" src="./images/refresh-button-48px-by-48px.png" style="vertical-align:middle;" /> Refresh Logs </span> <span title="Click to delete log file" onclick="document.location='./index.php?page=show-log.php&deleteLogs=deleteLogs';" style="cursor: pointer;white-space:nowrap;font-weight:bold;"> <img width="32px" height="32px" src="./images/delete-icon-256-256.png" style="vertical-align:middle;" /> Delete Logs </span> </td></tr><tr class="report-header"> + <td style="font-weight:bold;">Hostname</td> + <td style="font-weight:bold;">IP</td> + <td style="font-weight:bold;">Browser Agent</td> + <td style="font-weight:bold;">Page Viewed</td> + <td style="font-weight:bold;">Date/Time</td> + </tr><tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:47:43</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:47:35</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">blah</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:47:30</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:46:59</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:46:37</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:46:29</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:46:28</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:46:25</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:46:21</td> + </tr> +</table> + <!-- End Content --> + </blockquote> + </td> + </tr> + </table> + + +<!-- Bubble hints code --> + +<script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div ReflectedXSSExecutionPoint=\"1\" class="footer">Browser: blah<script>globalThis['alert']();</script></div><div class="footer">PHP Version: 5.3.28</div></body> +</html><table> + <tr><td colspan="2"> </td></tr> + <tr> + <td colspan="2" class="error-header">Error: Failure is always an option and this situation proves it</td> + </tr> + <tr> + <td class="error-label">Line</td><td class="error-detail">101</td> + </tr> + <tr> + <td class="error-label">Code</td><td class="error-detail">0</td> + </tr> + <tr> + <td class="error-label">File</td><td class="error-detail">C:\inetpub\wwwroot\coliseum\sandboxes\117238-101163\BODY\inner\classes\LogHandler.php</td> + </tr> + <tr> + <td class="error-label">Message</td><td class="error-detail">Error attempting to write to log table: C:\inetpub\wwwroot\coliseum\sandboxes\117238-101163\BODY\inner\classes\MySQLHandler.php on line 249: Error executing query: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'alert']();</script>', 'User visited: show-log.php', now() )' at line 1 () (0) [Exception] <br /> +</td> + </tr> + <tr> + <td class="error-label">Trace</td><td class="error-detail">#0 C:\inetpub\wwwroot\coliseum\sandboxes\117238-101163\BODY\inner\includes\log-visit.php(17): LogHandler->writeToLog('User visited: s...') +#1 C:\inetpub\wwwroot\coliseum\sandboxes\117238-101163\BODY\inner\index.php(603): require_once('C:\inetpub\wwwr...') +#2 {main}</td> + </tr> + <tr> + <td class="error-label">Diagnotic Information</td><td class="error-detail"></td> + </tr> + <tr> + <td colspan="2" class="error-header" style="text-align: center;">Did you <a href="set-up-database.php">setup/reset the DB</a>?</td> + </tr> + <tr><td colspan="2"> </td></tr> + </table><script type="text/javascript"> + try{ + window.localStorage.setItem("LocalStorageTarget","This is set by the index.php page"); + window.sessionStorage.setItem("SessionStorageTarget","This is set by the index.php page"); + }catch(e){ + alert(e); + }; + </script><script type="text/javascript" src="./javascript/jQuery/jquery-1.7.2.js"></script><script type="text/javascript" src="./javascript/jQuery/jquery.balloon.js"></script>
\ No newline at end of file diff --git a/hw7/index.php@page=show-log.php.18 b/hw7/index.php@page=show-log.php.18 new file mode 100644 index 0000000..644bf9a --- /dev/null +++ b/hw7/index.php@page=show-log.php.18 @@ -0,0 +1,636 @@ + + <!-- I think the database password is set to blank or perhaps samurai. + It depends on whether you installed this web app from irongeeks site or + are using it inside Kevin Johnsons Samurai web testing framework. + It is ok to put the password in HTML comments because no user will ever see + this comment. I remember that security instructor saying we should use the + framework comment symbols (ASP.NET, JAVA, PHP, Etc.) + rather than HTML comments, but we all know those + security instructors are just making all this up. --> +<!-- Bubble hints code --> + +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/1999/REC-html401-19991224/loose.dtd"> +<html> +<head> + <meta content="text/html; charset=us-ascii" http-equiv="content-type"> + + <link rel="shortcut icon" href="favicon.ico" type="image/x-icon" /> + <link rel="stylesheet" type="text/css" href="./styles/global-styles.css" /> + <link rel="stylesheet" type="text/css" href="./styles/ddsmoothmenu/ddsmoothmenu.css" /> + <link rel="stylesheet" type="text/css" href="./styles/ddsmoothmenu/ddsmoothmenu-v.css" /> + + <script type="text/javascript" src="./javascript/bookmark-site.js"></script> + <script type="text/javascript" src="./javascript/ddsmoothmenu/ddsmoothmenu.js"></script> + <script type="text/javascript" src="./javascript/ddsmoothmenu/jquery.min.js"> + /*********************************************** + * Smooth Navigational Menu- (c) Dynamic Drive DHTML code library (www.dynamicdrive.com) + * This notice MUST stay intact for legal use + * Visit Dynamic Drive at http://www.dynamicdrive.com/ for full source code + ***********************************************/ + </script> + <script type="text/javascript"> + ddsmoothmenu.init({ + mainmenuid: "smoothmenu1", //menu DIV id + orientation: 'v', //Horizontal or vertical menu: Set to "h" or "v" + classname: 'ddsmoothmenu', //class added to menu's outer DIV + //customtheme: ["#cccc44", "#cccccc"], + contentsource: "markup" //"markup" or ["container_id", "path_to_menu_file"] + }); + </script> + <script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + $('[CookieTamperingAffectedArea]').attr("title", "Cookies may store system state information"); + $('[CookieTamperingAffectedArea]').balloon(); + }); + </script> +</head> +<body onload="onLoadOfBody(this);"> +<table class="main-table-frame" border="1px" cellspacing="0px" cellpadding="0px"> + <tr> + <td bgcolor="#ccccff" align="center" colspan="7"> + <table width="100%"> + <tr> + <td style="text-align:center;"> + <span style="text-align:center; font-weight: bold; font-size:30px; text-align: center;"> + <img style="vertical-align: middle; margin-right: 10px;" border="0px" width="50px" height="40px" align="top" src="./images/coykillericon.png"/> + NOWASP (Mutillidae): Hack Like You Mean It + </span> + </td> + </tr> + </table> + </td> + </tr> + <tr> + <td bgcolor="#ccccff" align="center" colspan="7"> + <span class="version-header">Version: 2.3.10</span> + <span id="idSecurityLevelHeading" class="version-header" style="margin-left: 40px;">Security Level: 0 (Hosed)</span> + <span id="idHintsStatusHeading" CookieTamperingAffectedArea="1" class="version-header" style="margin-left: 40px;">Hints: Disabled (0 - I try harder)</span> + <span id="idSystemInformationHeading" ReflectedXSSExecutionPoint="1" class="version-header" style="margin-left: 40px;">Not Logged In</span> + </td> + </tr> + <tr> + <td colspan="2" class="header-menu-table"> + <table class="header-menu-table"> + <tr> + <td><a href="index.php?page=home.php">Home</a></td> + <td>|</td> + <td> + <a href="./index.php?page=login.php">Login/Register</a> + </td> + <td>|</td> + <td><a href="./index.php?do=toggle-hints&page=show-log.php">Toggle Hints</a></td><td>|</td> <td><a href="./index.php?do=toggle-security&page=show-log.php">Toggle Security</a></td> + <td>|</td> + <td><a href="set-up-database.php">Reset DB</a></td> + <td>|</td> + <td><a href="./index.php?page=show-log.php">View Log</a></td> + <td>|</td> + <td><a href="./index.php?page=captured-data.php">View Captured Data</a></td> + <td>|</td> + <td><a href="./index.php?do=toggle-bubble-hints&page=show-log.php">Hide Popup Hints</a></td> + </tr> + </table> + </td> + </tr> + <tr> + <td style="vertical-align:top;text-align:left;background-color:#ccccff;width:10%"> + <div id="smoothmenu1" class="ddsmoothmenu"> + <ul> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">Core Controls</a> + <ul> + <li><a href="index.php?page=home.php">Home</a></li> + <li> + <a href="./index.php?page=login.php">Login/Register</a> </li> + <li><a href="./index.php?do=toggle-hints&page=show-log.php">Toggle Hints</a></li> <li><a href="./index.php?do=toggle-security&page=show-log.php">Toggle Security</a></li> + <li><a href="set-up-database.php">Setup/Reset the DB</a></li> + <li><a href="./index.php?page=show-log.php">Show Log</a></li> + <li><a href="./index.php?page=credits.php">Credits</a></li> + <li><a href="./index.php?do=toggle-bubble-hints&page=show-log.php">Hide Popup Hints</a></li> + </ul> + </li> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">OWASP Top 10</a> + <ul> + <li> + <a href="">A1 - SQL Injection</a> + <ul> + <li> + <a href="">SQLi - Extract Data</a> + <ul> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">SQLi - Bypass Authentication</a> + <ul> + <li><a href="./index.php?page=login.php">Login</a></li> + </ul> + </li> + <li> + <a href="">SQLi - Insert Injection</a> + <ul> + <li><a href="./index.php?page=register.php">Register</a></li> + </ul> + </li> + <li> + <a href="">Blind SQL via Timing</a> + <ul> + <li><a href="./index.php?page=login.php">Login</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">SQLMAP Practice Target</a> + <ul> + <li><a href="./index.php?page=view-someones-blog.php">View Someones Blog</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">Via JavaScript Object Notation (JSON)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href="">A1 - Other Injection</a> + <ul> + <li> + <a href="">HTML Injection (HTMLi)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + </ul> + </li> + <li> + <a href="">HTMLi via HTTP Headers</a> + <ul> + <li><a href="./index.php?page=site-footer-xss-discussion.php">Site Footer</a><li> + <li><a href="">HTTP Response Splitting (Hint: Difficult)</a></li> + </ul> + </li> + <li> + <a href="">HTMLi Via DOM Injection</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">HTMLi Via Cookie Injection</a> + <ul> + <li><a href="index.php?page=capture-data.php">Capture Data Page</a></li> + </ul> + </li> + <li> + <a href="">Frame Source Injection</a> + <ul> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Injection</a> + <ul> + <li><a href="./index.php">Those "Back" Buttons</a></li> + <li> + <a href="./index.php?page=password-generator.php&username=anonymous"> + Password Generator + </a> + </li> + <li><a href="./index.php?page=browser-info.php">Browser Info</a></li> + </ul> + </li> + <li> + <a href="">HTTP Parameter Pollution</a> + <ul> + <li><a href="./index.php?page=user-poll.php">Poll Question</a></li> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">Cascading Style Injection</a> + <ul> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Object Notation (JSON) Injection</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + <li> + <a href="">Buffer Overflow</a> + <ul> + <li><a href="./index.php?page=repeater.php">Repeater</a></li> + </ul> + </li> + <li> + <a href="">Parameter Addition</a> + <ul> + <li><a href="./index.php?page=repeater.php">Repeater</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href="">A2 - Cross Site Scripting (XSS)</a> + <ul> + <li> + <a href="">Reflected (First Order)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + <li><a href="./index.php?page=html5-storage.php">HTML5 Storage</a></li> + <li><a href="./index.php?page=capture-data.php">Capture Data Page</a></li> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">Persistent (Second Order)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="?page=view-someones-blog.php">View someone's blog</a></li> + <li><a href="?page=show-log.php">Show Log</a><li> + </ul> + </li> + <li> + <a href="">DOM Injection</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Via "Input" (GET/POST)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="?page=view-someones-blog.php">View someone's blog</a></li> + <li><a href="?page=show-log.php">Show Log</a><li> + <li><a href="?page=user-info.php">User Info</a></li> + <li><a href="./index.php">Missing HTTPOnly Attribute</a></li> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + </ul> + </li> + <li> + <a href="">Via HTTP Headers</a> + <ul> + <li><a href="./index.php?page=browser-info.php">Browser Info</a></li> + <li><a href="./index.php?page=show-log.php">Show Log</a><li> + <li><a href="./index.php?page=site-footer-xss-discussion.php">Site Footer</a><li> + <li><a href="./index.php?page=html5-storage.php">Those "BACK" Buttons</a></li> + </ul> + </li> + <li> + <a href="">Via Misconfiguration</a> + <ul> + <li><a href="./index.php">Missing HTTPOnly Attribute</a></li> + </ul> + </li> + <li> + <a href="">Against HTML 5 Storage</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Against JSON</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + </ul> + </li> + <li> + <a href="">Via Cookie Injection</a> + <ul> + <li><a href="index.php?page=capture-data.php">Capture Data Page</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href=""> + A3 - Broken Authentication and Session Management + </a> + <ul> + <li><a href="index.php">Cookies</a></li> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=view-user-privilege-level.php&iv=6bc24fc1ab650b25b4114e93a98f1eba">View User Privileges</a></li> + </ul> + </li> + <li> + <a href="">A4 - Insecure Direct Object References</a> + <ul> + <li><a href="index.php?page=source-viewer.php">Source Viewer</a></li> + <li><a href="index.php?page=credits.php">Credits</a></li> + <li><a href="index.php">Cookies</a></li> + <li><a href="index.php?page=arbitrary-file-inclusion.php">Arbitrary File Inclusion</a></li> + </ul> + </li> + <li> + <a href="">A5 - Cross Site Request Forgery (CSRF)</a> + <ul> + <li><a href="index.php?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="./index.php?page=register.php">Register User</a></li> + </ul> + </li> + <li> + <a href="">A6 - Security Misconfiguration</a> + <ul> + <li><a href="index.php?page=directory-browsing.php">Directory Browsing</a></li> + <li><a href="./index.php?page=user-info.php">Method Tampering (GET for POST)</a></li> + </ul> + </li> + <li> + <a href="">A7 - Insecure Cryptographic Storage</a> + <ul> + <li><a href="index.php?page=user-info.php">User Info</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">A8 - Failure to Restrict URL Access</a> + <ul> + <li><a href="index.php?page=source-viewer.php">Source Viewer</a></li> + <li><a href="index.php?page=secret-administrative-pages.php">"Secret" Administrative Pages</a></li> + <li><a href="index.php?page=robots-txt.php">Robots.txt</a></li> + </ul> + </li> + <li> + <a href="">A9 - Insufficient Transport Layer Protection</a> + <ul> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">A10 - Unvalidated Redirects and Forwards</a> + <ul> + <li><a href="?page=credits.php">Credits</a></li> + <a href="#">Setup/reset the DB (Disabled: Not Admin)</a></li> + + </ul> + </li> + </ul> + </li> + <li style="border-color: #ffffff; border-style: solid;border-width: 1px"> + <a href="#">HTML 5</a> + <ul> + <li> + <a href="">HTML 5 Web Storage</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Object Notation (JSON)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + <li> + <a href="">Asyncronous JavaScript and XML (AJAX)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + </ul> + </li> + <li style="border-color: #ffffff; border-style: solid;border-width: 1px"> + <a href="#">Others</a> + <ul> + <li> + <a href="">OWASP 2007 A3 - Malicious File Execution</a> + <ul> + <li><a href="?page=source-viewer.php">Source Viewer</a></li> + </ul> + </li> + <li> + <a href="">OWASP 2007 A6 - Information Leakage and Improper Error Handling</a> + <ul> + <li><a href="index.php">Cache Control</a></li> + <li><a href="index.php">X-Powered-By HTTP Header</a></li> + <li><a href="index.php">HTML/JavaScript Comments</a></li> + <li><a href="index.php?page=framing.php">Click-Jacking</a></li> + <li><a href="framer.html">Cross-Site Framing (Third-Party Framing)</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Denial of Service</a> + <ul> + <li><a href="?page=show-log.php">Show Web Log</a><li> + </ul> + </li> + <li> + <a href="">JavaScript "Security"</a> + <ul> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=user-info.php">User Info</a></li> + <li><a href="index.php?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="index.php?page=user-agent-impersonation.php">User-Agent Impersonation</a> + </li> + <li> + <a href="">Data Capture Pages</a> + <ul> + <li><a href="index.php?page=capture-data.php">Data Capture</a></li> + <li><a href="index.php?page=captured-data.php">View Captured Data</a></li> + </ul> + </li> + + </ul> + </li> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">Documentation</a> + <ul> + <li><a href="index.php?page=documentation/vulnerabilities.php">Listing of Vulnerabilities</a></li> + </ul> + </li> + </ul> + <br style="clear: left" /> + </div> + + <div class="label" style="text-align: center;">Developed by Adrian "Irongeek" Crenshaw and Jeremy Druin</div> + </td> + +<td valign="top"> + <blockquote> + <!-- Begin Content --> + + +<!-- Bubble hints code --> + +<script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div class="page-title">Log</div> + + + +<script type="text/javascript"> + $(function() { + $('[HTMLEventReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[HTMLEventReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div style="margin: 5px;"> + <span style="font-weight: bold;" HTMLEventReflectedXSSExecutionPoint="1"> + <a onclick="document.location.href='';" + style="cursor:pointer;"> + <img src="./images/back-button-128px-by-128px.png" + alt="Back" + width="64px" + height="64px" + align="middle" + /> + + Back + </a> + </span> +</div> +<table border="1px" width="100%" class="main-table-frame"><tr class="report-header"> <td colspan="10"> <span><img width="32px" height="32px" src="./images/information-icon-64-64.png" style="vertical-align:middle;" />10 log records found<span> <span title="Click to refresh log file" onclick="document.location.reload(true);" style="cursor: pointer;margin-left:35px;margin-right:35px;white-space:nowrap;font-weight:bold;"> <img width="32px" height="32px" src="./images/refresh-button-48px-by-48px.png" style="vertical-align:middle;" /> Refresh Logs </span> <span title="Click to delete log file" onclick="document.location='./index.php?page=show-log.php&deleteLogs=deleteLogs';" style="cursor: pointer;white-space:nowrap;font-weight:bold;"> <img width="32px" height="32px" src="./images/delete-icon-256-256.png" style="vertical-align:middle;" /> Delete Logs </span> </td></tr><tr class="report-header"> + <td style="font-weight:bold;">Hostname</td> + <td style="font-weight:bold;">IP</td> + <td style="font-weight:bold;">Browser Agent</td> + <td style="font-weight:bold;">Page Viewed</td> + <td style="font-weight:bold;">Date/Time</td> + </tr><tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:48:03</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:47:43</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:47:35</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">blah</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:47:30</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:46:59</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:46:37</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:46:29</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:46:28</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:46:25</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:46:21</td> + </tr> +</table> + <!-- End Content --> + </blockquote> + </td> + </tr> + </table> + + +<!-- Bubble hints code --> + +<script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div ReflectedXSSExecutionPoint=\"1\" class="footer">Browser: blah<script>globalThis['alert']();</script></div><div class="footer">PHP Version: 5.3.28</div></body> +</html><table> + <tr><td colspan="2"> </td></tr> + <tr> + <td colspan="2" class="error-header">Error: Failure is always an option and this situation proves it</td> + </tr> + <tr> + <td class="error-label">Line</td><td class="error-detail">101</td> + </tr> + <tr> + <td class="error-label">Code</td><td class="error-detail">0</td> + </tr> + <tr> + <td class="error-label">File</td><td class="error-detail">C:\inetpub\wwwroot\coliseum\sandboxes\117238-101163\BODY\inner\classes\LogHandler.php</td> + </tr> + <tr> + <td class="error-label">Message</td><td class="error-detail">Error attempting to write to log table: C:\inetpub\wwwroot\coliseum\sandboxes\117238-101163\BODY\inner\classes\MySQLHandler.php on line 249: Error executing query: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'alert']();</script>', 'User visited: show-log.php', now() )' at line 1 () (0) [Exception] <br /> +</td> + </tr> + <tr> + <td class="error-label">Trace</td><td class="error-detail">#0 C:\inetpub\wwwroot\coliseum\sandboxes\117238-101163\BODY\inner\includes\log-visit.php(17): LogHandler->writeToLog('User visited: s...') +#1 C:\inetpub\wwwroot\coliseum\sandboxes\117238-101163\BODY\inner\index.php(603): require_once('C:\inetpub\wwwr...') +#2 {main}</td> + </tr> + <tr> + <td class="error-label">Diagnotic Information</td><td class="error-detail"></td> + </tr> + <tr> + <td colspan="2" class="error-header" style="text-align: center;">Did you <a href="set-up-database.php">setup/reset the DB</a>?</td> + </tr> + <tr><td colspan="2"> </td></tr> + </table><script type="text/javascript"> + try{ + window.localStorage.setItem("LocalStorageTarget","This is set by the index.php page"); + window.sessionStorage.setItem("SessionStorageTarget","This is set by the index.php page"); + }catch(e){ + alert(e); + }; + </script><script type="text/javascript" src="./javascript/jQuery/jquery-1.7.2.js"></script><script type="text/javascript" src="./javascript/jQuery/jquery.balloon.js"></script>
\ No newline at end of file diff --git a/hw7/index.php@page=show-log.php.19 b/hw7/index.php@page=show-log.php.19 new file mode 100644 index 0000000..fb7dc89 --- /dev/null +++ b/hw7/index.php@page=show-log.php.19 @@ -0,0 +1,650 @@ + + <!-- I think the database password is set to blank or perhaps samurai. + It depends on whether you installed this web app from irongeeks site or + are using it inside Kevin Johnsons Samurai web testing framework. + It is ok to put the password in HTML comments because no user will ever see + this comment. I remember that security instructor saying we should use the + framework comment symbols (ASP.NET, JAVA, PHP, Etc.) + rather than HTML comments, but we all know those + security instructors are just making all this up. --> +<!-- Bubble hints code --> + +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/1999/REC-html401-19991224/loose.dtd"> +<html> +<head> + <meta content="text/html; charset=us-ascii" http-equiv="content-type"> + + <link rel="shortcut icon" href="favicon.ico" type="image/x-icon" /> + <link rel="stylesheet" type="text/css" href="./styles/global-styles.css" /> + <link rel="stylesheet" type="text/css" href="./styles/ddsmoothmenu/ddsmoothmenu.css" /> + <link rel="stylesheet" type="text/css" href="./styles/ddsmoothmenu/ddsmoothmenu-v.css" /> + + <script type="text/javascript" src="./javascript/bookmark-site.js"></script> + <script type="text/javascript" src="./javascript/ddsmoothmenu/ddsmoothmenu.js"></script> + <script type="text/javascript" src="./javascript/ddsmoothmenu/jquery.min.js"> + /*********************************************** + * Smooth Navigational Menu- (c) Dynamic Drive DHTML code library (www.dynamicdrive.com) + * This notice MUST stay intact for legal use + * Visit Dynamic Drive at http://www.dynamicdrive.com/ for full source code + ***********************************************/ + </script> + <script type="text/javascript"> + ddsmoothmenu.init({ + mainmenuid: "smoothmenu1", //menu DIV id + orientation: 'v', //Horizontal or vertical menu: Set to "h" or "v" + classname: 'ddsmoothmenu', //class added to menu's outer DIV + //customtheme: ["#cccc44", "#cccccc"], + contentsource: "markup" //"markup" or ["container_id", "path_to_menu_file"] + }); + </script> + <script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + $('[CookieTamperingAffectedArea]').attr("title", "Cookies may store system state information"); + $('[CookieTamperingAffectedArea]').balloon(); + }); + </script> +</head> +<body onload="onLoadOfBody(this);"> +<table class="main-table-frame" border="1px" cellspacing="0px" cellpadding="0px"> + <tr> + <td bgcolor="#ccccff" align="center" colspan="7"> + <table width="100%"> + <tr> + <td style="text-align:center;"> + <span style="text-align:center; font-weight: bold; font-size:30px; text-align: center;"> + <img style="vertical-align: middle; margin-right: 10px;" border="0px" width="50px" height="40px" align="top" src="./images/coykillericon.png"/> + NOWASP (Mutillidae): Hack Like You Mean It + </span> + </td> + </tr> + </table> + </td> + </tr> + <tr> + <td bgcolor="#ccccff" align="center" colspan="7"> + <span class="version-header">Version: 2.3.10</span> + <span id="idSecurityLevelHeading" class="version-header" style="margin-left: 40px;">Security Level: 0 (Hosed)</span> + <span id="idHintsStatusHeading" CookieTamperingAffectedArea="1" class="version-header" style="margin-left: 40px;">Hints: Disabled (0 - I try harder)</span> + <span id="idSystemInformationHeading" ReflectedXSSExecutionPoint="1" class="version-header" style="margin-left: 40px;">Not Logged In</span> + </td> + </tr> + <tr> + <td colspan="2" class="header-menu-table"> + <table class="header-menu-table"> + <tr> + <td><a href="index.php?page=home.php">Home</a></td> + <td>|</td> + <td> + <a href="./index.php?page=login.php">Login/Register</a> + </td> + <td>|</td> + <td><a href="./index.php?do=toggle-hints&page=show-log.php">Toggle Hints</a></td><td>|</td> <td><a href="./index.php?do=toggle-security&page=show-log.php">Toggle Security</a></td> + <td>|</td> + <td><a href="set-up-database.php">Reset DB</a></td> + <td>|</td> + <td><a href="./index.php?page=show-log.php">View Log</a></td> + <td>|</td> + <td><a href="./index.php?page=captured-data.php">View Captured Data</a></td> + <td>|</td> + <td><a href="./index.php?do=toggle-bubble-hints&page=show-log.php">Hide Popup Hints</a></td> + </tr> + </table> + </td> + </tr> + <tr> + <td style="vertical-align:top;text-align:left;background-color:#ccccff;width:10%"> + <div id="smoothmenu1" class="ddsmoothmenu"> + <ul> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">Core Controls</a> + <ul> + <li><a href="index.php?page=home.php">Home</a></li> + <li> + <a href="./index.php?page=login.php">Login/Register</a> </li> + <li><a href="./index.php?do=toggle-hints&page=show-log.php">Toggle Hints</a></li> <li><a href="./index.php?do=toggle-security&page=show-log.php">Toggle Security</a></li> + <li><a href="set-up-database.php">Setup/Reset the DB</a></li> + <li><a href="./index.php?page=show-log.php">Show Log</a></li> + <li><a href="./index.php?page=credits.php">Credits</a></li> + <li><a href="./index.php?do=toggle-bubble-hints&page=show-log.php">Hide Popup Hints</a></li> + </ul> + </li> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">OWASP Top 10</a> + <ul> + <li> + <a href="">A1 - SQL Injection</a> + <ul> + <li> + <a href="">SQLi - Extract Data</a> + <ul> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">SQLi - Bypass Authentication</a> + <ul> + <li><a href="./index.php?page=login.php">Login</a></li> + </ul> + </li> + <li> + <a href="">SQLi - Insert Injection</a> + <ul> + <li><a href="./index.php?page=register.php">Register</a></li> + </ul> + </li> + <li> + <a href="">Blind SQL via Timing</a> + <ul> + <li><a href="./index.php?page=login.php">Login</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">SQLMAP Practice Target</a> + <ul> + <li><a href="./index.php?page=view-someones-blog.php">View Someones Blog</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">Via JavaScript Object Notation (JSON)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href="">A1 - Other Injection</a> + <ul> + <li> + <a href="">HTML Injection (HTMLi)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + </ul> + </li> + <li> + <a href="">HTMLi via HTTP Headers</a> + <ul> + <li><a href="./index.php?page=site-footer-xss-discussion.php">Site Footer</a><li> + <li><a href="">HTTP Response Splitting (Hint: Difficult)</a></li> + </ul> + </li> + <li> + <a href="">HTMLi Via DOM Injection</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">HTMLi Via Cookie Injection</a> + <ul> + <li><a href="index.php?page=capture-data.php">Capture Data Page</a></li> + </ul> + </li> + <li> + <a href="">Frame Source Injection</a> + <ul> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Injection</a> + <ul> + <li><a href="./index.php">Those "Back" Buttons</a></li> + <li> + <a href="./index.php?page=password-generator.php&username=anonymous"> + Password Generator + </a> + </li> + <li><a href="./index.php?page=browser-info.php">Browser Info</a></li> + </ul> + </li> + <li> + <a href="">HTTP Parameter Pollution</a> + <ul> + <li><a href="./index.php?page=user-poll.php">Poll Question</a></li> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">Cascading Style Injection</a> + <ul> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Object Notation (JSON) Injection</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + <li> + <a href="">Buffer Overflow</a> + <ul> + <li><a href="./index.php?page=repeater.php">Repeater</a></li> + </ul> + </li> + <li> + <a href="">Parameter Addition</a> + <ul> + <li><a href="./index.php?page=repeater.php">Repeater</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href="">A2 - Cross Site Scripting (XSS)</a> + <ul> + <li> + <a href="">Reflected (First Order)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + <li><a href="./index.php?page=html5-storage.php">HTML5 Storage</a></li> + <li><a href="./index.php?page=capture-data.php">Capture Data Page</a></li> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">Persistent (Second Order)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="?page=view-someones-blog.php">View someone's blog</a></li> + <li><a href="?page=show-log.php">Show Log</a><li> + </ul> + </li> + <li> + <a href="">DOM Injection</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Via "Input" (GET/POST)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="?page=view-someones-blog.php">View someone's blog</a></li> + <li><a href="?page=show-log.php">Show Log</a><li> + <li><a href="?page=user-info.php">User Info</a></li> + <li><a href="./index.php">Missing HTTPOnly Attribute</a></li> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + </ul> + </li> + <li> + <a href="">Via HTTP Headers</a> + <ul> + <li><a href="./index.php?page=browser-info.php">Browser Info</a></li> + <li><a href="./index.php?page=show-log.php">Show Log</a><li> + <li><a href="./index.php?page=site-footer-xss-discussion.php">Site Footer</a><li> + <li><a href="./index.php?page=html5-storage.php">Those "BACK" Buttons</a></li> + </ul> + </li> + <li> + <a href="">Via Misconfiguration</a> + <ul> + <li><a href="./index.php">Missing HTTPOnly Attribute</a></li> + </ul> + </li> + <li> + <a href="">Against HTML 5 Storage</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Against JSON</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + </ul> + </li> + <li> + <a href="">Via Cookie Injection</a> + <ul> + <li><a href="index.php?page=capture-data.php">Capture Data Page</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href=""> + A3 - Broken Authentication and Session Management + </a> + <ul> + <li><a href="index.php">Cookies</a></li> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=view-user-privilege-level.php&iv=6bc24fc1ab650b25b4114e93a98f1eba">View User Privileges</a></li> + </ul> + </li> + <li> + <a href="">A4 - Insecure Direct Object References</a> + <ul> + <li><a href="index.php?page=source-viewer.php">Source Viewer</a></li> + <li><a href="index.php?page=credits.php">Credits</a></li> + <li><a href="index.php">Cookies</a></li> + <li><a href="index.php?page=arbitrary-file-inclusion.php">Arbitrary File Inclusion</a></li> + </ul> + </li> + <li> + <a href="">A5 - Cross Site Request Forgery (CSRF)</a> + <ul> + <li><a href="index.php?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="./index.php?page=register.php">Register User</a></li> + </ul> + </li> + <li> + <a href="">A6 - Security Misconfiguration</a> + <ul> + <li><a href="index.php?page=directory-browsing.php">Directory Browsing</a></li> + <li><a href="./index.php?page=user-info.php">Method Tampering (GET for POST)</a></li> + </ul> + </li> + <li> + <a href="">A7 - Insecure Cryptographic Storage</a> + <ul> + <li><a href="index.php?page=user-info.php">User Info</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">A8 - Failure to Restrict URL Access</a> + <ul> + <li><a href="index.php?page=source-viewer.php">Source Viewer</a></li> + <li><a href="index.php?page=secret-administrative-pages.php">"Secret" Administrative Pages</a></li> + <li><a href="index.php?page=robots-txt.php">Robots.txt</a></li> + </ul> + </li> + <li> + <a href="">A9 - Insufficient Transport Layer Protection</a> + <ul> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">A10 - Unvalidated Redirects and Forwards</a> + <ul> + <li><a href="?page=credits.php">Credits</a></li> + <a href="#">Setup/reset the DB (Disabled: Not Admin)</a></li> + + </ul> + </li> + </ul> + </li> + <li style="border-color: #ffffff; border-style: solid;border-width: 1px"> + <a href="#">HTML 5</a> + <ul> + <li> + <a href="">HTML 5 Web Storage</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Object Notation (JSON)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + <li> + <a href="">Asyncronous JavaScript and XML (AJAX)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + </ul> + </li> + <li style="border-color: #ffffff; border-style: solid;border-width: 1px"> + <a href="#">Others</a> + <ul> + <li> + <a href="">OWASP 2007 A3 - Malicious File Execution</a> + <ul> + <li><a href="?page=source-viewer.php">Source Viewer</a></li> + </ul> + </li> + <li> + <a href="">OWASP 2007 A6 - Information Leakage and Improper Error Handling</a> + <ul> + <li><a href="index.php">Cache Control</a></li> + <li><a href="index.php">X-Powered-By HTTP Header</a></li> + <li><a href="index.php">HTML/JavaScript Comments</a></li> + <li><a href="index.php?page=framing.php">Click-Jacking</a></li> + <li><a href="framer.html">Cross-Site Framing (Third-Party Framing)</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Denial of Service</a> + <ul> + <li><a href="?page=show-log.php">Show Web Log</a><li> + </ul> + </li> + <li> + <a href="">JavaScript "Security"</a> + <ul> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=user-info.php">User Info</a></li> + <li><a href="index.php?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="index.php?page=user-agent-impersonation.php">User-Agent Impersonation</a> + </li> + <li> + <a href="">Data Capture Pages</a> + <ul> + <li><a href="index.php?page=capture-data.php">Data Capture</a></li> + <li><a href="index.php?page=captured-data.php">View Captured Data</a></li> + </ul> + </li> + + </ul> + </li> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">Documentation</a> + <ul> + <li><a href="index.php?page=documentation/vulnerabilities.php">Listing of Vulnerabilities</a></li> + </ul> + </li> + </ul> + <br style="clear: left" /> + </div> + + <div class="label" style="text-align: center;">Developed by Adrian "Irongeek" Crenshaw and Jeremy Druin</div> + </td> + +<td valign="top"> + <blockquote> + <!-- Begin Content --> + + +<!-- Bubble hints code --> + +<script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div class="page-title">Log</div> + + + +<script type="text/javascript"> + $(function() { + $('[HTMLEventReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[HTMLEventReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div style="margin: 5px;"> + <span style="font-weight: bold;" HTMLEventReflectedXSSExecutionPoint="1"> + <a onclick="document.location.href='';" + style="cursor:pointer;"> + <img src="./images/back-button-128px-by-128px.png" + alt="Back" + width="64px" + height="64px" + align="middle" + /> + + Back + </a> + </span> +</div> +<table border="1px" width="100%" class="main-table-frame"><tr class="report-header"> <td colspan="10"> <span><img width="32px" height="32px" src="./images/information-icon-64-64.png" style="vertical-align:middle;" />12 log records found<span> <span title="Click to refresh log file" onclick="document.location.reload(true);" style="cursor: pointer;margin-left:35px;margin-right:35px;white-space:nowrap;font-weight:bold;"> <img width="32px" height="32px" src="./images/refresh-button-48px-by-48px.png" style="vertical-align:middle;" /> Refresh Logs </span> <span title="Click to delete log file" onclick="document.location='./index.php?page=show-log.php&deleteLogs=deleteLogs';" style="cursor: pointer;white-space:nowrap;font-weight:bold;"> <img width="32px" height="32px" src="./images/delete-icon-256-256.png" style="vertical-align:middle;" /> Delete Logs </span> </td></tr><tr class="report-header"> + <td style="font-weight:bold;">Hostname</td> + <td style="font-weight:bold;">IP</td> + <td style="font-weight:bold;">Browser Agent</td> + <td style="font-weight:bold;">Page Viewed</td> + <td style="font-weight:bold;">Date/Time</td> + </tr><tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:48:40</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:48:36</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:48:03</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:47:43</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:47:35</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">blah</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:47:30</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:46:59</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:46:37</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:46:29</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:46:28</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:46:25</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:46:21</td> + </tr> +</table> + <!-- End Content --> + </blockquote> + </td> + </tr> + </table> + + +<!-- Bubble hints code --> + +<script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div ReflectedXSSExecutionPoint=\"1\" class="footer">Browser: blah<script>globalThis['alert']('xss');</script></div><div class="footer">PHP Version: 5.3.28</div></body> +</html><table> + <tr><td colspan="2"> </td></tr> + <tr> + <td colspan="2" class="error-header">Error: Failure is always an option and this situation proves it</td> + </tr> + <tr> + <td class="error-label">Line</td><td class="error-detail">101</td> + </tr> + <tr> + <td class="error-label">Code</td><td class="error-detail">0</td> + </tr> + <tr> + <td class="error-label">File</td><td class="error-detail">C:\inetpub\wwwroot\coliseum\sandboxes\117238-101163\BODY\inner\classes\LogHandler.php</td> + </tr> + <tr> + <td class="error-label">Message</td><td class="error-detail">Error attempting to write to log table: C:\inetpub\wwwroot\coliseum\sandboxes\117238-101163\BODY\inner\classes\MySQLHandler.php on line 249: Error executing query: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'alert']('xss');</script>', 'User visited: show-log.php', now() )' at line 1 () (0) [Exception] <br /> +</td> + </tr> + <tr> + <td class="error-label">Trace</td><td class="error-detail">#0 C:\inetpub\wwwroot\coliseum\sandboxes\117238-101163\BODY\inner\includes\log-visit.php(17): LogHandler->writeToLog('User visited: s...') +#1 C:\inetpub\wwwroot\coliseum\sandboxes\117238-101163\BODY\inner\index.php(603): require_once('C:\inetpub\wwwr...') +#2 {main}</td> + </tr> + <tr> + <td class="error-label">Diagnotic Information</td><td class="error-detail"></td> + </tr> + <tr> + <td colspan="2" class="error-header" style="text-align: center;">Did you <a href="set-up-database.php">setup/reset the DB</a>?</td> + </tr> + <tr><td colspan="2"> </td></tr> + </table><script type="text/javascript"> + try{ + window.localStorage.setItem("LocalStorageTarget","This is set by the index.php page"); + window.sessionStorage.setItem("SessionStorageTarget","This is set by the index.php page"); + }catch(e){ + alert(e); + }; + </script><script type="text/javascript" src="./javascript/jQuery/jquery-1.7.2.js"></script><script type="text/javascript" src="./javascript/jQuery/jquery.balloon.js"></script>
\ No newline at end of file diff --git a/hw7/index.php@page=show-log.php.2 b/hw7/index.php@page=show-log.php.2 new file mode 100644 index 0000000..ed32c98 --- /dev/null +++ b/hw7/index.php@page=show-log.php.2 @@ -0,0 +1,1082 @@ + + <!-- I think the database password is set to blank or perhaps samurai. + It depends on whether you installed this web app from irongeeks site or + are using it inside Kevin Johnsons Samurai web testing framework. + It is ok to put the password in HTML comments because no user will ever see + this comment. I remember that security instructor saying we should use the + framework comment symbols (ASP.NET, JAVA, PHP, Etc.) + rather than HTML comments, but we all know those + security instructors are just making all this up. --> +<!-- Bubble hints code --> + +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/1999/REC-html401-19991224/loose.dtd"> +<html> +<head> + <meta content="text/html; charset=us-ascii" http-equiv="content-type"> + + <link rel="shortcut icon" href="favicon.ico" type="image/x-icon" /> + <link rel="stylesheet" type="text/css" href="./styles/global-styles.css" /> + <link rel="stylesheet" type="text/css" href="./styles/ddsmoothmenu/ddsmoothmenu.css" /> + <link rel="stylesheet" type="text/css" href="./styles/ddsmoothmenu/ddsmoothmenu-v.css" /> + + <script type="text/javascript" src="./javascript/bookmark-site.js"></script> + <script type="text/javascript" src="./javascript/ddsmoothmenu/ddsmoothmenu.js"></script> + <script type="text/javascript" src="./javascript/ddsmoothmenu/jquery.min.js"> + /*********************************************** + * Smooth Navigational Menu- (c) Dynamic Drive DHTML code library (www.dynamicdrive.com) + * This notice MUST stay intact for legal use + * Visit Dynamic Drive at http://www.dynamicdrive.com/ for full source code + ***********************************************/ + </script> + <script type="text/javascript"> + ddsmoothmenu.init({ + mainmenuid: "smoothmenu1", //menu DIV id + orientation: 'v', //Horizontal or vertical menu: Set to "h" or "v" + classname: 'ddsmoothmenu', //class added to menu's outer DIV + //customtheme: ["#cccc44", "#cccccc"], + contentsource: "markup" //"markup" or ["container_id", "path_to_menu_file"] + }); + </script> + <script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + $('[CookieTamperingAffectedArea]').attr("title", "Cookies may store system state information"); + $('[CookieTamperingAffectedArea]').balloon(); + }); + </script> +</head> +<body onload="onLoadOfBody(this);"> +<table class="main-table-frame" border="1px" cellspacing="0px" cellpadding="0px"> + <tr> + <td bgcolor="#ccccff" align="center" colspan="7"> + <table width="100%"> + <tr> + <td style="text-align:center;"> + <span style="text-align:center; font-weight: bold; font-size:30px; text-align: center;"> + <img style="vertical-align: middle; margin-right: 10px;" border="0px" width="50px" height="40px" align="top" src="./images/coykillericon.png"/> + NOWASP (Mutillidae): Hack Like You Mean It + </span> + </td> + </tr> + </table> + </td> + </tr> + <tr> + <td bgcolor="#ccccff" align="center" colspan="7"> + <span class="version-header">Version: 2.3.10</span> + <span id="idSecurityLevelHeading" class="version-header" style="margin-left: 40px;">Security Level: 0 (Hosed)</span> + <span id="idHintsStatusHeading" CookieTamperingAffectedArea="1" class="version-header" style="margin-left: 40px;">Hints: Disabled (0 - I try harder)</span> + <span id="idSystemInformationHeading" ReflectedXSSExecutionPoint="1" class="version-header" style="margin-left: 40px;">Not Logged In</span> + </td> + </tr> + <tr> + <td colspan="2" class="header-menu-table"> + <table class="header-menu-table"> + <tr> + <td><a href="index.php?page=home.php">Home</a></td> + <td>|</td> + <td> + <a href="./index.php?page=login.php">Login/Register</a> + </td> + <td>|</td> + <td><a href="./index.php?do=toggle-hints&page=show-log.php">Toggle Hints</a></td><td>|</td> <td><a href="./index.php?do=toggle-security&page=show-log.php">Toggle Security</a></td> + <td>|</td> + <td><a href="set-up-database.php">Reset DB</a></td> + <td>|</td> + <td><a href="./index.php?page=show-log.php">View Log</a></td> + <td>|</td> + <td><a href="./index.php?page=captured-data.php">View Captured Data</a></td> + <td>|</td> + <td><a href="./index.php?do=toggle-bubble-hints&page=show-log.php">Hide Popup Hints</a></td> + </tr> + </table> + </td> + </tr> + <tr> + <td style="vertical-align:top;text-align:left;background-color:#ccccff;width:10%"> + <div id="smoothmenu1" class="ddsmoothmenu"> + <ul> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">Core Controls</a> + <ul> + <li><a href="index.php?page=home.php">Home</a></li> + <li> + <a href="./index.php?page=login.php">Login/Register</a> </li> + <li><a href="./index.php?do=toggle-hints&page=show-log.php">Toggle Hints</a></li> <li><a href="./index.php?do=toggle-security&page=show-log.php">Toggle Security</a></li> + <li><a href="set-up-database.php">Setup/Reset the DB</a></li> + <li><a href="./index.php?page=show-log.php">Show Log</a></li> + <li><a href="./index.php?page=credits.php">Credits</a></li> + <li><a href="./index.php?do=toggle-bubble-hints&page=show-log.php">Hide Popup Hints</a></li> + </ul> + </li> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">OWASP Top 10</a> + <ul> + <li> + <a href="">A1 - SQL Injection</a> + <ul> + <li> + <a href="">SQLi - Extract Data</a> + <ul> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">SQLi - Bypass Authentication</a> + <ul> + <li><a href="./index.php?page=login.php">Login</a></li> + </ul> + </li> + <li> + <a href="">SQLi - Insert Injection</a> + <ul> + <li><a href="./index.php?page=register.php">Register</a></li> + </ul> + </li> + <li> + <a href="">Blind SQL via Timing</a> + <ul> + <li><a href="./index.php?page=login.php">Login</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">SQLMAP Practice Target</a> + <ul> + <li><a href="./index.php?page=view-someones-blog.php">View Someones Blog</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">Via JavaScript Object Notation (JSON)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href="">A1 - Other Injection</a> + <ul> + <li> + <a href="">HTML Injection (HTMLi)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + </ul> + </li> + <li> + <a href="">HTMLi via HTTP Headers</a> + <ul> + <li><a href="./index.php?page=site-footer-xss-discussion.php">Site Footer</a><li> + <li><a href="">HTTP Response Splitting (Hint: Difficult)</a></li> + </ul> + </li> + <li> + <a href="">HTMLi Via DOM Injection</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">HTMLi Via Cookie Injection</a> + <ul> + <li><a href="index.php?page=capture-data.php">Capture Data Page</a></li> + </ul> + </li> + <li> + <a href="">Frame Source Injection</a> + <ul> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Injection</a> + <ul> + <li><a href="./index.php">Those "Back" Buttons</a></li> + <li> + <a href="./index.php?page=password-generator.php&username=anonymous"> + Password Generator + </a> + </li> + <li><a href="./index.php?page=browser-info.php">Browser Info</a></li> + </ul> + </li> + <li> + <a href="">HTTP Parameter Pollution</a> + <ul> + <li><a href="./index.php?page=user-poll.php">Poll Question</a></li> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">Cascading Style Injection</a> + <ul> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Object Notation (JSON) Injection</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + <li> + <a href="">Buffer Overflow</a> + <ul> + <li><a href="./index.php?page=repeater.php">Repeater</a></li> + </ul> + </li> + <li> + <a href="">Parameter Addition</a> + <ul> + <li><a href="./index.php?page=repeater.php">Repeater</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href="">A2 - Cross Site Scripting (XSS)</a> + <ul> + <li> + <a href="">Reflected (First Order)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + <li><a href="./index.php?page=html5-storage.php">HTML5 Storage</a></li> + <li><a href="./index.php?page=capture-data.php">Capture Data Page</a></li> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">Persistent (Second Order)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="?page=view-someones-blog.php">View someone's blog</a></li> + <li><a href="?page=show-log.php">Show Log</a><li> + </ul> + </li> + <li> + <a href="">DOM Injection</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Via "Input" (GET/POST)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="?page=view-someones-blog.php">View someone's blog</a></li> + <li><a href="?page=show-log.php">Show Log</a><li> + <li><a href="?page=user-info.php">User Info</a></li> + <li><a href="./index.php">Missing HTTPOnly Attribute</a></li> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + </ul> + </li> + <li> + <a href="">Via HTTP Headers</a> + <ul> + <li><a href="./index.php?page=browser-info.php">Browser Info</a></li> + <li><a href="./index.php?page=show-log.php">Show Log</a><li> + <li><a href="./index.php?page=site-footer-xss-discussion.php">Site Footer</a><li> + <li><a href="./index.php?page=html5-storage.php">Those "BACK" Buttons</a></li> + </ul> + </li> + <li> + <a href="">Via Misconfiguration</a> + <ul> + <li><a href="./index.php">Missing HTTPOnly Attribute</a></li> + </ul> + </li> + <li> + <a href="">Against HTML 5 Storage</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Against JSON</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + </ul> + </li> + <li> + <a href="">Via Cookie Injection</a> + <ul> + <li><a href="index.php?page=capture-data.php">Capture Data Page</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href=""> + A3 - Broken Authentication and Session Management + </a> + <ul> + <li><a href="index.php">Cookies</a></li> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=view-user-privilege-level.php&iv=6bc24fc1ab650b25b4114e93a98f1eba">View User Privileges</a></li> + </ul> + </li> + <li> + <a href="">A4 - Insecure Direct Object References</a> + <ul> + <li><a href="index.php?page=source-viewer.php">Source Viewer</a></li> + <li><a href="index.php?page=credits.php">Credits</a></li> + <li><a href="index.php">Cookies</a></li> + <li><a href="index.php?page=arbitrary-file-inclusion.php">Arbitrary File Inclusion</a></li> + </ul> + </li> + <li> + <a href="">A5 - Cross Site Request Forgery (CSRF)</a> + <ul> + <li><a href="index.php?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="./index.php?page=register.php">Register User</a></li> + </ul> + </li> + <li> + <a href="">A6 - Security Misconfiguration</a> + <ul> + <li><a href="index.php?page=directory-browsing.php">Directory Browsing</a></li> + <li><a href="./index.php?page=user-info.php">Method Tampering (GET for POST)</a></li> + </ul> + </li> + <li> + <a href="">A7 - Insecure Cryptographic Storage</a> + <ul> + <li><a href="index.php?page=user-info.php">User Info</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">A8 - Failure to Restrict URL Access</a> + <ul> + <li><a href="index.php?page=source-viewer.php">Source Viewer</a></li> + <li><a href="index.php?page=secret-administrative-pages.php">"Secret" Administrative Pages</a></li> + <li><a href="index.php?page=robots-txt.php">Robots.txt</a></li> + </ul> + </li> + <li> + <a href="">A9 - Insufficient Transport Layer Protection</a> + <ul> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">A10 - Unvalidated Redirects and Forwards</a> + <ul> + <li><a href="?page=credits.php">Credits</a></li> + <a href="#">Setup/reset the DB (Disabled: Not Admin)</a></li> + + </ul> + </li> + </ul> + </li> + <li style="border-color: #ffffff; border-style: solid;border-width: 1px"> + <a href="#">HTML 5</a> + <ul> + <li> + <a href="">HTML 5 Web Storage</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Object Notation (JSON)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + <li> + <a href="">Asyncronous JavaScript and XML (AJAX)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + </ul> + </li> + <li style="border-color: #ffffff; border-style: solid;border-width: 1px"> + <a href="#">Others</a> + <ul> + <li> + <a href="">OWASP 2007 A3 - Malicious File Execution</a> + <ul> + <li><a href="?page=source-viewer.php">Source Viewer</a></li> + </ul> + </li> + <li> + <a href="">OWASP 2007 A6 - Information Leakage and Improper Error Handling</a> + <ul> + <li><a href="index.php">Cache Control</a></li> + <li><a href="index.php">X-Powered-By HTTP Header</a></li> + <li><a href="index.php">HTML/JavaScript Comments</a></li> + <li><a href="index.php?page=framing.php">Click-Jacking</a></li> + <li><a href="framer.html">Cross-Site Framing (Third-Party Framing)</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Denial of Service</a> + <ul> + <li><a href="?page=show-log.php">Show Web Log</a><li> + </ul> + </li> + <li> + <a href="">JavaScript "Security"</a> + <ul> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=user-info.php">User Info</a></li> + <li><a href="index.php?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="index.php?page=user-agent-impersonation.php">User-Agent Impersonation</a> + </li> + <li> + <a href="">Data Capture Pages</a> + <ul> + <li><a href="index.php?page=capture-data.php">Data Capture</a></li> + <li><a href="index.php?page=captured-data.php">View Captured Data</a></li> + </ul> + </li> + + </ul> + </li> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">Documentation</a> + <ul> + <li><a href="index.php?page=documentation/vulnerabilities.php">Listing of Vulnerabilities</a></li> + </ul> + </li> + </ul> + <br style="clear: left" /> + </div> + + <div class="label" style="text-align: center;">Developed by Adrian "Irongeek" Crenshaw and Jeremy Druin</div> + </td> + +<td valign="top"> + <blockquote> + <!-- Begin Content --> + + +<!-- Bubble hints code --> + +<script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div class="page-title">Log</div> + + + +<script type="text/javascript"> + $(function() { + $('[HTMLEventReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[HTMLEventReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div style="margin: 5px;"> + <span style="font-weight: bold;" HTMLEventReflectedXSSExecutionPoint="1"> + <a onclick="document.location.href='';" + style="cursor:pointer;"> + <img src="./images/back-button-128px-by-128px.png" + alt="Back" + width="64px" + height="64px" + align="middle" + /> + + Back + </a> + </span> +</div> +<table border="1px" width="100%" class="main-table-frame"><tr class="report-header"> <td colspan="10"> <span><img width="32px" height="32px" src="./images/information-icon-64-64.png" style="vertical-align:middle;" />78 log records found<span> <span title="Click to refresh log file" onclick="document.location.reload(true);" style="cursor: pointer;margin-left:35px;margin-right:35px;white-space:nowrap;font-weight:bold;"> <img width="32px" height="32px" src="./images/refresh-button-48px-by-48px.png" style="vertical-align:middle;" /> Refresh Logs </span> <span title="Click to delete log file" onclick="document.location='./index.php?page=show-log.php&deleteLogs=deleteLogs';" style="cursor: pointer;white-space:nowrap;font-weight:bold;"> <img width="32px" height="32px" src="./images/delete-icon-256-256.png" style="vertical-align:middle;" /> Delete Logs </span> </td></tr><tr class="report-header"> + <td style="font-weight:bold;">Hostname</td> + <td style="font-weight:bold;">IP</td> + <td style="font-weight:bold;">Browser Agent</td> + <td style="font-weight:bold;">Page Viewed</td> + <td style="font-weight:bold;">Date/Time</td> + </tr><tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:32:37</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1"><b>test</b></td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:32:34</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:29:34</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">TEST!</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:29:28</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:28:28</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:27:25</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: browser-info.php</td> + <td>2019-10-23 12:26:52</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:23:12</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:23:10</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Wget/1.20.3 (msys)</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:22:14</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Wget/1.20.3 (msys)</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:21:02</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Wget/1.20.3 (msys)</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:19:16</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:18:05</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:16:49</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Wget/1.20.3 (msys)</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:11:02</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Wget/1.20.3 (msys)</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:10:13</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Wget/1.20.3 (msys)</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:09:44</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Wget/1.20.3 (msys)</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:09:04</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Wget/1.20.3 (msys)</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:08:25</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Wget/1.20.3 (msys)</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:07:58</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Wget/1.20.3 (msys)</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:07:35</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Wget/1.20.3 (msys)</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:06:10</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Wget/1.20.3 (msys)</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:04:20</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:03:03</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:01:58</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:00:18</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:59:44</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:59:19</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:59:01</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:52:51</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:52:34</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:52:32</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:50:55</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:50:10</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:49:10</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:48:04</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:46:43</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:45:53</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:41:52</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:41:21</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:41:08</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:40:52</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: home.php</td> + <td>2019-10-23 11:40:42</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:38:42</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:36:13</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:34:22</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:29:36</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:21:41</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:19:38</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:16:55</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:15:04</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:14:32</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:13:58</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:11:59</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:10:23</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:09:52</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:08:49</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:05:51</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:05:28</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:05:11</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: browser-info.php</td> + <td>2019-10-23 11:04:47</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: site-footer-xss-discussion.php</td> + <td>2019-10-23 11:04:30</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: browser-info.php</td> + <td>2019-10-23 11:03:44</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">Blog entry added by: anonymous</td> + <td>2019-10-23 11:01:04</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">Selected blog entries for anonymous</td> + <td>2019-10-23 11:01:04</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: add-to-your-blog.php</td> + <td>2019-10-23 11:01:04</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">Blog entry added by: anonymous</td> + <td>2019-10-23 10:58:31</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">Selected blog entries for anonymous</td> + <td>2019-10-23 10:58:31</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: add-to-your-blog.php</td> + <td>2019-10-23 10:58:31</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">Selected blog entries for anonymous</td> + <td>2019-10-23 10:57:52</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: add-to-your-blog.php</td> + <td>2019-10-23 10:57:52</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: home.php</td> + <td>2019-10-23 10:57:44</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">Selected blog entries for anonymous</td> + <td>2019-10-23 10:57:01</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: add-to-your-blog.php</td> + <td>2019-10-23 10:57:01</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: home.php</td> + <td>2019-10-23 10:56:41</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">Selected blog entries for anonymous</td> + <td>2019-10-23 10:55:53</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: add-to-your-blog.php</td> + <td>2019-10-23 10:55:53</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: home.php</td> + <td>2019-10-23 10:55:05</td> + </tr> +</table> + <!-- End Content --> + </blockquote> + </td> + </tr> + </table> + + +<!-- Bubble hints code --> + +<script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div ReflectedXSSExecutionPoint=\"1\" class="footer">Browser: %3Cscript%3Ealert(%2522xss%2522)%3B%3C%2Fscript%3E</div><div class="footer">PHP Version: 5.3.28</div></body> +</html><script type="text/javascript"> + try{ + window.localStorage.setItem("LocalStorageTarget","This is set by the index.php page"); + window.sessionStorage.setItem("SessionStorageTarget","This is set by the index.php page"); + }catch(e){ + alert(e); + }; + </script><script type="text/javascript" src="./javascript/jQuery/jquery-1.7.2.js"></script><script type="text/javascript" src="./javascript/jQuery/jquery.balloon.js"></script>
\ No newline at end of file diff --git a/hw7/index.php@page=show-log.php.20 b/hw7/index.php@page=show-log.php.20 new file mode 100644 index 0000000..eae3761 --- /dev/null +++ b/hw7/index.php@page=show-log.php.20 @@ -0,0 +1,664 @@ + + <!-- I think the database password is set to blank or perhaps samurai. + It depends on whether you installed this web app from irongeeks site or + are using it inside Kevin Johnsons Samurai web testing framework. + It is ok to put the password in HTML comments because no user will ever see + this comment. I remember that security instructor saying we should use the + framework comment symbols (ASP.NET, JAVA, PHP, Etc.) + rather than HTML comments, but we all know those + security instructors are just making all this up. --> +<!-- Bubble hints code --> + +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/1999/REC-html401-19991224/loose.dtd"> +<html> +<head> + <meta content="text/html; charset=us-ascii" http-equiv="content-type"> + + <link rel="shortcut icon" href="favicon.ico" type="image/x-icon" /> + <link rel="stylesheet" type="text/css" href="./styles/global-styles.css" /> + <link rel="stylesheet" type="text/css" href="./styles/ddsmoothmenu/ddsmoothmenu.css" /> + <link rel="stylesheet" type="text/css" href="./styles/ddsmoothmenu/ddsmoothmenu-v.css" /> + + <script type="text/javascript" src="./javascript/bookmark-site.js"></script> + <script type="text/javascript" src="./javascript/ddsmoothmenu/ddsmoothmenu.js"></script> + <script type="text/javascript" src="./javascript/ddsmoothmenu/jquery.min.js"> + /*********************************************** + * Smooth Navigational Menu- (c) Dynamic Drive DHTML code library (www.dynamicdrive.com) + * This notice MUST stay intact for legal use + * Visit Dynamic Drive at http://www.dynamicdrive.com/ for full source code + ***********************************************/ + </script> + <script type="text/javascript"> + ddsmoothmenu.init({ + mainmenuid: "smoothmenu1", //menu DIV id + orientation: 'v', //Horizontal or vertical menu: Set to "h" or "v" + classname: 'ddsmoothmenu', //class added to menu's outer DIV + //customtheme: ["#cccc44", "#cccccc"], + contentsource: "markup" //"markup" or ["container_id", "path_to_menu_file"] + }); + </script> + <script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + $('[CookieTamperingAffectedArea]').attr("title", "Cookies may store system state information"); + $('[CookieTamperingAffectedArea]').balloon(); + }); + </script> +</head> +<body onload="onLoadOfBody(this);"> +<table class="main-table-frame" border="1px" cellspacing="0px" cellpadding="0px"> + <tr> + <td bgcolor="#ccccff" align="center" colspan="7"> + <table width="100%"> + <tr> + <td style="text-align:center;"> + <span style="text-align:center; font-weight: bold; font-size:30px; text-align: center;"> + <img style="vertical-align: middle; margin-right: 10px;" border="0px" width="50px" height="40px" align="top" src="./images/coykillericon.png"/> + NOWASP (Mutillidae): Hack Like You Mean It + </span> + </td> + </tr> + </table> + </td> + </tr> + <tr> + <td bgcolor="#ccccff" align="center" colspan="7"> + <span class="version-header">Version: 2.3.10</span> + <span id="idSecurityLevelHeading" class="version-header" style="margin-left: 40px;">Security Level: 0 (Hosed)</span> + <span id="idHintsStatusHeading" CookieTamperingAffectedArea="1" class="version-header" style="margin-left: 40px;">Hints: Disabled (0 - I try harder)</span> + <span id="idSystemInformationHeading" ReflectedXSSExecutionPoint="1" class="version-header" style="margin-left: 40px;">Not Logged In</span> + </td> + </tr> + <tr> + <td colspan="2" class="header-menu-table"> + <table class="header-menu-table"> + <tr> + <td><a href="index.php?page=home.php">Home</a></td> + <td>|</td> + <td> + <a href="./index.php?page=login.php">Login/Register</a> + </td> + <td>|</td> + <td><a href="./index.php?do=toggle-hints&page=show-log.php">Toggle Hints</a></td><td>|</td> <td><a href="./index.php?do=toggle-security&page=show-log.php">Toggle Security</a></td> + <td>|</td> + <td><a href="set-up-database.php">Reset DB</a></td> + <td>|</td> + <td><a href="./index.php?page=show-log.php">View Log</a></td> + <td>|</td> + <td><a href="./index.php?page=captured-data.php">View Captured Data</a></td> + <td>|</td> + <td><a href="./index.php?do=toggle-bubble-hints&page=show-log.php">Hide Popup Hints</a></td> + </tr> + </table> + </td> + </tr> + <tr> + <td style="vertical-align:top;text-align:left;background-color:#ccccff;width:10%"> + <div id="smoothmenu1" class="ddsmoothmenu"> + <ul> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">Core Controls</a> + <ul> + <li><a href="index.php?page=home.php">Home</a></li> + <li> + <a href="./index.php?page=login.php">Login/Register</a> </li> + <li><a href="./index.php?do=toggle-hints&page=show-log.php">Toggle Hints</a></li> <li><a href="./index.php?do=toggle-security&page=show-log.php">Toggle Security</a></li> + <li><a href="set-up-database.php">Setup/Reset the DB</a></li> + <li><a href="./index.php?page=show-log.php">Show Log</a></li> + <li><a href="./index.php?page=credits.php">Credits</a></li> + <li><a href="./index.php?do=toggle-bubble-hints&page=show-log.php">Hide Popup Hints</a></li> + </ul> + </li> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">OWASP Top 10</a> + <ul> + <li> + <a href="">A1 - SQL Injection</a> + <ul> + <li> + <a href="">SQLi - Extract Data</a> + <ul> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">SQLi - Bypass Authentication</a> + <ul> + <li><a href="./index.php?page=login.php">Login</a></li> + </ul> + </li> + <li> + <a href="">SQLi - Insert Injection</a> + <ul> + <li><a href="./index.php?page=register.php">Register</a></li> + </ul> + </li> + <li> + <a href="">Blind SQL via Timing</a> + <ul> + <li><a href="./index.php?page=login.php">Login</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">SQLMAP Practice Target</a> + <ul> + <li><a href="./index.php?page=view-someones-blog.php">View Someones Blog</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">Via JavaScript Object Notation (JSON)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href="">A1 - Other Injection</a> + <ul> + <li> + <a href="">HTML Injection (HTMLi)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + </ul> + </li> + <li> + <a href="">HTMLi via HTTP Headers</a> + <ul> + <li><a href="./index.php?page=site-footer-xss-discussion.php">Site Footer</a><li> + <li><a href="">HTTP Response Splitting (Hint: Difficult)</a></li> + </ul> + </li> + <li> + <a href="">HTMLi Via DOM Injection</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">HTMLi Via Cookie Injection</a> + <ul> + <li><a href="index.php?page=capture-data.php">Capture Data Page</a></li> + </ul> + </li> + <li> + <a href="">Frame Source Injection</a> + <ul> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Injection</a> + <ul> + <li><a href="./index.php">Those "Back" Buttons</a></li> + <li> + <a href="./index.php?page=password-generator.php&username=anonymous"> + Password Generator + </a> + </li> + <li><a href="./index.php?page=browser-info.php">Browser Info</a></li> + </ul> + </li> + <li> + <a href="">HTTP Parameter Pollution</a> + <ul> + <li><a href="./index.php?page=user-poll.php">Poll Question</a></li> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">Cascading Style Injection</a> + <ul> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Object Notation (JSON) Injection</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + <li> + <a href="">Buffer Overflow</a> + <ul> + <li><a href="./index.php?page=repeater.php">Repeater</a></li> + </ul> + </li> + <li> + <a href="">Parameter Addition</a> + <ul> + <li><a href="./index.php?page=repeater.php">Repeater</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href="">A2 - Cross Site Scripting (XSS)</a> + <ul> + <li> + <a href="">Reflected (First Order)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + <li><a href="./index.php?page=html5-storage.php">HTML5 Storage</a></li> + <li><a href="./index.php?page=capture-data.php">Capture Data Page</a></li> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">Persistent (Second Order)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="?page=view-someones-blog.php">View someone's blog</a></li> + <li><a href="?page=show-log.php">Show Log</a><li> + </ul> + </li> + <li> + <a href="">DOM Injection</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Via "Input" (GET/POST)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="?page=view-someones-blog.php">View someone's blog</a></li> + <li><a href="?page=show-log.php">Show Log</a><li> + <li><a href="?page=user-info.php">User Info</a></li> + <li><a href="./index.php">Missing HTTPOnly Attribute</a></li> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + </ul> + </li> + <li> + <a href="">Via HTTP Headers</a> + <ul> + <li><a href="./index.php?page=browser-info.php">Browser Info</a></li> + <li><a href="./index.php?page=show-log.php">Show Log</a><li> + <li><a href="./index.php?page=site-footer-xss-discussion.php">Site Footer</a><li> + <li><a href="./index.php?page=html5-storage.php">Those "BACK" Buttons</a></li> + </ul> + </li> + <li> + <a href="">Via Misconfiguration</a> + <ul> + <li><a href="./index.php">Missing HTTPOnly Attribute</a></li> + </ul> + </li> + <li> + <a href="">Against HTML 5 Storage</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Against JSON</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + </ul> + </li> + <li> + <a href="">Via Cookie Injection</a> + <ul> + <li><a href="index.php?page=capture-data.php">Capture Data Page</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href=""> + A3 - Broken Authentication and Session Management + </a> + <ul> + <li><a href="index.php">Cookies</a></li> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=view-user-privilege-level.php&iv=6bc24fc1ab650b25b4114e93a98f1eba">View User Privileges</a></li> + </ul> + </li> + <li> + <a href="">A4 - Insecure Direct Object References</a> + <ul> + <li><a href="index.php?page=source-viewer.php">Source Viewer</a></li> + <li><a href="index.php?page=credits.php">Credits</a></li> + <li><a href="index.php">Cookies</a></li> + <li><a href="index.php?page=arbitrary-file-inclusion.php">Arbitrary File Inclusion</a></li> + </ul> + </li> + <li> + <a href="">A5 - Cross Site Request Forgery (CSRF)</a> + <ul> + <li><a href="index.php?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="./index.php?page=register.php">Register User</a></li> + </ul> + </li> + <li> + <a href="">A6 - Security Misconfiguration</a> + <ul> + <li><a href="index.php?page=directory-browsing.php">Directory Browsing</a></li> + <li><a href="./index.php?page=user-info.php">Method Tampering (GET for POST)</a></li> + </ul> + </li> + <li> + <a href="">A7 - Insecure Cryptographic Storage</a> + <ul> + <li><a href="index.php?page=user-info.php">User Info</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">A8 - Failure to Restrict URL Access</a> + <ul> + <li><a href="index.php?page=source-viewer.php">Source Viewer</a></li> + <li><a href="index.php?page=secret-administrative-pages.php">"Secret" Administrative Pages</a></li> + <li><a href="index.php?page=robots-txt.php">Robots.txt</a></li> + </ul> + </li> + <li> + <a href="">A9 - Insufficient Transport Layer Protection</a> + <ul> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">A10 - Unvalidated Redirects and Forwards</a> + <ul> + <li><a href="?page=credits.php">Credits</a></li> + <a href="#">Setup/reset the DB (Disabled: Not Admin)</a></li> + + </ul> + </li> + </ul> + </li> + <li style="border-color: #ffffff; border-style: solid;border-width: 1px"> + <a href="#">HTML 5</a> + <ul> + <li> + <a href="">HTML 5 Web Storage</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Object Notation (JSON)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + <li> + <a href="">Asyncronous JavaScript and XML (AJAX)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + </ul> + </li> + <li style="border-color: #ffffff; border-style: solid;border-width: 1px"> + <a href="#">Others</a> + <ul> + <li> + <a href="">OWASP 2007 A3 - Malicious File Execution</a> + <ul> + <li><a href="?page=source-viewer.php">Source Viewer</a></li> + </ul> + </li> + <li> + <a href="">OWASP 2007 A6 - Information Leakage and Improper Error Handling</a> + <ul> + <li><a href="index.php">Cache Control</a></li> + <li><a href="index.php">X-Powered-By HTTP Header</a></li> + <li><a href="index.php">HTML/JavaScript Comments</a></li> + <li><a href="index.php?page=framing.php">Click-Jacking</a></li> + <li><a href="framer.html">Cross-Site Framing (Third-Party Framing)</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Denial of Service</a> + <ul> + <li><a href="?page=show-log.php">Show Web Log</a><li> + </ul> + </li> + <li> + <a href="">JavaScript "Security"</a> + <ul> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=user-info.php">User Info</a></li> + <li><a href="index.php?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="index.php?page=user-agent-impersonation.php">User-Agent Impersonation</a> + </li> + <li> + <a href="">Data Capture Pages</a> + <ul> + <li><a href="index.php?page=capture-data.php">Data Capture</a></li> + <li><a href="index.php?page=captured-data.php">View Captured Data</a></li> + </ul> + </li> + + </ul> + </li> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">Documentation</a> + <ul> + <li><a href="index.php?page=documentation/vulnerabilities.php">Listing of Vulnerabilities</a></li> + </ul> + </li> + </ul> + <br style="clear: left" /> + </div> + + <div class="label" style="text-align: center;">Developed by Adrian "Irongeek" Crenshaw and Jeremy Druin</div> + </td> + +<td valign="top"> + <blockquote> + <!-- Begin Content --> + + +<!-- Bubble hints code --> + +<script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div class="page-title">Log</div> + + + +<script type="text/javascript"> + $(function() { + $('[HTMLEventReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[HTMLEventReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div style="margin: 5px;"> + <span style="font-weight: bold;" HTMLEventReflectedXSSExecutionPoint="1"> + <a onclick="document.location.href='';" + style="cursor:pointer;"> + <img src="./images/back-button-128px-by-128px.png" + alt="Back" + width="64px" + height="64px" + align="middle" + /> + + Back + </a> + </span> +</div> +<table border="1px" width="100%" class="main-table-frame"><tr class="report-header"> <td colspan="10"> <span><img width="32px" height="32px" src="./images/information-icon-64-64.png" style="vertical-align:middle;" />14 log records found<span> <span title="Click to refresh log file" onclick="document.location.reload(true);" style="cursor: pointer;margin-left:35px;margin-right:35px;white-space:nowrap;font-weight:bold;"> <img width="32px" height="32px" src="./images/refresh-button-48px-by-48px.png" style="vertical-align:middle;" /> Refresh Logs </span> <span title="Click to delete log file" onclick="document.location='./index.php?page=show-log.php&deleteLogs=deleteLogs';" style="cursor: pointer;white-space:nowrap;font-weight:bold;"> <img width="32px" height="32px" src="./images/delete-icon-256-256.png" style="vertical-align:middle;" /> Delete Logs </span> </td></tr><tr class="report-header"> + <td style="font-weight:bold;">Hostname</td> + <td style="font-weight:bold;">IP</td> + <td style="font-weight:bold;">Browser Agent</td> + <td style="font-weight:bold;">Page Viewed</td> + <td style="font-weight:bold;">Date/Time</td> + </tr><tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:48:57</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:48:55</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:48:40</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:48:36</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:48:03</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:47:43</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:47:35</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">blah</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:47:30</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:46:59</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:46:37</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:46:29</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:46:28</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:46:25</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:46:21</td> + </tr> +</table> + <!-- End Content --> + </blockquote> + </td> + </tr> + </table> + + +<!-- Bubble hints code --> + +<script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div ReflectedXSSExecutionPoint=\"1\" class="footer">Browser: <b>blah</b><script>globalThis['alert']('xss');</script></div><div class="footer">PHP Version: 5.3.28</div></body> +</html><table> + <tr><td colspan="2"> </td></tr> + <tr> + <td colspan="2" class="error-header">Error: Failure is always an option and this situation proves it</td> + </tr> + <tr> + <td class="error-label">Line</td><td class="error-detail">101</td> + </tr> + <tr> + <td class="error-label">Code</td><td class="error-detail">0</td> + </tr> + <tr> + <td class="error-label">File</td><td class="error-detail">C:\inetpub\wwwroot\coliseum\sandboxes\117238-101163\BODY\inner\classes\LogHandler.php</td> + </tr> + <tr> + <td class="error-label">Message</td><td class="error-detail">Error attempting to write to log table: C:\inetpub\wwwroot\coliseum\sandboxes\117238-101163\BODY\inner\classes\MySQLHandler.php on line 249: Error executing query: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'alert']('xss');</script>', 'User visited: show-log.php', now() )' at line 1 () (0) [Exception] <br /> +</td> + </tr> + <tr> + <td class="error-label">Trace</td><td class="error-detail">#0 C:\inetpub\wwwroot\coliseum\sandboxes\117238-101163\BODY\inner\includes\log-visit.php(17): LogHandler->writeToLog('User visited: s...') +#1 C:\inetpub\wwwroot\coliseum\sandboxes\117238-101163\BODY\inner\index.php(603): require_once('C:\inetpub\wwwr...') +#2 {main}</td> + </tr> + <tr> + <td class="error-label">Diagnotic Information</td><td class="error-detail"></td> + </tr> + <tr> + <td colspan="2" class="error-header" style="text-align: center;">Did you <a href="set-up-database.php">setup/reset the DB</a>?</td> + </tr> + <tr><td colspan="2"> </td></tr> + </table><script type="text/javascript"> + try{ + window.localStorage.setItem("LocalStorageTarget","This is set by the index.php page"); + window.sessionStorage.setItem("SessionStorageTarget","This is set by the index.php page"); + }catch(e){ + alert(e); + }; + </script><script type="text/javascript" src="./javascript/jQuery/jquery-1.7.2.js"></script><script type="text/javascript" src="./javascript/jQuery/jquery.balloon.js"></script>
\ No newline at end of file diff --git a/hw7/index.php@page=show-log.php.3 b/hw7/index.php@page=show-log.php.3 new file mode 100644 index 0000000..b5f56c7 --- /dev/null +++ b/hw7/index.php@page=show-log.php.3 @@ -0,0 +1,1103 @@ + + <!-- I think the database password is set to blank or perhaps samurai. + It depends on whether you installed this web app from irongeeks site or + are using it inside Kevin Johnsons Samurai web testing framework. + It is ok to put the password in HTML comments because no user will ever see + this comment. I remember that security instructor saying we should use the + framework comment symbols (ASP.NET, JAVA, PHP, Etc.) + rather than HTML comments, but we all know those + security instructors are just making all this up. --> +<!-- Bubble hints code --> + +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/1999/REC-html401-19991224/loose.dtd"> +<html> +<head> + <meta content="text/html; charset=us-ascii" http-equiv="content-type"> + + <link rel="shortcut icon" href="favicon.ico" type="image/x-icon" /> + <link rel="stylesheet" type="text/css" href="./styles/global-styles.css" /> + <link rel="stylesheet" type="text/css" href="./styles/ddsmoothmenu/ddsmoothmenu.css" /> + <link rel="stylesheet" type="text/css" href="./styles/ddsmoothmenu/ddsmoothmenu-v.css" /> + + <script type="text/javascript" src="./javascript/bookmark-site.js"></script> + <script type="text/javascript" src="./javascript/ddsmoothmenu/ddsmoothmenu.js"></script> + <script type="text/javascript" src="./javascript/ddsmoothmenu/jquery.min.js"> + /*********************************************** + * Smooth Navigational Menu- (c) Dynamic Drive DHTML code library (www.dynamicdrive.com) + * This notice MUST stay intact for legal use + * Visit Dynamic Drive at http://www.dynamicdrive.com/ for full source code + ***********************************************/ + </script> + <script type="text/javascript"> + ddsmoothmenu.init({ + mainmenuid: "smoothmenu1", //menu DIV id + orientation: 'v', //Horizontal or vertical menu: Set to "h" or "v" + classname: 'ddsmoothmenu', //class added to menu's outer DIV + //customtheme: ["#cccc44", "#cccccc"], + contentsource: "markup" //"markup" or ["container_id", "path_to_menu_file"] + }); + </script> + <script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + $('[CookieTamperingAffectedArea]').attr("title", "Cookies may store system state information"); + $('[CookieTamperingAffectedArea]').balloon(); + }); + </script> +</head> +<body onload="onLoadOfBody(this);"> +<table class="main-table-frame" border="1px" cellspacing="0px" cellpadding="0px"> + <tr> + <td bgcolor="#ccccff" align="center" colspan="7"> + <table width="100%"> + <tr> + <td style="text-align:center;"> + <span style="text-align:center; font-weight: bold; font-size:30px; text-align: center;"> + <img style="vertical-align: middle; margin-right: 10px;" border="0px" width="50px" height="40px" align="top" src="./images/coykillericon.png"/> + NOWASP (Mutillidae): Hack Like You Mean It + </span> + </td> + </tr> + </table> + </td> + </tr> + <tr> + <td bgcolor="#ccccff" align="center" colspan="7"> + <span class="version-header">Version: 2.3.10</span> + <span id="idSecurityLevelHeading" class="version-header" style="margin-left: 40px;">Security Level: 0 (Hosed)</span> + <span id="idHintsStatusHeading" CookieTamperingAffectedArea="1" class="version-header" style="margin-left: 40px;">Hints: Disabled (0 - I try harder)</span> + <span id="idSystemInformationHeading" ReflectedXSSExecutionPoint="1" class="version-header" style="margin-left: 40px;">Not Logged In</span> + </td> + </tr> + <tr> + <td colspan="2" class="header-menu-table"> + <table class="header-menu-table"> + <tr> + <td><a href="index.php?page=home.php">Home</a></td> + <td>|</td> + <td> + <a href="./index.php?page=login.php">Login/Register</a> + </td> + <td>|</td> + <td><a href="./index.php?do=toggle-hints&page=show-log.php">Toggle Hints</a></td><td>|</td> <td><a href="./index.php?do=toggle-security&page=show-log.php">Toggle Security</a></td> + <td>|</td> + <td><a href="set-up-database.php">Reset DB</a></td> + <td>|</td> + <td><a href="./index.php?page=show-log.php">View Log</a></td> + <td>|</td> + <td><a href="./index.php?page=captured-data.php">View Captured Data</a></td> + <td>|</td> + <td><a href="./index.php?do=toggle-bubble-hints&page=show-log.php">Hide Popup Hints</a></td> + </tr> + </table> + </td> + </tr> + <tr> + <td style="vertical-align:top;text-align:left;background-color:#ccccff;width:10%"> + <div id="smoothmenu1" class="ddsmoothmenu"> + <ul> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">Core Controls</a> + <ul> + <li><a href="index.php?page=home.php">Home</a></li> + <li> + <a href="./index.php?page=login.php">Login/Register</a> </li> + <li><a href="./index.php?do=toggle-hints&page=show-log.php">Toggle Hints</a></li> <li><a href="./index.php?do=toggle-security&page=show-log.php">Toggle Security</a></li> + <li><a href="set-up-database.php">Setup/Reset the DB</a></li> + <li><a href="./index.php?page=show-log.php">Show Log</a></li> + <li><a href="./index.php?page=credits.php">Credits</a></li> + <li><a href="./index.php?do=toggle-bubble-hints&page=show-log.php">Hide Popup Hints</a></li> + </ul> + </li> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">OWASP Top 10</a> + <ul> + <li> + <a href="">A1 - SQL Injection</a> + <ul> + <li> + <a href="">SQLi - Extract Data</a> + <ul> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">SQLi - Bypass Authentication</a> + <ul> + <li><a href="./index.php?page=login.php">Login</a></li> + </ul> + </li> + <li> + <a href="">SQLi - Insert Injection</a> + <ul> + <li><a href="./index.php?page=register.php">Register</a></li> + </ul> + </li> + <li> + <a href="">Blind SQL via Timing</a> + <ul> + <li><a href="./index.php?page=login.php">Login</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">SQLMAP Practice Target</a> + <ul> + <li><a href="./index.php?page=view-someones-blog.php">View Someones Blog</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">Via JavaScript Object Notation (JSON)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href="">A1 - Other Injection</a> + <ul> + <li> + <a href="">HTML Injection (HTMLi)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + </ul> + </li> + <li> + <a href="">HTMLi via HTTP Headers</a> + <ul> + <li><a href="./index.php?page=site-footer-xss-discussion.php">Site Footer</a><li> + <li><a href="">HTTP Response Splitting (Hint: Difficult)</a></li> + </ul> + </li> + <li> + <a href="">HTMLi Via DOM Injection</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">HTMLi Via Cookie Injection</a> + <ul> + <li><a href="index.php?page=capture-data.php">Capture Data Page</a></li> + </ul> + </li> + <li> + <a href="">Frame Source Injection</a> + <ul> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Injection</a> + <ul> + <li><a href="./index.php">Those "Back" Buttons</a></li> + <li> + <a href="./index.php?page=password-generator.php&username=anonymous"> + Password Generator + </a> + </li> + <li><a href="./index.php?page=browser-info.php">Browser Info</a></li> + </ul> + </li> + <li> + <a href="">HTTP Parameter Pollution</a> + <ul> + <li><a href="./index.php?page=user-poll.php">Poll Question</a></li> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">Cascading Style Injection</a> + <ul> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Object Notation (JSON) Injection</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + <li> + <a href="">Buffer Overflow</a> + <ul> + <li><a href="./index.php?page=repeater.php">Repeater</a></li> + </ul> + </li> + <li> + <a href="">Parameter Addition</a> + <ul> + <li><a href="./index.php?page=repeater.php">Repeater</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href="">A2 - Cross Site Scripting (XSS)</a> + <ul> + <li> + <a href="">Reflected (First Order)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + <li><a href="./index.php?page=html5-storage.php">HTML5 Storage</a></li> + <li><a href="./index.php?page=capture-data.php">Capture Data Page</a></li> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">Persistent (Second Order)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="?page=view-someones-blog.php">View someone's blog</a></li> + <li><a href="?page=show-log.php">Show Log</a><li> + </ul> + </li> + <li> + <a href="">DOM Injection</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Via "Input" (GET/POST)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="?page=view-someones-blog.php">View someone's blog</a></li> + <li><a href="?page=show-log.php">Show Log</a><li> + <li><a href="?page=user-info.php">User Info</a></li> + <li><a href="./index.php">Missing HTTPOnly Attribute</a></li> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + </ul> + </li> + <li> + <a href="">Via HTTP Headers</a> + <ul> + <li><a href="./index.php?page=browser-info.php">Browser Info</a></li> + <li><a href="./index.php?page=show-log.php">Show Log</a><li> + <li><a href="./index.php?page=site-footer-xss-discussion.php">Site Footer</a><li> + <li><a href="./index.php?page=html5-storage.php">Those "BACK" Buttons</a></li> + </ul> + </li> + <li> + <a href="">Via Misconfiguration</a> + <ul> + <li><a href="./index.php">Missing HTTPOnly Attribute</a></li> + </ul> + </li> + <li> + <a href="">Against HTML 5 Storage</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Against JSON</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + </ul> + </li> + <li> + <a href="">Via Cookie Injection</a> + <ul> + <li><a href="index.php?page=capture-data.php">Capture Data Page</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href=""> + A3 - Broken Authentication and Session Management + </a> + <ul> + <li><a href="index.php">Cookies</a></li> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=view-user-privilege-level.php&iv=6bc24fc1ab650b25b4114e93a98f1eba">View User Privileges</a></li> + </ul> + </li> + <li> + <a href="">A4 - Insecure Direct Object References</a> + <ul> + <li><a href="index.php?page=source-viewer.php">Source Viewer</a></li> + <li><a href="index.php?page=credits.php">Credits</a></li> + <li><a href="index.php">Cookies</a></li> + <li><a href="index.php?page=arbitrary-file-inclusion.php">Arbitrary File Inclusion</a></li> + </ul> + </li> + <li> + <a href="">A5 - Cross Site Request Forgery (CSRF)</a> + <ul> + <li><a href="index.php?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="./index.php?page=register.php">Register User</a></li> + </ul> + </li> + <li> + <a href="">A6 - Security Misconfiguration</a> + <ul> + <li><a href="index.php?page=directory-browsing.php">Directory Browsing</a></li> + <li><a href="./index.php?page=user-info.php">Method Tampering (GET for POST)</a></li> + </ul> + </li> + <li> + <a href="">A7 - Insecure Cryptographic Storage</a> + <ul> + <li><a href="index.php?page=user-info.php">User Info</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">A8 - Failure to Restrict URL Access</a> + <ul> + <li><a href="index.php?page=source-viewer.php">Source Viewer</a></li> + <li><a href="index.php?page=secret-administrative-pages.php">"Secret" Administrative Pages</a></li> + <li><a href="index.php?page=robots-txt.php">Robots.txt</a></li> + </ul> + </li> + <li> + <a href="">A9 - Insufficient Transport Layer Protection</a> + <ul> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">A10 - Unvalidated Redirects and Forwards</a> + <ul> + <li><a href="?page=credits.php">Credits</a></li> + <a href="#">Setup/reset the DB (Disabled: Not Admin)</a></li> + + </ul> + </li> + </ul> + </li> + <li style="border-color: #ffffff; border-style: solid;border-width: 1px"> + <a href="#">HTML 5</a> + <ul> + <li> + <a href="">HTML 5 Web Storage</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Object Notation (JSON)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + <li> + <a href="">Asyncronous JavaScript and XML (AJAX)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + </ul> + </li> + <li style="border-color: #ffffff; border-style: solid;border-width: 1px"> + <a href="#">Others</a> + <ul> + <li> + <a href="">OWASP 2007 A3 - Malicious File Execution</a> + <ul> + <li><a href="?page=source-viewer.php">Source Viewer</a></li> + </ul> + </li> + <li> + <a href="">OWASP 2007 A6 - Information Leakage and Improper Error Handling</a> + <ul> + <li><a href="index.php">Cache Control</a></li> + <li><a href="index.php">X-Powered-By HTTP Header</a></li> + <li><a href="index.php">HTML/JavaScript Comments</a></li> + <li><a href="index.php?page=framing.php">Click-Jacking</a></li> + <li><a href="framer.html">Cross-Site Framing (Third-Party Framing)</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Denial of Service</a> + <ul> + <li><a href="?page=show-log.php">Show Web Log</a><li> + </ul> + </li> + <li> + <a href="">JavaScript "Security"</a> + <ul> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=user-info.php">User Info</a></li> + <li><a href="index.php?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="index.php?page=user-agent-impersonation.php">User-Agent Impersonation</a> + </li> + <li> + <a href="">Data Capture Pages</a> + <ul> + <li><a href="index.php?page=capture-data.php">Data Capture</a></li> + <li><a href="index.php?page=captured-data.php">View Captured Data</a></li> + </ul> + </li> + + </ul> + </li> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">Documentation</a> + <ul> + <li><a href="index.php?page=documentation/vulnerabilities.php">Listing of Vulnerabilities</a></li> + </ul> + </li> + </ul> + <br style="clear: left" /> + </div> + + <div class="label" style="text-align: center;">Developed by Adrian "Irongeek" Crenshaw and Jeremy Druin</div> + </td> + +<td valign="top"> + <blockquote> + <!-- Begin Content --> + + +<!-- Bubble hints code --> + +<script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div class="page-title">Log</div> + + + +<script type="text/javascript"> + $(function() { + $('[HTMLEventReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[HTMLEventReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div style="margin: 5px;"> + <span style="font-weight: bold;" HTMLEventReflectedXSSExecutionPoint="1"> + <a onclick="document.location.href='';" + style="cursor:pointer;"> + <img src="./images/back-button-128px-by-128px.png" + alt="Back" + width="64px" + height="64px" + align="middle" + /> + + Back + </a> + </span> +</div> +<table border="1px" width="100%" class="main-table-frame"><tr class="report-header"> <td colspan="10"> <span><img width="32px" height="32px" src="./images/information-icon-64-64.png" style="vertical-align:middle;" />81 log records found<span> <span title="Click to refresh log file" onclick="document.location.reload(true);" style="cursor: pointer;margin-left:35px;margin-right:35px;white-space:nowrap;font-weight:bold;"> <img width="32px" height="32px" src="./images/refresh-button-48px-by-48px.png" style="vertical-align:middle;" /> Refresh Logs </span> <span title="Click to delete log file" onclick="document.location='./index.php?page=show-log.php&deleteLogs=deleteLogs';" style="cursor: pointer;white-space:nowrap;font-weight:bold;"> <img width="32px" height="32px" src="./images/delete-icon-256-256.png" style="vertical-align:middle;" /> Delete Logs </span> </td></tr><tr class="report-header"> + <td style="font-weight:bold;">Hostname</td> + <td style="font-weight:bold;">IP</td> + <td style="font-weight:bold;">Browser Agent</td> + <td style="font-weight:bold;">Page Viewed</td> + <td style="font-weight:bold;">Date/Time</td> + </tr><tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:36:04</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:35:57</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">%3Cscript%3Ealert(%2522xss%2522)%3B%3C%2Fscript%3E</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:35:54</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:32:37</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1"><b>test</b></td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:32:34</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:29:34</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">TEST!</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:29:28</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:28:28</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:27:25</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: browser-info.php</td> + <td>2019-10-23 12:26:52</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:23:12</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:23:10</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Wget/1.20.3 (msys)</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:22:14</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Wget/1.20.3 (msys)</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:21:02</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Wget/1.20.3 (msys)</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:19:16</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:18:05</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:16:49</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Wget/1.20.3 (msys)</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:11:02</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Wget/1.20.3 (msys)</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:10:13</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Wget/1.20.3 (msys)</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:09:44</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Wget/1.20.3 (msys)</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:09:04</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Wget/1.20.3 (msys)</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:08:25</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Wget/1.20.3 (msys)</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:07:58</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Wget/1.20.3 (msys)</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:07:35</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Wget/1.20.3 (msys)</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:06:10</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Wget/1.20.3 (msys)</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:04:20</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:03:03</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:01:58</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:00:18</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:59:44</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:59:19</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:59:01</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:52:51</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:52:34</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:52:32</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:50:55</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:50:10</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:49:10</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:48:04</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:46:43</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:45:53</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:41:52</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:41:21</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:41:08</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:40:52</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: home.php</td> + <td>2019-10-23 11:40:42</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:38:42</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:36:13</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:34:22</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:29:36</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:21:41</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:19:38</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:16:55</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:15:04</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:14:32</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:13:58</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:11:59</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:10:23</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:09:52</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:08:49</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:05:51</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:05:28</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:05:11</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: browser-info.php</td> + <td>2019-10-23 11:04:47</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: site-footer-xss-discussion.php</td> + <td>2019-10-23 11:04:30</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: browser-info.php</td> + <td>2019-10-23 11:03:44</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">Blog entry added by: anonymous</td> + <td>2019-10-23 11:01:04</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">Selected blog entries for anonymous</td> + <td>2019-10-23 11:01:04</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: add-to-your-blog.php</td> + <td>2019-10-23 11:01:04</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">Blog entry added by: anonymous</td> + <td>2019-10-23 10:58:31</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">Selected blog entries for anonymous</td> + <td>2019-10-23 10:58:31</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: add-to-your-blog.php</td> + <td>2019-10-23 10:58:31</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">Selected blog entries for anonymous</td> + <td>2019-10-23 10:57:52</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: add-to-your-blog.php</td> + <td>2019-10-23 10:57:52</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: home.php</td> + <td>2019-10-23 10:57:44</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">Selected blog entries for anonymous</td> + <td>2019-10-23 10:57:01</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: add-to-your-blog.php</td> + <td>2019-10-23 10:57:01</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: home.php</td> + <td>2019-10-23 10:56:41</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">Selected blog entries for anonymous</td> + <td>2019-10-23 10:55:53</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: add-to-your-blog.php</td> + <td>2019-10-23 10:55:53</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: home.php</td> + <td>2019-10-23 10:55:05</td> + </tr> +</table> + <!-- End Content --> + </blockquote> + </td> + </tr> + </table> + + +<!-- Bubble hints code --> + +<script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div ReflectedXSSExecutionPoint=\"1\" class="footer">Browser: <u>test2</u></div><div class="footer">PHP Version: 5.3.28</div></body> +</html><script type="text/javascript"> + try{ + window.localStorage.setItem("LocalStorageTarget","This is set by the index.php page"); + window.sessionStorage.setItem("SessionStorageTarget","This is set by the index.php page"); + }catch(e){ + alert(e); + }; + </script><script type="text/javascript" src="./javascript/jQuery/jquery-1.7.2.js"></script><script type="text/javascript" src="./javascript/jQuery/jquery.balloon.js"></script>
\ No newline at end of file diff --git a/hw7/index.php@page=show-log.php.4 b/hw7/index.php@page=show-log.php.4 new file mode 100644 index 0000000..8c86b8b --- /dev/null +++ b/hw7/index.php@page=show-log.php.4 @@ -0,0 +1,1117 @@ + + <!-- I think the database password is set to blank or perhaps samurai. + It depends on whether you installed this web app from irongeeks site or + are using it inside Kevin Johnsons Samurai web testing framework. + It is ok to put the password in HTML comments because no user will ever see + this comment. I remember that security instructor saying we should use the + framework comment symbols (ASP.NET, JAVA, PHP, Etc.) + rather than HTML comments, but we all know those + security instructors are just making all this up. --> +<!-- Bubble hints code --> + +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/1999/REC-html401-19991224/loose.dtd"> +<html> +<head> + <meta content="text/html; charset=us-ascii" http-equiv="content-type"> + + <link rel="shortcut icon" href="favicon.ico" type="image/x-icon" /> + <link rel="stylesheet" type="text/css" href="./styles/global-styles.css" /> + <link rel="stylesheet" type="text/css" href="./styles/ddsmoothmenu/ddsmoothmenu.css" /> + <link rel="stylesheet" type="text/css" href="./styles/ddsmoothmenu/ddsmoothmenu-v.css" /> + + <script type="text/javascript" src="./javascript/bookmark-site.js"></script> + <script type="text/javascript" src="./javascript/ddsmoothmenu/ddsmoothmenu.js"></script> + <script type="text/javascript" src="./javascript/ddsmoothmenu/jquery.min.js"> + /*********************************************** + * Smooth Navigational Menu- (c) Dynamic Drive DHTML code library (www.dynamicdrive.com) + * This notice MUST stay intact for legal use + * Visit Dynamic Drive at http://www.dynamicdrive.com/ for full source code + ***********************************************/ + </script> + <script type="text/javascript"> + ddsmoothmenu.init({ + mainmenuid: "smoothmenu1", //menu DIV id + orientation: 'v', //Horizontal or vertical menu: Set to "h" or "v" + classname: 'ddsmoothmenu', //class added to menu's outer DIV + //customtheme: ["#cccc44", "#cccccc"], + contentsource: "markup" //"markup" or ["container_id", "path_to_menu_file"] + }); + </script> + <script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + $('[CookieTamperingAffectedArea]').attr("title", "Cookies may store system state information"); + $('[CookieTamperingAffectedArea]').balloon(); + }); + </script> +</head> +<body onload="onLoadOfBody(this);"> +<table class="main-table-frame" border="1px" cellspacing="0px" cellpadding="0px"> + <tr> + <td bgcolor="#ccccff" align="center" colspan="7"> + <table width="100%"> + <tr> + <td style="text-align:center;"> + <span style="text-align:center; font-weight: bold; font-size:30px; text-align: center;"> + <img style="vertical-align: middle; margin-right: 10px;" border="0px" width="50px" height="40px" align="top" src="./images/coykillericon.png"/> + NOWASP (Mutillidae): Hack Like You Mean It + </span> + </td> + </tr> + </table> + </td> + </tr> + <tr> + <td bgcolor="#ccccff" align="center" colspan="7"> + <span class="version-header">Version: 2.3.10</span> + <span id="idSecurityLevelHeading" class="version-header" style="margin-left: 40px;">Security Level: 0 (Hosed)</span> + <span id="idHintsStatusHeading" CookieTamperingAffectedArea="1" class="version-header" style="margin-left: 40px;">Hints: Disabled (0 - I try harder)</span> + <span id="idSystemInformationHeading" ReflectedXSSExecutionPoint="1" class="version-header" style="margin-left: 40px;">Not Logged In</span> + </td> + </tr> + <tr> + <td colspan="2" class="header-menu-table"> + <table class="header-menu-table"> + <tr> + <td><a href="index.php?page=home.php">Home</a></td> + <td>|</td> + <td> + <a href="./index.php?page=login.php">Login/Register</a> + </td> + <td>|</td> + <td><a href="./index.php?do=toggle-hints&page=show-log.php">Toggle Hints</a></td><td>|</td> <td><a href="./index.php?do=toggle-security&page=show-log.php">Toggle Security</a></td> + <td>|</td> + <td><a href="set-up-database.php">Reset DB</a></td> + <td>|</td> + <td><a href="./index.php?page=show-log.php">View Log</a></td> + <td>|</td> + <td><a href="./index.php?page=captured-data.php">View Captured Data</a></td> + <td>|</td> + <td><a href="./index.php?do=toggle-bubble-hints&page=show-log.php">Hide Popup Hints</a></td> + </tr> + </table> + </td> + </tr> + <tr> + <td style="vertical-align:top;text-align:left;background-color:#ccccff;width:10%"> + <div id="smoothmenu1" class="ddsmoothmenu"> + <ul> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">Core Controls</a> + <ul> + <li><a href="index.php?page=home.php">Home</a></li> + <li> + <a href="./index.php?page=login.php">Login/Register</a> </li> + <li><a href="./index.php?do=toggle-hints&page=show-log.php">Toggle Hints</a></li> <li><a href="./index.php?do=toggle-security&page=show-log.php">Toggle Security</a></li> + <li><a href="set-up-database.php">Setup/Reset the DB</a></li> + <li><a href="./index.php?page=show-log.php">Show Log</a></li> + <li><a href="./index.php?page=credits.php">Credits</a></li> + <li><a href="./index.php?do=toggle-bubble-hints&page=show-log.php">Hide Popup Hints</a></li> + </ul> + </li> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">OWASP Top 10</a> + <ul> + <li> + <a href="">A1 - SQL Injection</a> + <ul> + <li> + <a href="">SQLi - Extract Data</a> + <ul> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">SQLi - Bypass Authentication</a> + <ul> + <li><a href="./index.php?page=login.php">Login</a></li> + </ul> + </li> + <li> + <a href="">SQLi - Insert Injection</a> + <ul> + <li><a href="./index.php?page=register.php">Register</a></li> + </ul> + </li> + <li> + <a href="">Blind SQL via Timing</a> + <ul> + <li><a href="./index.php?page=login.php">Login</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">SQLMAP Practice Target</a> + <ul> + <li><a href="./index.php?page=view-someones-blog.php">View Someones Blog</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">Via JavaScript Object Notation (JSON)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href="">A1 - Other Injection</a> + <ul> + <li> + <a href="">HTML Injection (HTMLi)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + </ul> + </li> + <li> + <a href="">HTMLi via HTTP Headers</a> + <ul> + <li><a href="./index.php?page=site-footer-xss-discussion.php">Site Footer</a><li> + <li><a href="">HTTP Response Splitting (Hint: Difficult)</a></li> + </ul> + </li> + <li> + <a href="">HTMLi Via DOM Injection</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">HTMLi Via Cookie Injection</a> + <ul> + <li><a href="index.php?page=capture-data.php">Capture Data Page</a></li> + </ul> + </li> + <li> + <a href="">Frame Source Injection</a> + <ul> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Injection</a> + <ul> + <li><a href="./index.php">Those "Back" Buttons</a></li> + <li> + <a href="./index.php?page=password-generator.php&username=anonymous"> + Password Generator + </a> + </li> + <li><a href="./index.php?page=browser-info.php">Browser Info</a></li> + </ul> + </li> + <li> + <a href="">HTTP Parameter Pollution</a> + <ul> + <li><a href="./index.php?page=user-poll.php">Poll Question</a></li> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">Cascading Style Injection</a> + <ul> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Object Notation (JSON) Injection</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + <li> + <a href="">Buffer Overflow</a> + <ul> + <li><a href="./index.php?page=repeater.php">Repeater</a></li> + </ul> + </li> + <li> + <a href="">Parameter Addition</a> + <ul> + <li><a href="./index.php?page=repeater.php">Repeater</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href="">A2 - Cross Site Scripting (XSS)</a> + <ul> + <li> + <a href="">Reflected (First Order)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + <li><a href="./index.php?page=html5-storage.php">HTML5 Storage</a></li> + <li><a href="./index.php?page=capture-data.php">Capture Data Page</a></li> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">Persistent (Second Order)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="?page=view-someones-blog.php">View someone's blog</a></li> + <li><a href="?page=show-log.php">Show Log</a><li> + </ul> + </li> + <li> + <a href="">DOM Injection</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Via "Input" (GET/POST)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="?page=view-someones-blog.php">View someone's blog</a></li> + <li><a href="?page=show-log.php">Show Log</a><li> + <li><a href="?page=user-info.php">User Info</a></li> + <li><a href="./index.php">Missing HTTPOnly Attribute</a></li> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + </ul> + </li> + <li> + <a href="">Via HTTP Headers</a> + <ul> + <li><a href="./index.php?page=browser-info.php">Browser Info</a></li> + <li><a href="./index.php?page=show-log.php">Show Log</a><li> + <li><a href="./index.php?page=site-footer-xss-discussion.php">Site Footer</a><li> + <li><a href="./index.php?page=html5-storage.php">Those "BACK" Buttons</a></li> + </ul> + </li> + <li> + <a href="">Via Misconfiguration</a> + <ul> + <li><a href="./index.php">Missing HTTPOnly Attribute</a></li> + </ul> + </li> + <li> + <a href="">Against HTML 5 Storage</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Against JSON</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + </ul> + </li> + <li> + <a href="">Via Cookie Injection</a> + <ul> + <li><a href="index.php?page=capture-data.php">Capture Data Page</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href=""> + A3 - Broken Authentication and Session Management + </a> + <ul> + <li><a href="index.php">Cookies</a></li> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=view-user-privilege-level.php&iv=6bc24fc1ab650b25b4114e93a98f1eba">View User Privileges</a></li> + </ul> + </li> + <li> + <a href="">A4 - Insecure Direct Object References</a> + <ul> + <li><a href="index.php?page=source-viewer.php">Source Viewer</a></li> + <li><a href="index.php?page=credits.php">Credits</a></li> + <li><a href="index.php">Cookies</a></li> + <li><a href="index.php?page=arbitrary-file-inclusion.php">Arbitrary File Inclusion</a></li> + </ul> + </li> + <li> + <a href="">A5 - Cross Site Request Forgery (CSRF)</a> + <ul> + <li><a href="index.php?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="./index.php?page=register.php">Register User</a></li> + </ul> + </li> + <li> + <a href="">A6 - Security Misconfiguration</a> + <ul> + <li><a href="index.php?page=directory-browsing.php">Directory Browsing</a></li> + <li><a href="./index.php?page=user-info.php">Method Tampering (GET for POST)</a></li> + </ul> + </li> + <li> + <a href="">A7 - Insecure Cryptographic Storage</a> + <ul> + <li><a href="index.php?page=user-info.php">User Info</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">A8 - Failure to Restrict URL Access</a> + <ul> + <li><a href="index.php?page=source-viewer.php">Source Viewer</a></li> + <li><a href="index.php?page=secret-administrative-pages.php">"Secret" Administrative Pages</a></li> + <li><a href="index.php?page=robots-txt.php">Robots.txt</a></li> + </ul> + </li> + <li> + <a href="">A9 - Insufficient Transport Layer Protection</a> + <ul> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">A10 - Unvalidated Redirects and Forwards</a> + <ul> + <li><a href="?page=credits.php">Credits</a></li> + <a href="#">Setup/reset the DB (Disabled: Not Admin)</a></li> + + </ul> + </li> + </ul> + </li> + <li style="border-color: #ffffff; border-style: solid;border-width: 1px"> + <a href="#">HTML 5</a> + <ul> + <li> + <a href="">HTML 5 Web Storage</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Object Notation (JSON)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + <li> + <a href="">Asyncronous JavaScript and XML (AJAX)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + </ul> + </li> + <li style="border-color: #ffffff; border-style: solid;border-width: 1px"> + <a href="#">Others</a> + <ul> + <li> + <a href="">OWASP 2007 A3 - Malicious File Execution</a> + <ul> + <li><a href="?page=source-viewer.php">Source Viewer</a></li> + </ul> + </li> + <li> + <a href="">OWASP 2007 A6 - Information Leakage and Improper Error Handling</a> + <ul> + <li><a href="index.php">Cache Control</a></li> + <li><a href="index.php">X-Powered-By HTTP Header</a></li> + <li><a href="index.php">HTML/JavaScript Comments</a></li> + <li><a href="index.php?page=framing.php">Click-Jacking</a></li> + <li><a href="framer.html">Cross-Site Framing (Third-Party Framing)</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Denial of Service</a> + <ul> + <li><a href="?page=show-log.php">Show Web Log</a><li> + </ul> + </li> + <li> + <a href="">JavaScript "Security"</a> + <ul> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=user-info.php">User Info</a></li> + <li><a href="index.php?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="index.php?page=user-agent-impersonation.php">User-Agent Impersonation</a> + </li> + <li> + <a href="">Data Capture Pages</a> + <ul> + <li><a href="index.php?page=capture-data.php">Data Capture</a></li> + <li><a href="index.php?page=captured-data.php">View Captured Data</a></li> + </ul> + </li> + + </ul> + </li> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">Documentation</a> + <ul> + <li><a href="index.php?page=documentation/vulnerabilities.php">Listing of Vulnerabilities</a></li> + </ul> + </li> + </ul> + <br style="clear: left" /> + </div> + + <div class="label" style="text-align: center;">Developed by Adrian "Irongeek" Crenshaw and Jeremy Druin</div> + </td> + +<td valign="top"> + <blockquote> + <!-- Begin Content --> + + +<!-- Bubble hints code --> + +<script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div class="page-title">Log</div> + + + +<script type="text/javascript"> + $(function() { + $('[HTMLEventReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[HTMLEventReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div style="margin: 5px;"> + <span style="font-weight: bold;" HTMLEventReflectedXSSExecutionPoint="1"> + <a onclick="document.location.href='';" + style="cursor:pointer;"> + <img src="./images/back-button-128px-by-128px.png" + alt="Back" + width="64px" + height="64px" + align="middle" + /> + + Back + </a> + </span> +</div> +<table border="1px" width="100%" class="main-table-frame"><tr class="report-header"> <td colspan="10"> <span><img width="32px" height="32px" src="./images/information-icon-64-64.png" style="vertical-align:middle;" />83 log records found<span> <span title="Click to refresh log file" onclick="document.location.reload(true);" style="cursor: pointer;margin-left:35px;margin-right:35px;white-space:nowrap;font-weight:bold;"> <img width="32px" height="32px" src="./images/refresh-button-48px-by-48px.png" style="vertical-align:middle;" /> Refresh Logs </span> <span title="Click to delete log file" onclick="document.location='./index.php?page=show-log.php&deleteLogs=deleteLogs';" style="cursor: pointer;white-space:nowrap;font-weight:bold;"> <img width="32px" height="32px" src="./images/delete-icon-256-256.png" style="vertical-align:middle;" /> Delete Logs </span> </td></tr><tr class="report-header"> + <td style="font-weight:bold;">Hostname</td> + <td style="font-weight:bold;">IP</td> + <td style="font-weight:bold;">Browser Agent</td> + <td style="font-weight:bold;">Page Viewed</td> + <td style="font-weight:bold;">Date/Time</td> + </tr><tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:37:03</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1"><u>test2</u></td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:37:00</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:36:04</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:35:57</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">%3Cscript%3Ealert(%2522xss%2522)%3B%3C%2Fscript%3E</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:35:54</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:32:37</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1"><b>test</b></td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:32:34</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:29:34</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">TEST!</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:29:28</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:28:28</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:27:25</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: browser-info.php</td> + <td>2019-10-23 12:26:52</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:23:12</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:23:10</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Wget/1.20.3 (msys)</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:22:14</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Wget/1.20.3 (msys)</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:21:02</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Wget/1.20.3 (msys)</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:19:16</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:18:05</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:16:49</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Wget/1.20.3 (msys)</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:11:02</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Wget/1.20.3 (msys)</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:10:13</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Wget/1.20.3 (msys)</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:09:44</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Wget/1.20.3 (msys)</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:09:04</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Wget/1.20.3 (msys)</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:08:25</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Wget/1.20.3 (msys)</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:07:58</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Wget/1.20.3 (msys)</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:07:35</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Wget/1.20.3 (msys)</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:06:10</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Wget/1.20.3 (msys)</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:04:20</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:03:03</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:01:58</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 12:00:18</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:59:44</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:59:19</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:59:01</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:52:51</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:52:34</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:52:32</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:50:55</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:50:10</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:49:10</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:48:04</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:46:43</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:45:53</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:41:52</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:41:21</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:41:08</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:40:52</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: home.php</td> + <td>2019-10-23 11:40:42</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:38:42</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:36:13</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:34:22</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:29:36</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:21:41</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:19:38</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:16:55</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:15:04</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:14:32</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:13:58</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:11:59</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:10:23</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:09:52</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:08:49</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:05:51</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:05:28</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: pen-test-tool-lookup.php</td> + <td>2019-10-23 11:05:11</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: browser-info.php</td> + <td>2019-10-23 11:04:47</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: site-footer-xss-discussion.php</td> + <td>2019-10-23 11:04:30</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: browser-info.php</td> + <td>2019-10-23 11:03:44</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">Blog entry added by: anonymous</td> + <td>2019-10-23 11:01:04</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">Selected blog entries for anonymous</td> + <td>2019-10-23 11:01:04</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: add-to-your-blog.php</td> + <td>2019-10-23 11:01:04</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">Blog entry added by: anonymous</td> + <td>2019-10-23 10:58:31</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">Selected blog entries for anonymous</td> + <td>2019-10-23 10:58:31</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: add-to-your-blog.php</td> + <td>2019-10-23 10:58:31</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">Selected blog entries for anonymous</td> + <td>2019-10-23 10:57:52</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: add-to-your-blog.php</td> + <td>2019-10-23 10:57:52</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: home.php</td> + <td>2019-10-23 10:57:44</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">Selected blog entries for anonymous</td> + <td>2019-10-23 10:57:01</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: add-to-your-blog.php</td> + <td>2019-10-23 10:57:01</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: home.php</td> + <td>2019-10-23 10:56:41</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">Selected blog entries for anonymous</td> + <td>2019-10-23 10:55:53</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: add-to-your-blog.php</td> + <td>2019-10-23 10:55:53</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: home.php</td> + <td>2019-10-23 10:55:05</td> + </tr> +</table> + <!-- End Content --> + </blockquote> + </td> + </tr> + </table> + + +<!-- Bubble hints code --> + +<script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div ReflectedXSSExecutionPoint=\"1\" class="footer">Browser: <script>//test2\n<script></div><div class="footer">PHP Version: 5.3.28</div></body> +</html><script type="text/javascript"> + try{ + window.localStorage.setItem("LocalStorageTarget","This is set by the index.php page"); + window.sessionStorage.setItem("SessionStorageTarget","This is set by the index.php page"); + }catch(e){ + alert(e); + }; + </script><script type="text/javascript" src="./javascript/jQuery/jquery-1.7.2.js"></script><script type="text/javascript" src="./javascript/jQuery/jquery.balloon.js"></script>
\ No newline at end of file diff --git a/hw7/index.php@page=show-log.php.5 b/hw7/index.php@page=show-log.php.5 new file mode 100644 index 0000000..a177ad5 --- /dev/null +++ b/hw7/index.php@page=show-log.php.5 @@ -0,0 +1,543 @@ + + <!-- I think the database password is set to blank or perhaps samurai. + It depends on whether you installed this web app from irongeeks site or + are using it inside Kevin Johnsons Samurai web testing framework. + It is ok to put the password in HTML comments because no user will ever see + this comment. I remember that security instructor saying we should use the + framework comment symbols (ASP.NET, JAVA, PHP, Etc.) + rather than HTML comments, but we all know those + security instructors are just making all this up. --> +<!