Bu konu altında bWAPP'in çözümleri paylaşılacaktır.
bWAPP (Buggy Web Application) Nedir?
bWAPP, web uygulama güvenliğinde kendini geliştirmek isteyenler için hazırlanmış ücretsiz ve açık kaynak bir pentest/hacking test laboratuvarıdır. OWASP tarafından belirlenen en kritik güvenlik açıklarını hem saldırı hem de savunma yönünden öğrenmenize yardımcı olur.
bWAPP'de üç zorluk seviyesi bulunuyor. Bunlar; low, medium ve high.
DVWA'den daha kapsamlıdır ve çok daha fazla zaafiyeti barındırır. Daha önce açtığımız DVWA Çözümleri konusana göz atabilirsiniz.
DVWA Çözümleri ~ Anka Tim
bWAPP Hangi Zaafiyetleri Barındırıyor?
Kod:
[COLOR=Red]A1 - Injection[/COLOR]
HTML Injection - Reflected (GET)
HTML Injection - Reflected (POST)
HTML Injection - Reflected (Current URL)
HTML Injection - Stored (Blog)
iFrame Injection
LDAP Injection (Search)
Mail Header Injection (SMTP)
OS Command Injection
OS Command Injection - Blind
PHP Code Injection
Server-Side Includes (SSI) Injection
SQL Injection (GET/Search)
SQL Injection (GET/Select)
SQL Injection (POST/Search)
SQL Injection (POST/Select)
SQL Injection (AJAX/JSON/jQuery)
SQL Injection (CAPTCHA)
SQL Injection (Login Form/Hero)
SQL Injection (Login Form/User)
SQL Injection (SQLite)
SQL Injection (Drupal)
SQL Injection - Stored (Blog)
SQL Injection - Stored (SQLite)
SQL Injection - Stored (User-Agent)
SQL Injection - Stored (XML)
SQL Injection - Blind - Boolean-Based
SQL Injection - Blind - Time-Based
SQL Injection - Blind (SQLite)
SQL Injection - Blind (Web Services/SOAP)
XML/XPath Injection (Login Form)
XML/XPath Injection (Search)
[COLOR=red]A2 - Broken Auth. & Session Mgmt.[/COLOR]
Broken Authentication - CAPTCHA Bypassing
Broken Authentication - Forgotten Function
Broken Authentication - Insecure Login Forms
Broken Authentication - Logout Management
Broken Authentication - Password Attacks
Broken Authentication - Weak Passwords
Session Management - Administrative Portals
Session Management - Cookies (HTTPOnly)
Session Management - Cookies (Secure)
Session Management - Session ID in URL
Session Management - Strong Sessions
[COLOR=red]A3 - Cross-Site Scripting (XSS)[/COLOR]
Cross-Site Scripting - Reflected (GET)
Cross-Site Scripting - Reflected (POST)
Cross-Site Scripting - Reflected (JSON)
Cross-Site Scripting - Reflected (AJAX/JSON)
Cross-Site Scripting - Reflected (AJAX/XML)
Cross-Site Scripting - Reflected (Back Button)
Cross-Site Scripting - Reflected (Custom Header)
Cross-Site Scripting - Reflected (Eval)</option>
Cross-Site Scripting - Reflected (HREF)</option>
Cross-Site Scripting - Reflected (Login Form)
Cross-Site Scripting - Reflected (phpMyAdmin)
Cross-Site Scripting - Reflected (PHP_SELF)
Cross-Site Scripting - Reflected (Referer)
Cross-Site Scripting - Reflected (User-Agent)
Cross-Site Scripting - Stored (Blog)
Cross-Site Scripting - Stored (Change Secret)
Cross-Site Scripting - Stored (Cookies)
Cross-Site Scripting - Stored (SQLiteManager)
Cross-Site Scripting - Stored (User-Agent)
[COLOR=red]A4 - Insecure Direct Object References [/COLOR]
Insecure DOR (Change Secret)
Insecure DOR (Reset Secret)
Insecure DOR (Order Tickets)
A5 - Security Misconfiguration
Arbitrary File Access (Samba)
Cross-Domain Policy File (Flash)
Cross-Origin Resource Sharing (AJAX)
Cross-Site Tracing (XST)
Denial-of-Service (Large Chunk Size)
Denial-of-Service (Slow HTTP DoS)
Denial-of-Service (SSL-Exhaustion)
Denial-of-Service (XML Bomb)
Insecure FTP Configuration
Insecure SNMP Configuration
Insecure WebDAV Configuration
Local Privilege Escalation (sendpage)
Local Privilege Escalation (udev)
Man-in-the-Middle Attack (HTTP)
Man-in-the-Middle Attack (SMTP)
Old/Backup & Unreferenced Files
Robots File
[COLOR=red]A6 - Sensitive Data Exposure [/COLOR]
Base64 Encoding (Secret)
BEAST/CRIME/BREACH Attacks
Clear Text HTTP (Credentials)
Heartbleed Vulnerability
Host Header Attack (Reset Poisoning)
HTML5 Web Storage (Secret)
POODLE Vulnerability
SSL 2.0 Deprecated Protocol
Text Files (Accounts)
[COLOR=red]A7 - Missing Functional Level Access Control [/COLOR]
Directory Traversal - Directories
Directory Traversal - Files
Host Header Attack (Cache Poisoning)
Host Header Attack (Reset Poisoning)
Local File Inclusion (SQLiteManager)
Remote & Local File Inclusion (RFI/LFI)
Restrict Device Access
Restrict Folder Access
Server Side Request Forgery (SSRF)
XML External Entity Attacks (XXE)
[COLOR=red]A8 - Cross-Site Request Forgery (CSRF)[/COLOR]
Cross-Site Request Forgery (Change Password)
Cross-Site Request Forgery (Change Secret)
Cross-Site Request Forgery (Transfer Amount)
[COLOR=red]A9 - Using Known Vulnerable Components[/COLOR]
Buffer Overflow (Local)
Buffer Overflow (Remote)
Drupal SQL Injection (Drupageddon)
Heartbleed Vulnerability
PHP CGI Remote Code Execution
PHP Eval Function
phpMyAdmin BBCode Tag XSS
Shellshock Vulnerability (CGI)
SQLiteManager Local File Inclusion
SQLiteManager PHP Code Injection
SQLiteManager XSS
[COLOR=red]A10 - Unvalidated Redirects & Forwards [/COLOR]
Unvalidated Redirects & Forwards (1)
Unvalidated Redirects & Forwards (2)
Other bugs...
ClickJacking (Movie Tickets)
Client-Side Validation (Password)
HTTP Parameter Pollution
HTTP Response Splitting
HTTP Verb Tampering
Information Disclosure - Favicon
Information Disclosure - Headers
Information Disclosure - PHP version
Information Disclosure - Robots File
Insecure iFrame (Login Form)
Unrestricted File Upload
[COLOR=red]--------------- Extras ----------------[/COLOR]
A.I.M. - No-authentication Mode
Client Access Policy File
Cross-Domain Policy File
Evil 666 Fuzzing Page
Manual Intervention Required!
Unprotected Admin Portal
We Steal Secrets... (html)
We Steal Secrets... (plain)
WSDL File (Web Services/SOAP)
ANKA TİM
Son düzenleme: