Powered by Blogger.
Home » » OWASP Top 10 Web Hacking Final Lab 9 SQL Injection Union Exploit #2 (Create Output File)

OWASP Top 10 Web Hacking Final Lab 9 SQL Injection Union Exploit #2 (Create Output File)

Written By Akademy on Thursday, November 21, 2013 | November 21, 2013

{ SQL Injection Union Exploit #2 (Create Output File) }

    OWASP Top 10 Web Hacking Final  Lab 9

Start Web Browser Session to Mutillidae
  1. On BackTrack, Open Firefox
    • Instructions:
      1. Click on the Firefox Icon
    • Notes (FYI):
      • If FireFox Icon does not exist in the Menu Bar Tray, then go to Applications --> Internet --> Firefox Web Browser
  2. Open Mutillidae
    • Notes (FYI):
      • Replace 192.168.1.111 in the following URL --> http://192.168.1.111/mutillidae, with your Mutillidae's IP Address obtained from (Section 3, Step 3)
    • Instructions:
      1. http://192.168.1.111/mutillidae

Section 9. Go To User Info Page
  1. Go to User Info
    • Instructions:
      1. OWASP Top 10 --> A1 - SQL Injection --> SQLi - Extract Data --> User Info
Section 15. SQL Injection (Refresher Union Examples)
  1. Inspect the Name Textbox with Firebug
    • Instructions:
      1. Right click on the Name Textbox
      2. Click on Inspect Element
  2. Change Text Box Size
    • Instructions:
      1. After the string "size=", Change 20 to 100. (See Picture)
      2. Click on the Close Button
  3. Second Union SQL Injection Attempt
    • Instructions:
      1. In the Name Textbox place the following string.  Remember to put a space after the "-- ".
        • ' union select ccid,ccnumber,ccv,expiration,null from credit_cards --
      2. Click the View Account Details button
    • Note(FYI):
      1. The goal with this union statement is to map out which fields in the database align with the above numbers when the output is displayed.
  4. Viewing the Results
    • Note(FYI):
      1. Scroll down and notice that Username is populated with a credit card number, Password is populated with the CCV, and Signature is populated with the expiration.
        • Username=4444111122223333
        • Password=745
        • Signature=2012-03-01
      2. Congrats, you successful manipulated a "purposeful" bug in the user-info.php script, to display credit card information using a query meant for the accounts table.
    • Instructions:
      1. View the Results

Section 16. SQL Injection (Union Example with Curl #5)
  1. Go to User Info
    • Instructions:
      1. OWASP Top 10 --> A1 - SQL Injection --> SQLi - Extract Data --> User Info
  2. Inspect the Name Textbox with Firebug
    • Instructions:
      1. Right click on the Name Textbox
      2. Click on Inspect Element
  3. Change Text Box Size
    • Instructions:
      1. After the string "size=", Change 20 to 100. (See Picture)
      2. Click on the Close Button
  4. Execute MySQL Union Injection
    • Note(FYI):
      1. Remember to put a space after the "-- ".
    • Instructions:
      1. Place the below Injection String in the Name Textbox
        • ' union select ccid,ccnumber,ccv,expiration,null from credit_cards INTO OUTFILE '/var/www/html/mutillidae/CCN.txt' FIELDS TERMINATED BY ',' OPTIONALLY ENCLOSED BY '"' LINES TERMINATED BY '\n' --
      2. Click the View Account Details Button
  5. View Results Page
    • Instructions:
      1. At first you would think that causing an Authentication Error would not result in any other action aside from printing a message to the screen.
      2. Although the second message says results were found, they were actually written to a file instead of being displayed to the screen.
      3. Open a new tab
  6. View Union Injection Output File
    • Notes(FYI):
      1. Replace 192.168.1.111 in the below URL with your Mutillidae's IP Address obtained from (Section 3, Step 3)
    • Instructions:
      1. Place the following URL in the Address Textbox
        • http://192.168.1.111/mutillidae/CCN.txt

Section 17. Proof of Lab
  1. Proof of Lab : Các bạn hãy quay lại toàn bộ quá trình thực hành, với text note có tên của mình
Share this article :

0 comments:

Post a Comment

 
Trung Tâm Đào Tạo An Toàn Thông Tin Học Hacker Mũ Xám Online | Học An Ninh Mạng Trực Tuyến | CEH VIỆT NAM
Copyright © 2013. Security365 - All Rights Reserved
Web Master @ Võ Sĩ Máy Tính
Contact @ Đông Dương ICT