-- Bubble hints code --> + +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/1999/REC-html401-19991224/loose.dtd"> +<html> +<head> + <meta content="text/html; charset=us-ascii" http-equiv="content-type"> + + <link rel="shortcut icon" href="favicon.ico" type="image/x-icon" /> + <link rel="stylesheet" type="text/css" href="./styles/global-styles.css" /> + <link rel="stylesheet" type="text/css" href="./styles/ddsmoothmenu/ddsmoothmenu.css" /> + <link rel="stylesheet" type="text/css" href="./styles/ddsmoothmenu/ddsmoothmenu-v.css" /> + + <script type="text/javascript" src="./javascript/bookmark-site.js"></script> + <script type="text/javascript" src="./javascript/ddsmoothmenu/ddsmoothmenu.js"></script> + <script type="text/javascript" src="./javascript/ddsmoothmenu/jquery.min.js"> + /*********************************************** + * Smooth Navigational Menu- (c) Dynamic Drive DHTML code library (www.dynamicdrive.com) + * This notice MUST stay intact for legal use + * Visit Dynamic Drive at http://www.dynamicdrive.com/ for full source code + ***********************************************/ + </script> + <script type="text/javascript"> + ddsmoothmenu.init({ + mainmenuid: "smoothmenu1", //menu DIV id + orientation: 'v', //Horizontal or vertical menu: Set to "h" or "v" + classname: 'ddsmoothmenu', //class added to menu's outer DIV + //customtheme: ["#cccc44", "#cccccc"], + contentsource: "markup" //"markup" or ["container_id", "path_to_menu_file"] + }); + </script> + <script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + $('[CookieTamperingAffectedArea]').attr("title", "Cookies may store system state information"); + $('[CookieTamperingAffectedArea]').balloon(); + }); + </script> +</head> +<body onload="onLoadOfBody(this);"> +<table class="main-table-frame" border="1px" cellspacing="0px" cellpadding="0px"> + <tr> + <td bgcolor="#ccccff" align="center" colspan="7"> + <table width="100%"> + <tr> + <td style="text-align:center;"> + <span style="text-align:center; font-weight: bold; font-size:30px; text-align: center;"> + <img style="vertical-align: middle; margin-right: 10px;" border="0px" width="50px" height="40px" align="top" src="./images/coykillericon.png"/> + NOWASP (Mutillidae): Hack Like You Mean It + </span> + </td> + </tr> + </table> + </td> + </tr> + <tr> + <td bgcolor="#ccccff" align="center" colspan="7"> + <span class="version-header">Version: 2.3.10</span> + <span id="idSecurityLevelHeading" class="version-header" style="margin-left: 40px;">Security Level: 0 (Hosed)</span> + <span id="idHintsStatusHeading" CookieTamperingAffectedArea="1" class="version-header" style="margin-left: 40px;">Hints: Disabled (0 - I try harder)</span> + <span id="idSystemInformationHeading" ReflectedXSSExecutionPoint="1" class="version-header" style="margin-left: 40px;">Not Logged In</span> + </td> + </tr> + <tr> + <td colspan="2" class="header-menu-table"> + <table class="header-menu-table"> + <tr> + <td><a href="index.php?page=home.php">Home</a></td> + <td>|</td> + <td> + <a href="./index.php?page=login.php">Login/Register</a> + </td> + <td>|</td> + <td><a href="./index.php?do=toggle-hints&page=show-log.php">Toggle Hints</a></td><td>|</td> <td><a href="./index.php?do=toggle-security&page=show-log.php">Toggle Security</a></td> + <td>|</td> + <td><a href="set-up-database.php">Reset DB</a></td> + <td>|</td> + <td><a href="./index.php?page=show-log.php">View Log</a></td> + <td>|</td> + <td><a href="./index.php?page=captured-data.php">View Captured Data</a></td> + <td>|</td> + <td><a href="./index.php?do=toggle-bubble-hints&page=show-log.php">Hide Popup Hints</a></td> + </tr> + </table> + </td> + </tr> + <tr> + <td style="vertical-align:top;text-align:left;background-color:#ccccff;width:10%"> + <div id="smoothmenu1" class="ddsmoothmenu"> + <ul> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">Core Controls</a> + <ul> + <li><a href="index.php?page=home.php">Home</a></li> + <li> + <a href="./index.php?page=login.php">Login/Register</a> </li> + <li><a href="./index.php?do=toggle-hints&page=show-log.php">Toggle Hints</a></li> <li><a href="./index.php?do=toggle-security&page=show-log.php">Toggle Security</a></li> + <li><a href="set-up-database.php">Setup/Reset the DB</a></li> + <li><a href="./index.php?page=show-log.php">Show Log</a></li> + <li><a href="./index.php?page=credits.php">Credits</a></li> + <li><a href="./index.php?do=toggle-bubble-hints&page=show-log.php">Hide Popup Hints</a></li> + </ul> + </li> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">OWASP Top 10</a> + <ul> + <li> + <a href="">A1 - SQL Injection</a> + <ul> + <li> + <a href="">SQLi - Extract Data</a> + <ul> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">SQLi - Bypass Authentication</a> + <ul> + <li><a href="./index.php?page=login.php">Login</a></li> + </ul> + </li> + <li> + <a href="">SQLi - Insert Injection</a> + <ul> + <li><a href="./index.php?page=register.php">Register</a></li> + </ul> + </li> + <li> + <a href="">Blind SQL via Timing</a> + <ul> + <li><a href="./index.php?page=login.php">Login</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">SQLMAP Practice Target</a> + <ul> + <li><a href="./index.php?page=view-someones-blog.php">View Someones Blog</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">Via JavaScript Object Notation (JSON)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href="">A1 - Other Injection</a> + <ul> + <li> + <a href="">HTML Injection (HTMLi)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + </ul> + </li> + <li> + <a href="">HTMLi via HTTP Headers</a> + <ul> + <li><a href="./index.php?page=site-footer-xss-discussion.php">Site Footer</a><li> + <li><a href="">HTTP Response Splitting (Hint: Difficult)</a></li> + </ul> + </li> + <li> + <a href="">HTMLi Via DOM Injection</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">HTMLi Via Cookie Injection</a> + <ul> + <li><a href="index.php?page=capture-data.php">Capture Data Page</a></li> + </ul> + </li> + <li> + <a href="">Frame Source Injection</a> + <ul> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Injection</a> + <ul> + <li><a href="./index.php">Those "Back" Buttons</a></li> + <li> + <a href="./index.php?page=password-generator.php&username=anonymous"> + Password Generator + </a> + </li> + <li><a href="./index.php?page=browser-info.php">Browser Info</a></li> + </ul> + </li> + <li> + <a href="">HTTP Parameter Pollution</a> + <ul> + <li><a href="./index.php?page=user-poll.php">Poll Question</a></li> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">Cascading Style Injection</a> + <ul> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Object Notation (JSON) Injection</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + <li> + <a href="">Buffer Overflow</a> + <ul> + <li><a href="./index.php?page=repeater.php">Repeater</a></li> + </ul> + </li> + <li> + <a href="">Parameter Addition</a> + <ul> + <li><a href="./index.php?page=repeater.php">Repeater</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href="">A2 - Cross Site Scripting (XSS)</a> + <ul> + <li> + <a href="">Reflected (First Order)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + <li><a href="./index.php?page=html5-storage.php">HTML5 Storage</a></li> + <li><a href="./index.php?page=capture-data.php">Capture Data Page</a></li> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">Persistent (Second Order)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="?page=view-someones-blog.php">View someone's blog</a></li> + <li><a href="?page=show-log.php">Show Log</a><li> + </ul> + </li> + <li> + <a href="">DOM Injection</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Via "Input" (GET/POST)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="?page=view-someones-blog.php">View someone's blog</a></li> + <li><a href="?page=show-log.php">Show Log</a><li> + <li><a href="?page=user-info.php">User Info</a></li> + <li><a href="./index.php">Missing HTTPOnly Attribute</a></li> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + </ul> + </li> + <li> + <a href="">Via HTTP Headers</a> + <ul> + <li><a href="./index.php?page=browser-info.php">Browser Info</a></li> + <li><a href="./index.php?page=show-log.php">Show Log</a><li> + <li><a href="./index.php?page=site-footer-xss-discussion.php">Site Footer</a><li> + <li><a href="./index.php?page=html5-storage.php">Those "BACK" Buttons</a></li> + </ul> + </li> + <li> + <a href="">Via Misconfiguration</a> + <ul> + <li><a href="./index.php">Missing HTTPOnly Attribute</a></li> + </ul> + </li> + <li> + <a href="">Against HTML 5 Storage</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Against JSON</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + </ul> + </li> + <li> + <a href="">Via Cookie Injection</a> + <ul> + <li><a href="index.php?page=capture-data.php">Capture Data Page</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href=""> + A3 - Broken Authentication and Session Management + </a> + <ul> + <li><a href="index.php">Cookies</a></li> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=view-user-privilege-level.php&iv=6bc24fc1ab650b25b4114e93a98f1eba">View User Privileges</a></li> + </ul> + </li> + <li> + <a href="">A4 - Insecure Direct Object References</a> + <ul> + <li><a href="index.php?page=source-viewer.php">Source Viewer</a></li> + <li><a href="index.php?page=credits.php">Credits</a></li> + <li><a href="index.php">Cookies</a></li> + <li><a href="index.php?page=arbitrary-file-inclusion.php">Arbitrary File Inclusion</a></li> + </ul> + </li> + <li> + <a href="">A5 - Cross Site Request Forgery (CSRF)</a> + <ul> + <li><a href="index.php?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="./index.php?page=register.php">Register User</a></li> + </ul> + </li> + <li> + <a href="">A6 - Security Misconfiguration</a> + <ul> + <li><a href="index.php?page=directory-browsing.php">Directory Browsing</a></li> + <li><a href="./index.php?page=user-info.php">Method Tampering (GET for POST)</a></li> + </ul> + </li> + <li> + <a href="">A7 - Insecure Cryptographic Storage</a> + <ul> + <li><a href="index.php?page=user-info.php">User Info</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">A8 - Failure to Restrict URL Access</a> + <ul> + <li><a href="index.php?page=source-viewer.php">Source Viewer</a></li> + <li><a href="index.php?page=secret-administrative-pages.php">"Secret" Administrative Pages</a></li> + <li><a href="index.php?page=robots-txt.php">Robots.txt</a></li> + </ul> + </li> + <li> + <a href="">A9 - Insufficient Transport Layer Protection</a> + <ul> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">A10 - Unvalidated Redirects and Forwards</a> + <ul> + <li><a href="?page=credits.php">Credits</a></li> + <a href="#">Setup/reset the DB (Disabled: Not Admin)</a></li> + + </ul> + </li> + </ul> + </li> + <li style="border-color: #ffffff; border-style: solid;border-width: 1px"> + <a href="#">HTML 5</a> + <ul> + <li> + <a href="">HTML 5 Web Storage</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Object Notation (JSON)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + <li> + <a href="">Asyncronous JavaScript and XML (AJAX)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + </ul> + </li> + <li style="border-color: #ffffff; border-style: solid;border-width: 1px"> + <a href="#">Others</a> + <ul> + <li> + <a href="">OWASP 2007 A3 - Malicious File Execution</a> + <ul> + <li><a href="?page=source-viewer.php">Source Viewer</a></li> + </ul> + </li> + <li> + <a href="">OWASP 2007 A6 - Information Leakage and Improper Error Handling</a> + <ul> + <li><a href="index.php">Cache Control</a></li> + <li><a href="index.php">X-Powered-By HTTP Header</a></li> + <li><a href="index.php">HTML/JavaScript Comments</a></li> + <li><a href="index.php?page=framing.php">Click-Jacking</a></li> + <li><a href="framer.html">Cross-Site Framing (Third-Party Framing)</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Denial of Service</a> + <ul> + <li><a href="?page=show-log.php">Show Web Log</a><li> + </ul> + </li> + <li> + <a href="">JavaScript "Security"</a> + <ul> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=user-info.php">User Info</a></li> + <li><a href="index.php?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="index.php?page=user-agent-impersonation.php">User-Agent Impersonation</a> + </li> + <li> + <a href="">Data Capture Pages</a> + <ul> + <li><a href="index.php?page=capture-data.php">Data Capture</a></li> + <li><a href="index.php?page=captured-data.php">View Captured Data</a></li> + </ul> + </li> + + </ul> + </li> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">Documentation</a> + <ul> + <li><a href="index.php?page=documentation/vulnerabilities.php">Listing of Vulnerabilities</a></li> + </ul> + </li> + </ul> + <br style="clear: left" /> + </div> + + <div class="label" style="text-align: center;">Developed by Adrian "Irongeek" Crenshaw and Jeremy Druin</div> + </td> + +<td valign="top"> + <blockquote> + <!-- Begin Content --> + + +<!-- Bubble hints code --> + +<script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div class="page-title">Log</div> + + + +<script type="text/javascript"> + $(function() { + $('[HTMLEventReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[HTMLEventReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div style="margin: 5px;"> + <span style="font-weight: bold;" HTMLEventReflectedXSSExecutionPoint="1"> + <a onclick="document.location.href='';" + style="cursor:pointer;"> + <img src="./images/back-button-128px-by-128px.png" + alt="Back" + width="64px" + height="64px" + align="middle" + /> + + Back + </a> + </span> +</div> +<table border="1px" width="100%" class="main-table-frame"><tr class="report-header"> <td colspan="10"> <span><img width="32px" height="32px" src="./images/information-icon-64-64.png" style="vertical-align:middle;" />1 log records found<span> <span title="Click to refresh log file" onclick="document.location.reload(true);" style="cursor: pointer;margin-left:35px;margin-right:35px;white-space:nowrap;font-weight:bold;"> <img width="32px" height="32px" src="./images/refresh-button-48px-by-48px.png" style="vertical-align:middle;" /> Refresh Logs </span> <span title="Click to delete log file" onclick="document.location='./index.php?page=show-log.php&deleteLogs=deleteLogs';" style="cursor: pointer;white-space:nowrap;font-weight:bold;"> <img width="32px" height="32px" src="./images/delete-icon-256-256.png" style="vertical-align:middle;" /> Delete Logs </span> </td></tr><tr class="report-header"> + <td style="font-weight:bold;">Hostname</td> + <td style="font-weight:bold;">IP</td> + <td style="font-weight:bold;">Browser Agent</td> + <td style="font-weight:bold;">Page Viewed</td> + <td style="font-weight:bold;">Date/Time</td> + </tr><tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:37:32</td> + </tr> +</table> + <!-- End Content --> + </blockquote> + </td> + </tr> + </table> + + +<!-- Bubble hints code --> + +<script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div ReflectedXSSExecutionPoint=\"1\" class="footer">Browser: <script>/*test2*/\n<script></div><div class="footer">PHP Version: 5.3.28</div></body> +</html><script type="text/javascript"> + try{ + window.localStorage.setItem("LocalStorageTarget","This is set by the index.php page"); + window.sessionStorage.setItem("SessionStorageTarget","This is set by the index.php page"); + }catch(e){ + alert(e); + }; + </script><script type="text/javascript" src="./javascript/jQuery/jquery-1.7.2.js"></script><script type="text/javascript" src="./javascript/jQuery/jquery.balloon.js"></script>
\ No newline at end of file diff --git a/hw7/index.php@page=show-log.php.6 b/hw7/index.php@page=show-log.php.6 new file mode 100644 index 0000000..c3ccb57 --- /dev/null +++ b/hw7/index.php@page=show-log.php.6 @@ -0,0 +1,543 @@ + + <!-- I think the database password is set to blank or perhaps samurai. + It depends on whether you installed this web app from irongeeks site or + are using it inside Kevin Johnsons Samurai web testing framework. + It is ok to put the password in HTML comments because no user will ever see + this comment. I remember that security instructor saying we should use the + framework comment symbols (ASP.NET, JAVA, PHP, Etc.) + rather than HTML comments, but we all know those + security instructors are just making all this up. --> +<!-- Bubble hints code --> + +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/1999/REC-html401-19991224/loose.dtd"> +<html> +<head> + <meta content="text/html; charset=us-ascii" http-equiv="content-type"> + + <link rel="shortcut icon" href="favicon.ico" type="image/x-icon" /> + <link rel="stylesheet" type="text/css" href="./styles/global-styles.css" /> + <link rel="stylesheet" type="text/css" href="./styles/ddsmoothmenu/ddsmoothmenu.css" /> + <link rel="stylesheet" type="text/css" href="./styles/ddsmoothmenu/ddsmoothmenu-v.css" /> + + <script type="text/javascript" src="./javascript/bookmark-site.js"></script> + <script type="text/javascript" src="./javascript/ddsmoothmenu/ddsmoothmenu.js"></script> + <script type="text/javascript" src="./javascript/ddsmoothmenu/jquery.min.js"> + /*********************************************** + * Smooth Navigational Menu- (c) Dynamic Drive DHTML code library (www.dynamicdrive.com) + * This notice MUST stay intact for legal use + * Visit Dynamic Drive at http://www.dynamicdrive.com/ for full source code + ***********************************************/ + </script> + <script type="text/javascript"> + ddsmoothmenu.init({ + mainmenuid: "smoothmenu1", //menu DIV id + orientation: 'v', //Horizontal or vertical menu: Set to "h" or "v" + classname: 'ddsmoothmenu', //class added to menu's outer DIV + //customtheme: ["#cccc44", "#cccccc"], + contentsource: "markup" //"markup" or ["container_id", "path_to_menu_file"] + }); + </script> + <script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + $('[CookieTamperingAffectedArea]').attr("title", "Cookies may store system state information"); + $('[CookieTamperingAffectedArea]').balloon(); + }); + </script> +</head> +<body onload="onLoadOfBody(this);"> +<table class="main-table-frame" border="1px" cellspacing="0px" cellpadding="0px"> + <tr> + <td bgcolor="#ccccff" align="center" colspan="7"> + <table width="100%"> + <tr> + <td style="text-align:center;"> + <span style="text-align:center; font-weight: bold; font-size:30px; text-align: center;"> + <img style="vertical-align: middle; margin-right: 10px;" border="0px" width="50px" height="40px" align="top" src="./images/coykillericon.png"/> + NOWASP (Mutillidae): Hack Like You Mean It + </span> + </td> + </tr> + </table> + </td> + </tr> + <tr> + <td bgcolor="#ccccff" align="center" colspan="7"> + <span class="version-header">Version: 2.3.10</span> + <span id="idSecurityLevelHeading" class="version-header" style="margin-left: 40px;">Security Level: 0 (Hosed)</span> + <span id="idHintsStatusHeading" CookieTamperingAffectedArea="1" class="version-header" style="margin-left: 40px;">Hints: Disabled (0 - I try harder)</span> + <span id="idSystemInformationHeading" ReflectedXSSExecutionPoint="1" class="version-header" style="margin-left: 40px;">Not Logged In</span> + </td> + </tr> + <tr> + <td colspan="2" class="header-menu-table"> + <table class="header-menu-table"> + <tr> + <td><a href="index.php?page=home.php">Home</a></td> + <td>|</td> + <td> + <a href="./index.php?page=login.php">Login/Register</a> + </td> + <td>|</td> + <td><a href="./index.php?do=toggle-hints&page=show-log.php">Toggle Hints</a></td><td>|</td> <td><a href="./index.php?do=toggle-security&page=show-log.php">Toggle Security</a></td> + <td>|</td> + <td><a href="set-up-database.php">Reset DB</a></td> + <td>|</td> + <td><a href="./index.php?page=show-log.php">View Log</a></td> + <td>|</td> + <td><a href="./index.php?page=captured-data.php">View Captured Data</a></td> + <td>|</td> + <td><a href="./index.php?do=toggle-bubble-hints&page=show-log.php">Hide Popup Hints</a></td> + </tr> + </table> + </td> + </tr> + <tr> + <td style="vertical-align:top;text-align:left;background-color:#ccccff;width:10%"> + <div id="smoothmenu1" class="ddsmoothmenu"> + <ul> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">Core Controls</a> + <ul> + <li><a href="index.php?page=home.php">Home</a></li> + <li> + <a href="./index.php?page=login.php">Login/Register</a> </li> + <li><a href="./index.php?do=toggle-hints&page=show-log.php">Toggle Hints</a></li> <li><a href="./index.php?do=toggle-security&page=show-log.php">Toggle Security</a></li> + <li><a href="set-up-database.php">Setup/Reset the DB</a></li> + <li><a href="./index.php?page=show-log.php">Show Log</a></li> + <li><a href="./index.php?page=credits.php">Credits</a></li> + <li><a href="./index.php?do=toggle-bubble-hints&page=show-log.php">Hide Popup Hints</a></li> + </ul> + </li> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">OWASP Top 10</a> + <ul> + <li> + <a href="">A1 - SQL Injection</a> + <ul> + <li> + <a href="">SQLi - Extract Data</a> + <ul> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">SQLi - Bypass Authentication</a> + <ul> + <li><a href="./index.php?page=login.php">Login</a></li> + </ul> + </li> + <li> + <a href="">SQLi - Insert Injection</a> + <ul> + <li><a href="./index.php?page=register.php">Register</a></li> + </ul> + </li> + <li> + <a href="">Blind SQL via Timing</a> + <ul> + <li><a href="./index.php?page=login.php">Login</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">SQLMAP Practice Target</a> + <ul> + <li><a href="./index.php?page=view-someones-blog.php">View Someones Blog</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">Via JavaScript Object Notation (JSON)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href="">A1 - Other Injection</a> + <ul> + <li> + <a href="">HTML Injection (HTMLi)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + </ul> + </li> + <li> + <a href="">HTMLi via HTTP Headers</a> + <ul> + <li><a href="./index.php?page=site-footer-xss-discussion.php">Site Footer</a><li> + <li><a href="">HTTP Response Splitting (Hint: Difficult)</a></li> + </ul> + </li> + <li> + <a href="">HTMLi Via DOM Injection</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">HTMLi Via Cookie Injection</a> + <ul> + <li><a href="index.php?page=capture-data.php">Capture Data Page</a></li> + </ul> + </li> + <li> + <a href="">Frame Source Injection</a> + <ul> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Injection</a> + <ul> + <li><a href="./index.php">Those "Back" Buttons</a></li> + <li> + <a href="./index.php?page=password-generator.php&username=anonymous"> + Password Generator + </a> + </li> + <li><a href="./index.php?page=browser-info.php">Browser Info</a></li> + </ul> + </li> + <li> + <a href="">HTTP Parameter Pollution</a> + <ul> + <li><a href="./index.php?page=user-poll.php">Poll Question</a></li> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">Cascading Style Injection</a> + <ul> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Object Notation (JSON) Injection</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + <li> + <a href="">Buffer Overflow</a> + <ul> + <li><a href="./index.php?page=repeater.php">Repeater</a></li> + </ul> + </li> + <li> + <a href="">Parameter Addition</a> + <ul> + <li><a href="./index.php?page=repeater.php">Repeater</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href="">A2 - Cross Site Scripting (XSS)</a> + <ul> + <li> + <a href="">Reflected (First Order)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + <li><a href="./index.php?page=html5-storage.php">HTML5 Storage</a></li> + <li><a href="./index.php?page=capture-data.php">Capture Data Page</a></li> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">Persistent (Second Order)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="?page=view-someones-blog.php">View someone's blog</a></li> + <li><a href="?page=show-log.php">Show Log</a><li> + </ul> + </li> + <li> + <a href="">DOM Injection</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Via "Input" (GET/POST)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="?page=view-someones-blog.php">View someone's blog</a></li> + <li><a href="?page=show-log.php">Show Log</a><li> + <li><a href="?page=user-info.php">User Info</a></li> + <li><a href="./index.php">Missing HTTPOnly Attribute</a></li> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + </ul> + </li> + <li> + <a href="">Via HTTP Headers</a> + <ul> + <li><a href="./index.php?page=browser-info.php">Browser Info</a></li> + <li><a href="./index.php?page=show-log.php">Show Log</a><li> + <li><a href="./index.php?page=site-footer-xss-discussion.php">Site Footer</a><li> + <li><a href="./index.php?page=html5-storage.php">Those "BACK" Buttons</a></li> + </ul> + </li> + <li> + <a href="">Via Misconfiguration</a> + <ul> + <li><a href="./index.php">Missing HTTPOnly Attribute</a></li> + </ul> + </li> + <li> + <a href="">Against HTML 5 Storage</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Against JSON</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + </ul> + </li> + <li> + <a href="">Via Cookie Injection</a> + <ul> + <li><a href="index.php?page=capture-data.php">Capture Data Page</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href=""> + A3 - Broken Authentication and Session Management + </a> + <ul> + <li><a href="index.php">Cookies</a></li> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=view-user-privilege-level.php&iv=6bc24fc1ab650b25b4114e93a98f1eba">View User Privileges</a></li> + </ul> + </li> + <li> + <a href="">A4 - Insecure Direct Object References</a> + <ul> + <li><a href="index.php?page=source-viewer.php">Source Viewer</a></li> + <li><a href="index.php?page=credits.php">Credits</a></li> + <li><a href="index.php">Cookies</a></li> + <li><a href="index.php?page=arbitrary-file-inclusion.php">Arbitrary File Inclusion</a></li> + </ul> + </li> + <li> + <a href="">A5 - Cross Site Request Forgery (CSRF)</a> + <ul> + <li><a href="index.php?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="./index.php?page=register.php">Register User</a></li> + </ul> + </li> + <li> + <a href="">A6 - Security Misconfiguration</a> + <ul> + <li><a href="index.php?page=directory-browsing.php">Directory Browsing</a></li> + <li><a href="./index.php?page=user-info.php">Method Tampering (GET for POST)</a></li> + </ul> + </li> + <li> + <a href="">A7 - Insecure Cryptographic Storage</a> + <ul> + <li><a href="index.php?page=user-info.php">User Info</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">A8 - Failure to Restrict URL Access</a> + <ul> + <li><a href="index.php?page=source-viewer.php">Source Viewer</a></li> + <li><a href="index.php?page=secret-administrative-pages.php">"Secret" Administrative Pages</a></li> + <li><a href="index.php?page=robots-txt.php">Robots.txt</a></li> + </ul> + </li> + <li> + <a href="">A9 - Insufficient Transport Layer Protection</a> + <ul> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">A10 - Unvalidated Redirects and Forwards</a> + <ul> + <li><a href="?page=credits.php">Credits</a></li> + <a href="#">Setup/reset the DB (Disabled: Not Admin)</a></li> + + </ul> + </li> + </ul> + </li> + <li style="border-color: #ffffff; border-style: solid;border-width: 1px"> + <a href="#">HTML 5</a> + <ul> + <li> + <a href="">HTML 5 Web Storage</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Object Notation (JSON)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + <li> + <a href="">Asyncronous JavaScript and XML (AJAX)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + </ul> + </li> + <li style="border-color: #ffffff; border-style: solid;border-width: 1px"> + <a href="#">Others</a> + <ul> + <li> + <a href="">OWASP 2007 A3 - Malicious File Execution</a> + <ul> + <li><a href="?page=source-viewer.php">Source Viewer</a></li> + </ul> + </li> + <li> + <a href="">OWASP 2007 A6 - Information Leakage and Improper Error Handling</a> + <ul> + <li><a href="index.php">Cache Control</a></li> + <li><a href="index.php">X-Powered-By HTTP Header</a></li> + <li><a href="index.php">HTML/JavaScript Comments</a></li> + <li><a href="index.php?page=framing.php">Click-Jacking</a></li> + <li><a href="framer.html">Cross-Site Framing (Third-Party Framing)</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Denial of Service</a> + <ul> + <li><a href="?page=show-log.php">Show Web Log</a><li> + </ul> + </li> + <li> + <a href="">JavaScript "Security"</a> + <ul> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=user-info.php">User Info</a></li> + <li><a href="index.php?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="index.php?page=user-agent-impersonation.php">User-Agent Impersonation</a> + </li> + <li> + <a href="">Data Capture Pages</a> + <ul> + <li><a href="index.php?page=capture-data.php">Data Capture</a></li> + <li><a href="index.php?page=captured-data.php">View Captured Data</a></li> + </ul> + </li> + + </ul> + </li> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">Documentation</a> + <ul> + <li><a href="index.php?page=documentation/vulnerabilities.php">Listing of Vulnerabilities</a></li> + </ul> + </li> + </ul> + <br style="clear: left" /> + </div> + + <div class="label" style="text-align: center;">Developed by Adrian "Irongeek" Crenshaw and Jeremy Druin</div> + </td> + +<td valign="top"> + <blockquote> + <!-- Begin Content --> + + +<!-- Bubble hints code --> + +<script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div class="page-title">Log</div> + + + +<script type="text/javascript"> + $(function() { + $('[HTMLEventReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[HTMLEventReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div style="margin: 5px;"> + <span style="font-weight: bold;" HTMLEventReflectedXSSExecutionPoint="1"> + <a onclick="document.location.href='';" + style="cursor:pointer;"> + <img src="./images/back-button-128px-by-128px.png" + alt="Back" + width="64px" + height="64px" + align="middle" + /> + + Back + </a> + </span> +</div> +<table border="1px" width="100%" class="main-table-frame"><tr class="report-header"> <td colspan="10"> <span><img width="32px" height="32px" src="./images/information-icon-64-64.png" style="vertical-align:middle;" />1 log records found<span> <span title="Click to refresh log file" onclick="document.location.reload(true);" style="cursor: pointer;margin-left:35px;margin-right:35px;white-space:nowrap;font-weight:bold;"> <img width="32px" height="32px" src="./images/refresh-button-48px-by-48px.png" style="vertical-align:middle;" /> Refresh Logs </span> <span title="Click to delete log file" onclick="document.location='./index.php?page=show-log.php&deleteLogs=deleteLogs';" style="cursor: pointer;white-space:nowrap;font-weight:bold;"> <img width="32px" height="32px" src="./images/delete-icon-256-256.png" style="vertical-align:middle;" /> Delete Logs </span> </td></tr><tr class="report-header"> + <td style="font-weight:bold;">Hostname</td> + <td style="font-weight:bold;">IP</td> + <td style="font-weight:bold;">Browser Agent</td> + <td style="font-weight:bold;">Page Viewed</td> + <td style="font-weight:bold;">Date/Time</td> + </tr><tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:38:01</td> + </tr> +</table> + <!-- End Content --> + </blockquote> + </td> + </tr> + </table> + + +<!-- Bubble hints code --> + +<script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div ReflectedXSSExecutionPoint=\"1\" class="footer">Browser: <u>test2</u></div><div class="footer">PHP Version: 5.3.28</div></body> +</html><script type="text/javascript"> + try{ + window.localStorage.setItem("LocalStorageTarget","This is set by the index.php page"); + window.sessionStorage.setItem("SessionStorageTarget","This is set by the index.php page"); + }catch(e){ + alert(e); + }; + </script><script type="text/javascript" src="./javascript/jQuery/jquery-1.7.2.js"></script><script type="text/javascript" src="./javascript/jQuery/jquery.balloon.js"></script>
