Penetration Testing Report

Full Name: Mahesh Dhakad

Program: HCS - Penetration Testing Internship Week-3
Date:08/08/2024

Introduction
This report document hereby describes the proceedings and results of a Black Box security
assessment conducted against the Week {3} Labs. The report hereby lists the findings and
corresponding best practice mitigation actions and recommendations.

1. Objective
The objective of the assessment was to uncover vulnerabilities in the Week {3} Labs and
provide a final security assessment report comprising vulnerabilities, remediation strategy
and recommendation guidelines to help mitigate the identified vulnerabilities and risks during
the activity.

2. Scope
This section defines the scope and boundaries of the project.

Application SQL Injection

Name Cross site Reverse forgery

3. Summary
Outlined is a Black Box Application Security assessment for the Week 3 Labs.

Total number of Sub-labs: 18 Sub-labs

High Medium Low

6 6 6

High - Number of Sub-labs with hard difficulty level

Medium - Number of Sub-labs with Medium difficulty level

Low - Number of Sub-labs with Easy difficulty level

1. SQL Injection

1.1. Strings & Errors Part 1!

Reference Risk Rating
Strings &Errors Part1! Low
Tools Used
SQL Payload
Vulnerability Description
SQL injection is a web security vulnerability that allows an attacker to interfere with the queries an
application makes to its database. By manipulating input data to inject malicious SQL code, attackers
can access, modify, or delete database data without proper authorization.
How It Was Discovered
By injecting the following payload in the admin login page at email and password.
Payload: ' OR '1
Vulnerable URLs
https://labs.hacktify.in/HTML/sqli_lab/lab_1/lab_1.php
Consequences of not Fixing the Issue
 Unauthorized Access: Attackers can bypass authentication mechanisms, gaining unauthorized
access to the system. This allows them to impersonate other users, including administrators.
 Data Breach: Attackers can retrieve sensitive information from the database, such as user
credentials, personal data, and financial information, leading to data breaches and privacy
violations.

Suggested Countermeasures
 Parameterized Queries: Use parameterized queries (also known as prepared statements) to
ensure that SQL code is distinguished from data input. This prevents attackers from injecting
malicious SQL code.
 Stored Procedures: Utilize stored procedures to execute SQL code. This encapsulates the SQL
code within the database, reducing the risk of injection through application inputs.
References
https://portswigger.net/web-security/sql-injection

Proof of Concept
1.2. Strings &Errors Part 2!
Reference Risk Rating
Strings &Errors Part 2! Low
Tools Used
SQL payload with parameter
Vulnerability Description
Same as lab 1.1
How It Was Discovered
By adding the parameter with the sql payload in a url.

Vulnerable URLs
https://labs.hacktify.in/HTML/sqli_lab/lab_2/lab_2.php
Consequences of not Fixing the Issue
 Unauthorized Access: Attackers can gain unauthorized access to the system, impersonating
users, including administrators.
 Data Breach: Sensitive information, such as user credentials, personal data, and financial details,
can be stolen.

Suggested Countermeasures
Same as lab 1.1
References
https://portswigger.net/web-security/sql-injection
Proof of Concept

1.3. Strings &Errors Part 3!

Reference Risk Rating
Strings &Errors Part 3! Low
Tools Used
SQL payload with parameter
Vulnerability Description
Same as lab 1.1
How It Was Discovered
By adding the parameter with the sql payload in a url.

Vulnerable URLs
https://labs.hacktify.in/HTML/sqli_lab/lab_3/lab_3.php
Consequences of not Fixing the Issue
 Unauthorized Access: Attackers can gain unauthorized access to the system, impersonating
users, including administrators.
 Data Breach: Sensitive information, such as user credentials, personal data, and financial details,
can be stolen.

Suggested Countermeasures
Same as lab 1.1
References
https://portswigger.net/web-security/sql-injection
Proof of Concept

1.4. Let's Trick 'em!

Reference Risk Rating
Let's Trick 'em! Medium
Tools Used
SQL payload with parameter
Vulnerability Description
Same as lab 1.1
How It Was Discovered
By injecting the following payload in the email and password field
Payload: '="or'

Vulnerable URLs
https://labs.hacktify.in/HTML/sqli_lab/lab_4/lab_4.php
Consequences of not Fixing the Issue
 Unauthorized Access: Attackers can gain unauthorized access to the system, impersonating
users, including administrators.
 Data Breach: Sensitive information, such as user credentials, personal data, and financial details,
can be stolen.

Suggested Countermeasures
Same as lab 1.1
References
https://portswigger.net/web-security/sql-injection
Proof of Concept

1.5. Booleans and Blind!

Reference Risk Rating
Booleans and Blind! Medium
Tools Used
SQL payload with parameter
Vulnerability Description
Same as lab 1.1
How It Was Discovered
By injecting the payload the url with the parameter

Vulnerable URLs
https://labs.hacktify.in/HTML/sqli_lab/lab_5/lab_5.php
Consequences of not Fixing the Issue
 Unauthorized Access: Attackers can gain unauthorized access to the system, impersonating
users, including administrators.
 Data Breach: Sensitive information, such as user credentials, personal data, and financial details,
can be stolen.

Suggested Countermeasures
Same as lab 1.1
References
https://portswigger.net/web-security/sql-injection
Proof of Concept

1.7. Errors and Post!

Reference Risk Rating
Errors and Post! Medium
Tools Used
SQL payload with parameter
Vulnerability Description
Same as lab 1.1
How It Was Discovered
By injecting the following payload in the url.
Payload: ' OR 'x'='x

Vulnerable URLs
https://labs.hacktify.in/HTML/sqli_lab/lab_7/lab_7.php
Consequences of not Fixing the Issue
 Unauthorized Access: Attackers can gain unauthorized access to the system, impersonating
users, including administrators.
 Data Breach: Sensitive information, such as user credentials, personal data, and financial details,
can be stolen.

Suggested Countermeasures
Same as lab 1.1
References
https://portswigger.net/web-security/sql-injection
Proof of Concept

2. Cross Site Reverse Forgery

2.1. Eassyy CSRF

Reference Risk Rating
Eassyy CSRF Low
Tools Used
Burpsuite
Vulnerability Description
Cross-site request forgery, also known as one-click attack or session riding and abbreviated as CSRF or
XSRF, is a type of malicious exploit of a website or web application where unauthorized commands are
submitted from a user that the web application trusts.
How It Was Discovered
 Created 2 different accounts one for attacker and other for victim.
 Login with attackers credential.
 Click on the change password
 Capture the request in the burpsuite.
 right click on the intercepted request --> Go to engagement tools--> and click on
Generate CSRF PoC.
 Save the HTML and turn off the interceptor
 Now login with victim’s credential
 Open the HTML in the same browser.
 Click on the submit button.
 Now when I logged in with old victim’s credential I am not able to logged in

Vulnerable URLs
https://labs.hacktify.in/HTML/csrf_lab/lab_1/index.php
Consequences of not Fixing the Issue
Some potential hazards of CSRF vulnerability:
Unauthorized actions: The attacker can make the user perform actions they didn't intend to, such as
changing their email address or password.
Data loss: The attacker can delete data on behalf of the user.
Account theft: If the attacker makes the user perform actions on their own account, they can
effectively steal the user's account.
Suggested Countermeasures
To prevent CSRF vulnerabilities, it's recommended to:
Use anti-forgery tokens, also known as CSRF tokens. This involves server-side generation of a random,
unique value associated with the user's current session which must be included with every
state-changing request.
Use the SameSite cookie attribute, which allows you to declare if your cookie should be restricted to a
first-party or same-site context, effectively preventing cross-origin requests.
Incorporate re-authentication, CAPTCHAs, or multi-factor authentication for sensitive actions.
Regularly update and patch all systems, libraries, and frameworks used by your web application to
minimize the risk of known CSRF vulnerabilities.
References
https://owasp.org/www-project-cheatsheet-series/cheatsheets/Cross-Site_Request_Forgery_
Prevention_Cheat_Sheet.html

Proof of Concept

2.2. Always Validate CSRF

Reference Risk Rating
Always Validate CSRF Low
Tools Used
Burpsuite
Vulnerability Description
Cross-site request forgery, also known as one-click attack or session riding and abbreviated as CSRF or
XSRF, is a type of malicious exploit of a website or web application where unauthorized commands are
submitted from a user that the web application trusts.
How It Was Discovered
  Created 2 different accounts one for attacker and other for victim.
 Login with attackers credential.
 Click on the change password
 Capture the request in the burpsuite.
 right click on the intercepted request --> Go to engagement tools--> and click on
Generate CSRF PoC.
 Save the HTML and turn off the interceptor
 Now login with victim’s credential
 Open the HTML in the same browser.
 Click on the submit button.
 Now when I logged in with old victim’s credential I am not able to logged in

Vulnerable URLs
https://labs.hacktify.in/HTML/csrf_lab/lab_2/index.php
Consequences of not Fixing the Issue
Some potential hazards of CSRF vulnerability:
Unauthorized actions: The attacker can make the user perform actions they didn't intend to, such as
changing their email address or password.
Data loss: The attacker can delete data on behalf of the user.
Account theft: If the attacker makes the user perform actions on their own account, they can
effectively steal the user's account.
Suggested Countermeasures
To prevent CSRF vulnerabilities, it's recommended to:
Use anti-forgery tokens, also known as CSRF tokens. This involves server-side generation of a random,
unique value associated with the user's current session which must be included with every
state-changing request.
Use the SameSite cookie attribute, which allows you to declare if your cookie should be restricted to a
first-party or same-site context, effectively preventing cross-origin requests.
Incorporate re-authentication, CAPTCHAs, or multi-factor authentication for sensitive actions.
Regularly update and patch all systems, libraries, and frameworks used by your web application to
minimize the risk of known CSRF vulnerabilities.
References
https://owasp.org/www-project-cheatsheet-series/cheatsheets/Cross-Site_Request_Forgery_
Prevention_Cheat_Sheet.html
Proof of Concept

2.3. I hate when someone uses my tokens!

Reference Risk Rating
I hate when someone uses my tokens! Medium
Tools Used
Burpsuite
Vulnerability Description
Cross-site request forgery, also known as one-click attack or session riding and abbreviated as CSRF or
XSRF, is a type of malicious exploit of a website or web application where unauthorized commands are
submitted from a user that the web application trusts.
How It Was Discovered
 Created 2 different accounts one for attacker and other for victim.
 Login with attackers credential.
  Click on the change password
 Capture the request in the burpsuite.
 right click on the intercepted request --> Go to engagement tools--> and click on
Generate CSRF PoC.
 Save the HTML and turn off the interceptor
 Now login with victim’s credential
 Open the HTML in the same browser.
 Click on the submit button.
 Now when I logged in with old victim’s credential I am not able to logged in

Vulnerable URLs
https://labs.hacktify.in/HTML/csrf_lab/lab_4/index.php
Consequences of not Fixing the Issue
Some potential hazards of CSRF vulnerability:
Unauthorized actions: The attacker can make the user perform actions they didn't intend to, such as
changing their email address or password.
Data loss: The attacker can delete data on behalf of the user.
Account theft: If the attacker makes the user perform actions on their own account, they can
effectively steal the user's account.
Suggested Countermeasures
To prevent CSRF vulnerabilities, it's recommended to:
Use anti-forgery tokens, also known as CSRF tokens. This involves server-side generation of a random,
unique value associated with the user's current session which must be included with every
state-changing request.
Use the SameSite cookie attribute, which allows you to declare if your cookie should be restricted to a
first-party or same-site context, effectively preventing cross-origin requests.
Incorporate re-authentication, CAPTCHAs, or multi-factor authentication for sensitive actions.
Regularly update and patch all systems, libraries, and frameworks used by your web application to
minimize the risk of known CSRF vulnerabilities.
References
https://owasp.org/www-project-cheatsheet-series/cheatsheets/Cross-Site_Request_Forgery_
Prevention_Cheat_Sheet.html
Proof of Concept