\ No newline at end of file diff --git a/hw7/index.php@page=show-log.php.7 b/hw7/index.php@page=show-log.php.7 new file mode 100644 index 0000000..c954d36 --- /dev/null +++ b/hw7/index.php@page=show-log.php.7 @@ -0,0 +1,564 @@ + + <!-- I think the database password is set to blank or perhaps samurai. + It depends on whether you installed this web app from irongeeks site or + are using it inside Kevin Johnsons Samurai web testing framework. + It is ok to put the password in HTML comments because no user will ever see + this comment. I remember that security instructor saying we should use the + framework comment symbols (ASP.NET, JAVA, PHP, Etc.) + rather than HTML comments, but we all know those + security instructors are just making all this up. --> +<!-- Bubble hints code --> + +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/1999/REC-html401-19991224/loose.dtd"> +<html> +<head> + <meta content="text/html; charset=us-ascii" http-equiv="content-type"> + + <link rel="shortcut icon" href="favicon.ico" type="image/x-icon" /> + <link rel="stylesheet" type="text/css" href="./styles/global-styles.css" /> + <link rel="stylesheet" type="text/css" href="./styles/ddsmoothmenu/ddsmoothmenu.css" /> + <link rel="stylesheet" type="text/css" href="./styles/ddsmoothmenu/ddsmoothmenu-v.css" /> + + <script type="text/javascript" src="./javascript/bookmark-site.js"></script> + <script type="text/javascript" src="./javascript/ddsmoothmenu/ddsmoothmenu.js"></script> + <script type="text/javascript" src="./javascript/ddsmoothmenu/jquery.min.js"> + /*********************************************** + * Smooth Navigational Menu- (c) Dynamic Drive DHTML code library (www.dynamicdrive.com) + * This notice MUST stay intact for legal use + * Visit Dynamic Drive at http://www.dynamicdrive.com/ for full source code + ***********************************************/ + </script> + <script type="text/javascript"> + ddsmoothmenu.init({ + mainmenuid: "smoothmenu1", //menu DIV id + orientation: 'v', //Horizontal or vertical menu: Set to "h" or "v" + classname: 'ddsmoothmenu', //class added to menu's outer DIV + //customtheme: ["#cccc44", "#cccccc"], + contentsource: "markup" //"markup" or ["container_id", "path_to_menu_file"] + }); + </script> + <script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + $('[CookieTamperingAffectedArea]').attr("title", "Cookies may store system state information"); + $('[CookieTamperingAffectedArea]').balloon(); + }); + </script> +</head> +<body onload="onLoadOfBody(this);"> +<table class="main-table-frame" border="1px" cellspacing="0px" cellpadding="0px"> + <tr> + <td bgcolor="#ccccff" align="center" colspan="7"> + <table width="100%"> + <tr> + <td style="text-align:center;"> + <span style="text-align:center; font-weight: bold; font-size:30px; text-align: center;"> + <img style="vertical-align: middle; margin-right: 10px;" border="0px" width="50px" height="40px" align="top" src="./images/coykillericon.png"/> + NOWASP (Mutillidae): Hack Like You Mean It + </span> + </td> + </tr> + </table> + </td> + </tr> + <tr> + <td bgcolor="#ccccff" align="center" colspan="7"> + <span class="version-header">Version: 2.3.10</span> + <span id="idSecurityLevelHeading" class="version-header" style="margin-left: 40px;">Security Level: 0 (Hosed)</span> + <span id="idHintsStatusHeading" CookieTamperingAffectedArea="1" class="version-header" style="margin-left: 40px;">Hints: Disabled (0 - I try harder)</span> + <span id="idSystemInformationHeading" ReflectedXSSExecutionPoint="1" class="version-header" style="margin-left: 40px;">Not Logged In</span> + </td> + </tr> + <tr> + <td colspan="2" class="header-menu-table"> + <table class="header-menu-table"> + <tr> + <td><a href="index.php?page=home.php">Home</a></td> + <td>|</td> + <td> + <a href="./index.php?page=login.php">Login/Register</a> + </td> + <td>|</td> + <td><a href="./index.php?do=toggle-hints&page=show-log.php">Toggle Hints</a></td><td>|</td> <td><a href="./index.php?do=toggle-security&page=show-log.php">Toggle Security</a></td> + <td>|</td> + <td><a href="set-up-database.php">Reset DB</a></td> + <td>|</td> + <td><a href="./index.php?page=show-log.php">View Log</a></td> + <td>|</td> + <td><a href="./index.php?page=captured-data.php">View Captured Data</a></td> + <td>|</td> + <td><a href="./index.php?do=toggle-bubble-hints&page=show-log.php">Hide Popup Hints</a></td> + </tr> + </table> + </td> + </tr> + <tr> + <td style="vertical-align:top;text-align:left;background-color:#ccccff;width:10%"> + <div id="smoothmenu1" class="ddsmoothmenu"> + <ul> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">Core Controls</a> + <ul> + <li><a href="index.php?page=home.php">Home</a></li> + <li> + <a href="./index.php?page=login.php">Login/Register</a> </li> + <li><a href="./index.php?do=toggle-hints&page=show-log.php">Toggle Hints</a></li> <li><a href="./index.php?do=toggle-security&page=show-log.php">Toggle Security</a></li> + <li><a href="set-up-database.php">Setup/Reset the DB</a></li> + <li><a href="./index.php?page=show-log.php">Show Log</a></li> + <li><a href="./index.php?page=credits.php">Credits</a></li> + <li><a href="./index.php?do=toggle-bubble-hints&page=show-log.php">Hide Popup Hints</a></li> + </ul> + </li> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">OWASP Top 10</a> + <ul> + <li> + <a href="">A1 - SQL Injection</a> + <ul> + <li> + <a href="">SQLi - Extract Data</a> + <ul> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">SQLi - Bypass Authentication</a> + <ul> + <li><a href="./index.php?page=login.php">Login</a></li> + </ul> + </li> + <li> + <a href="">SQLi - Insert Injection</a> + <ul> + <li><a href="./index.php?page=register.php">Register</a></li> + </ul> + </li> + <li> + <a href="">Blind SQL via Timing</a> + <ul> + <li><a href="./index.php?page=login.php">Login</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">SQLMAP Practice Target</a> + <ul> + <li><a href="./index.php?page=view-someones-blog.php">View Someones Blog</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">Via JavaScript Object Notation (JSON)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href="">A1 - Other Injection</a> + <ul> + <li> + <a href="">HTML Injection (HTMLi)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + </ul> + </li> + <li> + <a href="">HTMLi via HTTP Headers</a> + <ul> + <li><a href="./index.php?page=site-footer-xss-discussion.php">Site Footer</a><li> + <li><a href="">HTTP Response Splitting (Hint: Difficult)</a></li> + </ul> + </li> + <li> + <a href="">HTMLi Via DOM Injection</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">HTMLi Via Cookie Injection</a> + <ul> + <li><a href="index.php?page=capture-data.php">Capture Data Page</a></li> + </ul> + </li> + <li> + <a href="">Frame Source Injection</a> + <ul> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Injection</a> + <ul> + <li><a href="./index.php">Those "Back" Buttons</a></li> + <li> + <a href="./index.php?page=password-generator.php&username=anonymous"> + Password Generator + </a> + </li> + <li><a href="./index.php?page=browser-info.php">Browser Info</a></li> + </ul> + </li> + <li> + <a href="">HTTP Parameter Pollution</a> + <ul> + <li><a href="./index.php?page=user-poll.php">Poll Question</a></li> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">Cascading Style Injection</a> + <ul> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Object Notation (JSON) Injection</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + <li> + <a href="">Buffer Overflow</a> + <ul> + <li><a href="./index.php?page=repeater.php">Repeater</a></li> + </ul> + </li> + <li> + <a href="">Parameter Addition</a> + <ul> + <li><a href="./index.php?page=repeater.php">Repeater</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href="">A2 - Cross Site Scripting (XSS)</a> + <ul> + <li> + <a href="">Reflected (First Order)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + <li><a href="./index.php?page=html5-storage.php">HTML5 Storage</a></li> + <li><a href="./index.php?page=capture-data.php">Capture Data Page</a></li> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">Persistent (Second Order)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="?page=view-someones-blog.php">View someone's blog</a></li> + <li><a href="?page=show-log.php">Show Log</a><li> + </ul> + </li> + <li> + <a href="">DOM Injection</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Via "Input" (GET/POST)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="?page=view-someones-blog.php">View someone's blog</a></li> + <li><a href="?page=show-log.php">Show Log</a><li> + <li><a href="?page=user-info.php">User Info</a></li> + <li><a href="./index.php">Missing HTTPOnly Attribute</a></li> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + </ul> + </li> + <li> + <a href="">Via HTTP Headers</a> + <ul> + <li><a href="./index.php?page=browser-info.php">Browser Info</a></li> + <li><a href="./index.php?page=show-log.php">Show Log</a><li> + <li><a href="./index.php?page=site-footer-xss-discussion.php">Site Footer</a><li> + <li><a href="./index.php?page=html5-storage.php">Those "BACK" Buttons</a></li> + </ul> + </li> + <li> + <a href="">Via Misconfiguration</a> + <ul> + <li><a href="./index.php">Missing HTTPOnly Attribute</a></li> + </ul> + </li> + <li> + <a href="">Against HTML 5 Storage</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Against JSON</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + </ul> + </li> + <li> + <a href="">Via Cookie Injection</a> + <ul> + <li><a href="index.php?page=capture-data.php">Capture Data Page</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href=""> + A3 - Broken Authentication and Session Management + </a> + <ul> + <li><a href="index.php">Cookies</a></li> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=view-user-privilege-level.php&iv=6bc24fc1ab650b25b4114e93a98f1eba">View User Privileges</a></li> + </ul> + </li> + <li> + <a href="">A4 - Insecure Direct Object References</a> + <ul> + <li><a href="index.php?page=source-viewer.php">Source Viewer</a></li> + <li><a href="index.php?page=credits.php">Credits</a></li> + <li><a href="index.php">Cookies</a></li> + <li><a href="index.php?page=arbitrary-file-inclusion.php">Arbitrary File Inclusion</a></li> + </ul> + </li> + <li> + <a href="">A5 - Cross Site Request Forgery (CSRF)</a> + <ul> + <li><a href="index.php?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="./index.php?page=register.php">Register User</a></li> + </ul> + </li> + <li> + <a href="">A6 - Security Misconfiguration</a> + <ul> + <li><a href="index.php?page=directory-browsing.php">Directory Browsing</a></li> + <li><a href="./index.php?page=user-info.php">Method Tampering (GET for POST)</a></li> + </ul> + </li> + <li> + <a href="">A7 - Insecure Cryptographic Storage</a> + <ul> + <li><a href="index.php?page=user-info.php">User Info</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">A8 - Failure to Restrict URL Access</a> + <ul> + <li><a href="index.php?page=source-viewer.php">Source Viewer</a></li> + <li><a href="index.php?page=secret-administrative-pages.php">"Secret" Administrative Pages</a></li> + <li><a href="index.php?page=robots-txt.php">Robots.txt</a></li> + </ul> + </li> + <li> + <a href="">A9 - Insufficient Transport Layer Protection</a> + <ul> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">A10 - Unvalidated Redirects and Forwards</a> + <ul> + <li><a href="?page=credits.php">Credits</a></li> + <a href="#">Setup/reset the DB (Disabled: Not Admin)</a></li> + + </ul> + </li> + </ul> + </li> + <li style="border-color: #ffffff; border-style: solid;border-width: 1px"> + <a href="#">HTML 5</a> + <ul> + <li> + <a href="">HTML 5 Web Storage</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Object Notation (JSON)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + <li> + <a href="">Asyncronous JavaScript and XML (AJAX)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + </ul> + </li> + <li style="border-color: #ffffff; border-style: solid;border-width: 1px"> + <a href="#">Others</a> + <ul> + <li> + <a href="">OWASP 2007 A3 - Malicious File Execution</a> + <ul> + <li><a href="?page=source-viewer.php">Source Viewer</a></li> + </ul> + </li> + <li> + <a href="">OWASP 2007 A6 - Information Leakage and Improper Error Handling</a> + <ul> + <li><a href="index.php">Cache Control</a></li> + <li><a href="index.php">X-Powered-By HTTP Header</a></li> + <li><a href="index.php">HTML/JavaScript Comments</a></li> + <li><a href="index.php?page=framing.php">Click-Jacking</a></li> + <li><a href="framer.html">Cross-Site Framing (Third-Party Framing)</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Denial of Service</a> + <ul> + <li><a href="?page=show-log.php">Show Web Log</a><li> + </ul> + </li> + <li> + <a href="">JavaScript "Security"</a> + <ul> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=user-info.php">User Info</a></li> + <li><a href="index.php?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="index.php?page=user-agent-impersonation.php">User-Agent Impersonation</a> + </li> + <li> + <a href="">Data Capture Pages</a> + <ul> + <li><a href="index.php?page=capture-data.php">Data Capture</a></li> + <li><a href="index.php?page=captured-data.php">View Captured Data</a></li> + </ul> + </li> + + </ul> + </li> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">Documentation</a> + <ul> + <li><a href="index.php?page=documentation/vulnerabilities.php">Listing of Vulnerabilities</a></li> + </ul> + </li> + </ul> + <br style="clear: left" /> + </div> + + <div class="label" style="text-align: center;">Developed by Adrian "Irongeek" Crenshaw and Jeremy Druin</div> + </td> + +<td valign="top"> + <blockquote> + <!-- Begin Content --> + + +<!-- Bubble hints code --> + +<script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div class="page-title">Log</div> + + + +<script type="text/javascript"> + $(function() { + $('[HTMLEventReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[HTMLEventReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div style="margin: 5px;"> + <span style="font-weight: bold;" HTMLEventReflectedXSSExecutionPoint="1"> + <a onclick="document.location.href='';" + style="cursor:pointer;"> + <img src="./images/back-button-128px-by-128px.png" + alt="Back" + width="64px" + height="64px" + align="middle" + /> + + Back + </a> + </span> +</div> +<table border="1px" width="100%" class="main-table-frame"><tr class="report-header"> <td colspan="10"> <span><img width="32px" height="32px" src="./images/information-icon-64-64.png" style="vertical-align:middle;" />4 log records found<span> <span title="Click to refresh log file" onclick="document.location.reload(true);" style="cursor: pointer;margin-left:35px;margin-right:35px;white-space:nowrap;font-weight:bold;"> <img width="32px" height="32px" src="./images/refresh-button-48px-by-48px.png" style="vertical-align:middle;" /> Refresh Logs </span> <span title="Click to delete log file" onclick="document.location='./index.php?page=show-log.php&deleteLogs=deleteLogs';" style="cursor: pointer;white-space:nowrap;font-weight:bold;"> <img width="32px" height="32px" src="./images/delete-icon-256-256.png" style="vertical-align:middle;" /> Delete Logs </span> </td></tr><tr class="report-header"> + <td style="font-weight:bold;">Hostname</td> + <td style="font-weight:bold;">IP</td> + <td style="font-weight:bold;">Browser Agent</td> + <td style="font-weight:bold;">Page Viewed</td> + <td style="font-weight:bold;">Date/Time</td> + </tr><tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:38:26</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:38:25</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:38:24</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:38:19</td> + </tr> +</table> + <!-- End Content --> + </blockquote> + </td> + </tr> + </table> + + +<!-- Bubble hints code --> + +<script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div ReflectedXSSExecutionPoint=\"1\" class="footer">Browser: <u>test2</u></div><div class="footer">PHP Version: 5.3.28</div></body> +</html><script type="text/javascript"> + try{ + window.localStorage.setItem("LocalStorageTarget","This is set by the index.php page"); + window.sessionStorage.setItem("SessionStorageTarget","This is set by the index.php page"); + }catch(e){ + alert(e); + }; + </script><script type="text/javascript" src="./javascript/jQuery/jquery-1.7.2.js"></script><script type="text/javascript" src="./javascript/jQuery/jquery.balloon.js"></script>
\ No newline at end of file diff --git a/hw7/index.php@page=show-log.php.8 b/hw7/index.php@page=show-log.php.8 new file mode 100644 index 0000000..6fcabf7 --- /dev/null +++ b/hw7/index.php@page=show-log.php.8 @@ -0,0 +1,578 @@ + + <!-- I think the database password is set to blank or perhaps samurai. + It depends on whether you installed this web app from irongeeks site or + are using it inside Kevin Johnsons Samurai web testing framework. + It is ok to put the password in HTML comments because no user will ever see + this comment. I remember that security instructor saying we should use the + framework comment symbols (ASP.NET, JAVA, PHP, Etc.) + rather than HTML comments, but we all know those + security instructors are just making all this up. --> +<!-- Bubble hints code --> + +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/1999/REC-html401-19991224/loose.dtd"> +<html> +<head> + <meta content="text/html; charset=us-ascii" http-equiv="content-type"> + + <link rel="shortcut icon" href="favicon.ico" type="image/x-icon" /> + <link rel="stylesheet" type="text/css" href="./styles/global-styles.css" /> + <link rel="stylesheet" type="text/css" href="./styles/ddsmoothmenu/ddsmoothmenu.css" /> + <link rel="stylesheet" type="text/css" href="./styles/ddsmoothmenu/ddsmoothmenu-v.css" /> + + <script type="text/javascript" src="./javascript/bookmark-site.js"></script> + <script type="text/javascript" src="./javascript/ddsmoothmenu/ddsmoothmenu.js"></script> + <script type="text/javascript" src="./javascript/ddsmoothmenu/jquery.min.js"> + /*********************************************** + * Smooth Navigational Menu- (c) Dynamic Drive DHTML code library (www.dynamicdrive.com) + * This notice MUST stay intact for legal use + * Visit Dynamic Drive at http://www.dynamicdrive.com/ for full source code + ***********************************************/ + </script> + <script type="text/javascript"> + ddsmoothmenu.init({ + mainmenuid: "smoothmenu1", //menu DIV id + orientation: 'v', //Horizontal or vertical menu: Set to "h" or "v" + classname: 'ddsmoothmenu', //class added to menu's outer DIV + //customtheme: ["#cccc44", "#cccccc"], + contentsource: "markup" //"markup" or ["container_id", "path_to_menu_file"] + }); + </script> + <script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + $('[CookieTamperingAffectedArea]').attr("title", "Cookies may store system state information"); + $('[CookieTamperingAffectedArea]').balloon(); + }); + </script> +</head> +<body onload="onLoadOfBody(this);"> +<table class="main-table-frame" border="1px" cellspacing="0px" cellpadding="0px"> + <tr> + <td bgcolor="#ccccff" align="center" colspan="7"> + <table width="100%"> + <tr> + <td style="text-align:center;"> + <span style="text-align:center; font-weight: bold; font-size:30px; text-align: center;"> + <img style="vertical-align: middle; margin-right: 10px;" border="0px" width="50px" height="40px" align="top" src="./images/coykillericon.png"/> + NOWASP (Mutillidae): Hack Like You Mean It + </span> + </td> + </tr> + </table> + </td> + </tr> + <tr> + <td bgcolor="#ccccff" align="center" colspan="7"> + <span class="version-header">Version: 2.3.10</span> + <span id="idSecurityLevelHeading" class="version-header" style="margin-left: 40px;">Security Level: 0 (Hosed)</span> + <span id="idHintsStatusHeading" CookieTamperingAffectedArea="1" class="version-header" style="margin-left: 40px;">Hints: Disabled (0 - I try harder)</span> + <span id="idSystemInformationHeading" ReflectedXSSExecutionPoint="1" class="version-header" style="margin-left: 40px;">Not Logged In</span> + </td> + </tr> + <tr> + <td colspan="2" class="header-menu-table"> + <table class="header-menu-table"> + <tr> + <td><a href="index.php?page=home.php">Home</a></td> + <td>|</td> + <td> + <a href="./index.php?page=login.php">Login/Register</a> + </td> + <td>|</td> + <td><a href="./index.php?do=toggle-hints&page=show-log.php">Toggle Hints</a></td><td>|</td> <td><a href="./index.php?do=toggle-security&page=show-log.php">Toggle Security</a></td> + <td>|</td> + <td><a href="set-up-database.php">Reset DB</a></td> + <td>|</td> + <td><a href="./index.php?page=show-log.php">View Log</a></td> + <td>|</td> + <td><a href="./index.php?page=captured-data.php">View Captured Data</a></td> + <td>|</td> + <td><a href="./index.php?do=toggle-bubble-hints&page=show-log.php">Hide Popup Hints</a></td> + </tr> + </table> + </td> + </tr> + <tr> + <td style="vertical-align:top;text-align:left;background-color:#ccccff;width:10%"> + <div id="smoothmenu1" class="ddsmoothmenu"> + <ul> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">Core Controls</a> + <ul> + <li><a href="index.php?page=home.php">Home</a></li> + <li> + <a href="./index.php?page=login.php">Login/Register</a> </li> + <li><a href="./index.php?do=toggle-hints&page=show-log.php">Toggle Hints</a></li> <li><a href="./index.php?do=toggle-security&page=show-log.php">Toggle Security</a></li> + <li><a href="set-up-database.php">Setup/Reset the DB</a></li> + <li><a href="./index.php?page=show-log.php">Show Log</a></li> + <li><a href="./index.php?page=credits.php">Credits</a></li> + <li><a href="./index.php?do=toggle-bubble-hints&page=show-log.php">Hide Popup Hints</a></li> + </ul> + </li> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">OWASP Top 10</a> + <ul> + <li> + <a href="">A1 - SQL Injection</a> + <ul> + <li> + <a href="">SQLi - Extract Data</a> + <ul> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">SQLi - Bypass Authentication</a> + <ul> + <li><a href="./index.php?page=login.php">Login</a></li> + </ul> + </li> + <li> + <a href="">SQLi - Insert Injection</a> + <ul> + <li><a href="./index.php?page=register.php">Register</a></li> + </ul> + </li> + <li> + <a href="">Blind SQL via Timing</a> + <ul> + <li><a href="./index.php?page=login.php">Login</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">SQLMAP Practice Target</a> + <ul> + <li><a href="./index.php?page=view-someones-blog.php">View Someones Blog</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">Via JavaScript Object Notation (JSON)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href="">A1 - Other Injection</a> + <ul> + <li> + <a href="">HTML Injection (HTMLi)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + </ul> + </li> + <li> + <a href="">HTMLi via HTTP Headers</a> + <ul> + <li><a href="./index.php?page=site-footer-xss-discussion.php">Site Footer</a><li> + <li><a href="">HTTP Response Splitting (Hint: Difficult)</a></li> + </ul> + </li> + <li> + <a href="">HTMLi Via DOM Injection</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">HTMLi Via Cookie Injection</a> + <ul> + <li><a href="index.php?page=capture-data.php">Capture Data Page</a></li> + </ul> + </li> + <li> + <a href="">Frame Source Injection</a> + <ul> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Injection</a> + <ul> + <li><a href="./index.php">Those "Back" Buttons</a></li> + <li> + <a href="./index.php?page=password-generator.php&username=anonymous"> + Password Generator + </a> + </li> + <li><a href="./index.php?page=browser-info.php">Browser Info</a></li> + </ul> + </li> + <li> + <a href="">HTTP Parameter Pollution</a> + <ul> + <li><a href="./index.php?page=user-poll.php">Poll Question</a></li> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">Cascading Style Injection</a> + <ul> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Object Notation (JSON) Injection</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + <li> + <a href="">Buffer Overflow</a> + <ul> + <li><a href="./index.php?page=repeater.php">Repeater</a></li> + </ul> + </li> + <li> + <a href="">Parameter Addition</a> + <ul> + <li><a href="./index.php?page=repeater.php">Repeater</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href="">A2 - Cross Site Scripting (XSS)</a> + <ul> + <li> + <a href="">Reflected (First Order)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + <li><a href="./index.php?page=html5-storage.php">HTML5 Storage</a></li> + <li><a href="./index.php?page=capture-data.php">Capture Data Page</a></li> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">Persistent (Second Order)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="?page=view-someones-blog.php">View someone's blog</a></li> + <li><a href="?page=show-log.php">Show Log</a><li> + </ul> + </li> + <li> + <a href="">DOM Injection</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Via "Input" (GET/POST)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="?page=view-someones-blog.php">View someone's blog</a></li> + <li><a href="?page=show-log.php">Show Log</a><li> + <li><a href="?page=user-info.php">User Info</a></li> + <li><a href="./index.php">Missing HTTPOnly Attribute</a></li> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + </ul> + </li> + <li> + <a href="">Via HTTP Headers</a> + <ul> + <li><a href="./index.php?page=browser-info.php">Browser Info</a></li> + <li><a href="./index.php?page=show-log.php">Show Log</a><li> + <li><a href="./index.php?page=site-footer-xss-discussion.php">Site Footer</a><li> + <li><a href="./index.php?page=html5-storage.php">Those "BACK" Buttons</a></li> + </ul> + </li> + <li> + <a href="">Via Misconfiguration</a> + <ul> + <li><a href="./index.php">Missing HTTPOnly Attribute</a></li> + </ul> + </li> + <li> + <a href="">Against HTML 5 Storage</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Against JSON</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + </ul> + </li> + <li> + <a href="">Via Cookie Injection</a> + <ul> + <li><a href="index.php?page=capture-data.php">Capture Data Page</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href=""> + A3 - Broken Authentication and Session Management + </a> + <ul> + <li><a href="index.php">Cookies</a></li> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=view-user-privilege-level.php&iv=6bc24fc1ab650b25b4114e93a98f1eba">View User Privileges</a></li> + </ul> + </li> + <li> + <a href="">A4 - Insecure Direct Object References</a> + <ul> + <li><a href="index.php?page=source-viewer.php">Source Viewer</a></li> + <li><a href="index.php?page=credits.php">Credits</a></li> + <li><a href="index.php">Cookies</a></li> + <li><a href="index.php?page=arbitrary-file-inclusion.php">Arbitrary File Inclusion</a></li> + </ul> + </li> + <li> + <a href="">A5 - Cross Site Request Forgery (CSRF)</a> + <ul> + <li><a href="index.php?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="./index.php?page=register.php">Register User</a></li> + </ul> + </li> + <li> + <a href="">A6 - Security Misconfiguration</a> + <ul> + <li><a href="index.php?page=directory-browsing.php">Directory Browsing</a></li> + <li><a href="./index.php?page=user-info.php">Method Tampering (GET for POST)</a></li> + </ul> + </li> + <li> + <a href="">A7 - Insecure Cryptographic Storage</a> + <ul> + <li><a href="index.php?page=user-info.php">User Info</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">A8 - Failure to Restrict URL Access</a> + <ul> + <li><a href="index.php?page=source-viewer.php">Source Viewer</a></li> + <li><a href="index.php?page=secret-administrative-pages.php">"Secret" Administrative Pages</a></li> + <li><a href="index.php?page=robots-txt.php">Robots.txt</a></li> + </ul> + </li> + <li> + <a href="">A9 - Insufficient Transport Layer Protection</a> + <ul> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">A10 - Unvalidated Redirects and Forwards</a> + <ul> + <li><a href="?page=credits.php">Credits</a></li> + <a href="#">Setup/reset the DB (Disabled: Not Admin)</a></li> + + </ul> + </li> + </ul> + </li> + <li style="border-color: #ffffff; border-style: solid;border-width: 1px"> + <a href="#">HTML 5</a> + <ul> + <li> + <a href="">HTML 5 Web Storage</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Object Notation (JSON)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + <li> + <a href="">Asyncronous JavaScript and XML (AJAX)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + </ul> + </li> + <li style="border-color: #ffffff; border-style: solid;border-width: 1px"> + <a href="#">Others</a> + <ul> + <li> + <a href="">OWASP 2007 A3 - Malicious File Execution</a> + <ul> + <li><a href="?page=source-viewer.php">Source Viewer</a></li> + </ul> + </li> + <li> + <a href="">OWASP 2007 A6 - Information Leakage and Improper Error Handling</a> + <ul> + <li><a href="index.php">Cache Control</a></li> + <li><a href="index.php">X-Powered-By HTTP Header</a></li> + <li><a href="index.php">HTML/JavaScript Comments</a></li> + <li><a href="index.php?page=framing.php">Click-Jacking</a></li> + <li><a href="framer.html">Cross-Site Framing (Third-Party Framing)</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Denial of Service</a> + <ul> + <li><a href="?page=show-log.php">Show Web Log</a><li> + </ul> + </li> + <li> + <a href="">JavaScript "Security"</a> + <ul> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=user-info.php">User Info</a></li> + <li><a href="index.php?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="index.php?page=user-agent-impersonation.php">User-Agent Impersonation</a> + </li> + <li> + <a href="">Data Capture Pages</a> + <ul> + <li><a href="index.php?page=capture-data.php">Data Capture</a></li> + <li><a href="index.php?page=captured-data.php">View Captured Data</a></li> + </ul> + </li> + + </ul> + </li> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">Documentation</a> + <ul> + <li><a href="index.php?page=documentation/vulnerabilities.php">Listing of Vulnerabilities</a></li> + </ul> + </li> + </ul> + <br style="clear: left" /> + </div> + + <div class="label" style="text-align: center;">Developed by Adrian "Irongeek" Crenshaw and Jeremy Druin</div> + </td> + +<td valign="top"> + <blockquote> + <!-- Begin Content --> + + +<!-- Bubble hints code --> + +<script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div class="page-title">Log</div> + + + +<script type="text/javascript"> + $(function() { + $('[HTMLEventReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[HTMLEventReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div style="margin: 5px;"> + <span style="font-weight: bold;" HTMLEventReflectedXSSExecutionPoint="1"> + <a onclick="document.location.href='';" + style="cursor:pointer;"> + <img src="./images/back-button-128px-by-128px.png" + alt="Back" + width="64px" + height="64px" + align="middle" + /> + + Back + </a> + </span> +</div> +<table border="1px" width="100%" class="main-table-frame"><tr class="report-header"> <td colspan="10"> <span><img width="32px" height="32px" src="./images/information-icon-64-64.png" style="vertical-align:middle;" />6 log records found<span> <span title="Click to refresh log file" onclick="document.location.reload(true);" style="cursor: pointer;margin-left:35px;margin-right:35px;white-space:nowrap;font-weight:bold;"> <img width="32px" height="32px" src="./images/refresh-button-48px-by-48px.png" style="vertical-align:middle;" /> Refresh Logs </span> <span title="Click to delete log file" onclick="document.location='./index.php?page=show-log.php&deleteLogs=deleteLogs';" style="cursor: pointer;white-space:nowrap;font-weight:bold;"> <img width="32px" height="32px" src="./images/delete-icon-256-256.png" style="vertical-align:middle;" /> Delete Logs </span> </td></tr><tr class="report-header"> + <td style="font-weight:bold;">Hostname</td> + <td style="font-weight:bold;">IP</td> + <td style="font-weight:bold;">Browser Agent</td> + <td style="font-weight:bold;">Page Viewed</td> + <td style="font-weight:bold;">Date/Time</td> + </tr><tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:38:39</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1"><u>test2</u></td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:38:37</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:38:26</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:38:25</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:38:24</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:38:19</td> + </tr> +</table> + <!-- End Content --> + </blockquote> + </td> + </tr> + </table> + + +<!-- Bubble hints code --> + +<script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div ReflectedXSSExecutionPoint=\"1\" class="footer">Browser: <script>/*test*/</script></div><div class="footer">PHP Version: 5.3.28</div></body> +</html><script type="text/javascript"> + try{ + window.localStorage.setItem("LocalStorageTarget","This is set by the index.php page"); + window.sessionStorage.setItem("SessionStorageTarget","This is set by the index.php page"); + }catch(e){ + alert(e); + }; + </script><script type="text/javascript" src="./javascript/jQuery/jquery-1.7.2.js"></script><script type="text/javascript" src="./javascript/jQuery/jquery.balloon.js"></script>
\ No newline at end of file diff --git a/hw7/index.php@page=show-log.php.9 b/hw7/index.php@page=show-log.php.9 new file mode 100644 index 0000000..1bebf3d --- /dev/null +++ b/hw7/index.php@page=show-log.php.9 @@ -0,0 +1,599 @@ + + <!-- I think the database password is set to blank or perhaps samurai. + It depends on whether you installed this web app from irongeeks site or + are using it inside Kevin Johnsons Samurai web testing framework. + It is ok to put the password in HTML comments because no user will ever see + this comment. I remember that security instructor saying we should use the + framework comment symbols (ASP.NET, JAVA, PHP, Etc.) + rather than HTML comments, but we all know those + security instructors are just making all this up. --> +<!-- Bubble hints code --> + +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/1999/REC-html401-19991224/loose.dtd"> +<html> +<head> + <meta content="text/html; charset=us-ascii" http-equiv="content-type"> + + <link rel="shortcut icon" href="favicon.ico" type="image/x-icon" /> + <link rel="stylesheet" type="text/css" href="./styles/global-styles.css" /> + <link rel="stylesheet" type="text/css" href="./styles/ddsmoothmenu/ddsmoothmenu.css" /> + <link rel="stylesheet" type="text/css" href="./styles/ddsmoothmenu/ddsmoothmenu-v.css" /> + + <script type="text/javascript" src="./javascript/bookmark-site.js"></script> + <script type="text/javascript" src="./javascript/ddsmoothmenu/ddsmoothmenu.js"></script> + <script type="text/javascript" src="./javascript/ddsmoothmenu/jquery.min.js"> + /*********************************************** + * Smooth Navigational Menu- (c) Dynamic Drive DHTML code library (www.dynamicdrive.com) + * This notice MUST stay intact for legal use + * Visit Dynamic Drive at http://www.dynamicdrive.com/ for full source code + ***********************************************/ + </script> + <script type="text/javascript"> + ddsmoothmenu.init({ + mainmenuid: "smoothmenu1", //menu DIV id + orientation: 'v', //Horizontal or vertical menu: Set to "h" or "v" + classname: 'ddsmoothmenu', //class added to menu's outer DIV + //customtheme: ["#cccc44", "#cccccc"], + contentsource: "markup" //"markup" or ["container_id", "path_to_menu_file"] + }); + </script> + <script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + $('[CookieTamperingAffectedArea]').attr("title", "Cookies may store system state information"); + $('[CookieTamperingAffectedArea]').balloon(); + }); + </script> +</head> +<body onload="onLoadOfBody(this);"> +<table class="main-table-frame" border="1px" cellspacing="0px" cellpadding="0px"> + <tr> + <td bgcolor="#ccccff" align="center" colspan="7"> + <table width="100%"> + <tr> + <td style="text-align:center;"> + <span style="text-align:center; font-weight: bold; font-size:30px; text-align: center;"> + <img style="vertical-align: middle; margin-right: 10px;" border="0px" width="50px" height="40px" align="top" src="./images/coykillericon.png"/> + NOWASP (Mutillidae): Hack Like You Mean It + </span> + </td> + </tr> + </table> + </td> + </tr> + <tr> + <td bgcolor="#ccccff" align="center" colspan="7"> + <span class="version-header">Version: 2.3.10</span> + <span id="idSecurityLevelHeading" class="version-header" style="margin-left: 40px;">Security Level: 0 (Hosed)</span> + <span id="idHintsStatusHeading" CookieTamperingAffectedArea="1" class="version-header" style="margin-left: 40px;">Hints: Disabled (0 - I try harder)</span> + <span id="idSystemInformationHeading" ReflectedXSSExecutionPoint="1" class="version-header" style="margin-left: 40px;">Not Logged In</span> + </td> + </tr> + <tr> + <td colspan="2" class="header-menu-table"> + <table class="header-menu-table"> + <tr> + <td><a href="index.php?page=home.php">Home</a></td> + <td>|</td> + <td> + <a href="./index.php?page=login.php">Login/Register</a> + </td> + <td>|</td> + <td><a href="./index.php?do=toggle-hints&page=show-log.php">Toggle Hints</a></td><td>|</td> <td><a href="./index.php?do=toggle-security&page=show-log.php">Toggle Security</a></td> + <td>|</td> + <td><a href="set-up-database.php">Reset DB</a></td> + <td>|</td> + <td><a href="./index.php?page=show-log.php">View Log</a></td> + <td>|</td> + <td><a href="./index.php?page=captured-data.php">View Captured Data</a></td> + <td>|</td> + <td><a href="./index.php?do=toggle-bubble-hints&page=show-log.php">Hide Popup Hints</a></td> + </tr> + </table> + </td> + </tr> + <tr> + <td style="vertical-align:top;text-align:left;background-color:#ccccff;width:10%"> + <div id="smoothmenu1" class="ddsmoothmenu"> + <ul> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">Core Controls</a> + <ul> + <li><a href="index.php?page=home.php">Home</a></li> + <li> + <a href="./index.php?page=login.php">Login/Register</a> </li> + <li><a href="./index.php?do=toggle-hints&page=show-log.php">Toggle Hints</a></li> <li><a href="./index.php?do=toggle-security&page=show-log.php">Toggle Security</a></li> + <li><a href="set-up-database.php">Setup/Reset the DB</a></li> + <li><a href="./index.php?page=show-log.php">Show Log</a></li> + <li><a href="./index.php?page=credits.php">Credits</a></li> + <li><a href="./index.php?do=toggle-bubble-hints&page=show-log.php">Hide Popup Hints</a></li> + </ul> + </li> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">OWASP Top 10</a> + <ul> + <li> + <a href="">A1 - SQL Injection</a> + <ul> + <li> + <a href="">SQLi - Extract Data</a> + <ul> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">SQLi - Bypass Authentication</a> + <ul> + <li><a href="./index.php?page=login.php">Login</a></li> + </ul> + </li> + <li> + <a href="">SQLi - Insert Injection</a> + <ul> + <li><a href="./index.php?page=register.php">Register</a></li> + </ul> + </li> + <li> + <a href="">Blind SQL via Timing</a> + <ul> + <li><a href="./index.php?page=login.php">Login</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">SQLMAP Practice Target</a> + <ul> + <li><a href="./index.php?page=view-someones-blog.php">View Someones Blog</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">Via JavaScript Object Notation (JSON)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href="">A1 - Other Injection</a> + <ul> + <li> + <a href="">HTML Injection (HTMLi)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + </ul> + </li> + <li> + <a href="">HTMLi via HTTP Headers</a> + <ul> + <li><a href="./index.php?page=site-footer-xss-discussion.php">Site Footer</a><li> + <li><a href="">HTTP Response Splitting (Hint: Difficult)</a></li> + </ul> + </li> + <li> + <a href="">HTMLi Via DOM Injection</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">HTMLi Via Cookie Injection</a> + <ul> + <li><a href="index.php?page=capture-data.php">Capture Data Page</a></li> + </ul> + </li> + <li> + <a href="">Frame Source Injection</a> + <ul> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Injection</a> + <ul> + <li><a href="./index.php">Those "Back" Buttons</a></li> + <li> + <a href="./index.php?page=password-generator.php&username=anonymous"> + Password Generator + </a> + </li> + <li><a href="./index.php?page=browser-info.php">Browser Info</a></li> + </ul> + </li> + <li> + <a href="">HTTP Parameter Pollution</a> + <ul> + <li><a href="./index.php?page=user-poll.php">Poll Question</a></li> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">Cascading Style Injection</a> + <ul> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Object Notation (JSON) Injection</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + <li> + <a href="">Buffer Overflow</a> + <ul> + <li><a href="./index.php?page=repeater.php">Repeater</a></li> + </ul> + </li> + <li> + <a href="">Parameter Addition</a> + <ul> + <li><a href="./index.php?page=repeater.php">Repeater</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href="">A2 - Cross Site Scripting (XSS)</a> + <ul> + <li> + <a href="">Reflected (First Order)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + <li><a href="./index.php?page=html5-storage.php">HTML5 Storage</a></li> + <li><a href="./index.php?page=capture-data.php">Capture Data Page</a></li> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">Persistent (Second Order)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="?page=view-someones-blog.php">View someone's blog</a></li> + <li><a href="?page=show-log.php">Show Log</a><li> + </ul> + </li> + <li> + <a href="">DOM Injection</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Via "Input" (GET/POST)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="?page=view-someones-blog.php">View someone's blog</a></li> + <li><a href="?page=show-log.php">Show Log</a><li> + <li><a href="?page=user-info.php">User Info</a></li> + <li><a href="./index.php">Missing HTTPOnly Attribute</a></li> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + </ul> + </li> + <li> + <a href="">Via HTTP Headers</a> + <ul> + <li><a href="./index.php?page=browser-info.php">Browser Info</a></li> + <li><a href="./index.php?page=show-log.php">Show Log</a><li> + <li><a href="./index.php?page=site-footer-xss-discussion.php">Site Footer</a><li> + <li><a href="./index.php?page=html5-storage.php">Those "BACK" Buttons</a></li> + </ul> + </li> + <li> + <a href="">Via Misconfiguration</a> + <ul> + <li><a href="./index.php">Missing HTTPOnly Attribute</a></li> + </ul> + </li> + <li> + <a href="">Against HTML 5 Storage</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Against JSON</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + </ul> + </li> + <li> + <a href="">Via Cookie Injection</a> + <ul> + <li><a href="index.php?page=capture-data.php">Capture Data Page</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href=""> + A3 - Broken Authentication and Session Management + </a> + <ul> + <li><a href="index.php">Cookies</a></li> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=view-user-privilege-level.php&iv=6bc24fc1ab650b25b4114e93a98f1eba">View User Privileges</a></li> + </ul> + </li> + <li> + <a href="">A4 - Insecure Direct Object References</a> + <ul> + <li><a href="index.php?page=source-viewer.php">Source Viewer</a></li> + <li><a href="index.php?page=credits.php">Credits</a></li> + <li><a href="index.php">Cookies</a></li> + <li><a href="index.php?page=arbitrary-file-inclusion.php">Arbitrary File Inclusion</a></li> + </ul> + </li> + <li> + <a href="">A5 - Cross Site Request Forgery (CSRF)</a> + <ul> + <li><a href="index.php?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="./index.php?page=register.php">Register User</a></li> + </ul> + </li> + <li> + <a href="">A6 - Security Misconfiguration</a> + <ul> + <li><a href="index.php?page=directory-browsing.php">Directory Browsing</a></li> + <li><a href="./index.php?page=user-info.php">Method Tampering (GET for POST)</a></li> + </ul> + </li> + <li> + <a href="">A7 - Insecure Cryptographic Storage</a> + <ul> + <li><a href="index.php?page=user-info.php">User Info</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">A8 - Failure to Restrict URL Access</a> + <ul> + <li><a href="index.php?page=source-viewer.php">Source Viewer</a></li> + <li><a href="index.php?page=secret-administrative-pages.php">"Secret" Administrative Pages</a></li> + <li><a href="index.php?page=robots-txt.php">Robots.txt</a></li> + </ul> + </li> + <li> + <a href="">A9 - Insufficient Transport Layer Protection</a> + <ul> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">A10 - Unvalidated Redirects and Forwards</a> + <ul> + <li><a href="?page=credits.php">Credits</a></li> + <a href="#">Setup/reset the DB (Disabled: Not Admin)</a></li> + + </ul> + </li> + </ul> + </li> + <li style="border-color: #ffffff; border-style: solid;border-width: 1px"> + <a href="#">HTML 5</a> + <ul> + <li> + <a href="">HTML 5 Web Storage</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Object Notation (JSON)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + <li> + <a href="">Asyncronous JavaScript and XML (AJAX)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + </ul> + </li> + <li style="border-color: #ffffff; border-style: solid;border-width: 1px"> + <a href="#">Others</a> + <ul> + <li> + <a href="">OWASP 2007 A3 - Malicious File Execution</a> + <ul> + <li><a href="?page=source-viewer.php">Source Viewer</a></li> + </ul> + </li> + <li> + <a href="">OWASP 2007 A6 - Information Leakage and Improper Error Handling</a> + <ul> + <li><a href="index.php">Cache Control</a></li> + <li><a href="index.php">X-Powered-By HTTP Header</a></li> + <li><a href="index.php">HTML/JavaScript Comments</a></li> + <li><a href="index.php?page=framing.php">Click-Jacking</a></li> + <li><a href="framer.html">Cross-Site Framing (Third-Party Framing)</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Denial of Service</a> + <ul> + <li><a href="?page=show-log.php">Show Web Log</a><li> + </ul> + </li> + <li> + <a href="">JavaScript "Security"</a> + <ul> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=user-info.php">User Info</a></li> + <li><a href="index.php?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="index.php?page=user-agent-impersonation.php">User-Agent Impersonation</a> + </li> + <li> + <a href="">Data Capture Pages</a> + <ul> + <li><a href="index.php?page=capture-data.php">Data Capture</a></li> + <li><a href="index.php?page=captured-data.php">View Captured Data</a></li> + </ul> + </li> + + </ul> + </li> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">Documentation</a> + <ul> + <li><a href="index.php?page=documentation/vulnerabilities.php">Listing of Vulnerabilities</a></li> + </ul> + </li> + </ul> + <br style="clear: left" /> + </div> + + <div class="label" style="text-align: center;">Developed by Adrian "Irongeek" Crenshaw and Jeremy Druin</div> + </td> + +<td valign="top"> + <blockquote> + <!-- Begin Content --> + + +<!-- Bubble hints code --> + +<script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div class="page-title">Log</div> + + + +<script type="text/javascript"> + $(function() { + $('[HTMLEventReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[HTMLEventReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div style="margin: 5px;"> + <span style="font-weight: bold;" HTMLEventReflectedXSSExecutionPoint="1"> + <a onclick="document.location.href='';" + style="cursor:pointer;"> + <img src="./images/back-button-128px-by-128px.png" + alt="Back" + width="64px" + height="64px" + align="middle" + /> + + Back + </a> + </span> +</div> +<table border="1px" width="100%" class="main-table-frame"><tr class="report-header"> <td colspan="10"> <span><img width="32px" height="32px" src="./images/information-icon-64-64.png" style="vertical-align:middle;" />9 log records found<span> <span title="Click to refresh log file" onclick="document.location.reload(true);" style="cursor: pointer;margin-left:35px;margin-right:35px;white-space:nowrap;font-weight:bold;"> <img width="32px" height="32px" src="./images/refresh-button-48px-by-48px.png" style="vertical-align:middle;" /> Refresh Logs </span> <span title="Click to delete log file" onclick="document.location='./index.php?page=show-log.php&deleteLogs=deleteLogs';" style="cursor: pointer;white-space:nowrap;font-weight:bold;"> <img width="32px" height="32px" src="./images/delete-icon-256-256.png" style="vertical-align:middle;" /> Delete Logs </span> </td></tr><tr class="report-header"> + <td style="font-weight:bold;">Hostname</td> + <td style="font-weight:bold;">IP</td> + <td style="font-weight:bold;">Browser Agent</td> + <td style="font-weight:bold;">Page Viewed</td> + <td style="font-weight:bold;">Date/Time</td> + </tr><tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:39:19</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:38:55</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1"><script>/*test*/</script></td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:38:52</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:38:39</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1"><u>test2</u></td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:38:37</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:38:26</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:38:25</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:38:24</td> + </tr> +<tr> + <td>150.212.127.34</td> + <td>150.212.127.34</td> + <td ReflectedXSSExecutionPoint="1">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0</td> + <td ReflectedXSSExecutionPoint="1">User visited: show-log.php</td> + <td>2019-10-23 12:38:19</td> + </tr> +</table> + <!-- End Content --> + </blockquote> + </td> + </tr> + </table> + + +<!-- Bubble hints code --> + +<script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div ReflectedXSSExecutionPoint=\"1\" class="footer">Browser: <script>console.log(1)</script></div><div class="footer">PHP Version: 5.3.28</div></body> +</html><script type="text/javascript"> + try{ + window.localStorage.setItem("LocalStorageTarget","This is set by the index.php page"); + window.sessionStorage.setItem("SessionStorageTarget","This is set by the index.php page"); + }catch(e){ + alert(e); + }; + </script><script type="text/javascript" src="./javascript/jQuery/jquery-1.7.2.js"></script><script type="text/javascript" src="./javascript/jQuery/jquery.balloon.js"></script>
\ No newline at end of file diff --git a/hw7/res/1.PNG b/hw7/res/1.PNG Binary files differnew file mode 100644 index 0000000..697c8b6 --- /dev/null +++ b/hw7/res/1.PNG diff --git a/hw7/res/2_1.PNG b/hw7/res/2_1.PNG Binary files differnew file mode 100644 index 0000000..87b4288 --- /dev/null +++ b/hw7/res/2_1.PNG diff --git a/hw7/res/2_1.xcf b/hw7/res/2_1.xcf Binary files differnew file mode 100644 index 0000000..c576ee0 --- /dev/null +++ b/hw7/res/2_1.xcf diff --git a/hw7/res/2_2.PNG b/hw7/res/2_2.PNG Binary files differnew file mode 100644 index 0000000..a1326c7 --- /dev/null +++ b/hw7/res/2_2.PNG diff --git a/hw7/res/2_3.PNG b/hw7/res/2_3.PNG Binary files differnew file mode 100644 index 0000000..9633c5f --- /dev/null +++ b/hw7/res/2_3.PNG diff --git a/hw7/res/3_1.PNG b/hw7/res/3_1.PNG Binary files differnew file mode 100644 index 0000000..0d2670c --- /dev/null +++ b/hw7/res/3_1.PNG diff --git a/hw7/res/3_2.PNG b/hw7/res/3_2.PNG Binary files differnew file mode 100644 index 0000000..1f5aa21 --- /dev/null +++ b/hw7/res/3_2.PNG diff --git a/hw7/res/3_3.PNG b/hw7/res/3_3.PNG Binary files differnew file mode 100644 index 0000000..577b073 --- /dev/null +++ b/hw7/res/3_3.PNG |
