Websites have always been among the first targets of hackers. There are many reasons for this. These are the most important ones:

1) Websites have to be reachable from the Internet. Their primary purpose is to publish something or provide some service for the public

2) There are more than 1 billion websites as almost every organization, and many individuals have websites

3) As opposed to the earlier years of the world wide web, websites are very dynamic today. They come with forms and dynamic applications implemented by many different frontend and backend technologies. A wide variety of dynamic applications not only bring more functionality to web applications but also introduces vulnerabilities.

As a result, we are talking about something valuable that is billions in amount, accessible by anybody, and a commonplace for wrong implementation and vulnerabilities.

An XSS attack enables malicious users to inject client-side scripts such as JavaScript codes into web pages viewed by other users. The term XSS is used to describe both the vulnerability and the attack type, such as XSS attack / XSS vulnerability on the web application.

1) Log into Windows 7 Attacker on the Netlab environment.

2) Open Firefox by clicking the icon on the desktop or start menu

5) Click on the XSS reflected on the left menu and type your nickname into the textbook at the right pane of the webpage. (I typed "ethical" and clicked the submit button. The web application gets what you typed as the input, add Hello to the beginning, and prints to the screen.

I typed "<h1>ethical</h1> and then clicked submit button. I confirm that it has been formatted as the header. This is an indication that this simple web application is vulnerable to XSS attacks.

Take a screen capture showing the session ID.

This small script shows the cookie of your session, a highly sensitive piece of data. This is a proof-of-concept for the XSS attack. An attacker may steal your session cookie leveraging an XSS attack. For XSS attacks, the sky is the limit. You can inject code to the website with the help of forms. Think about this scenario: You inject code to the product review page on an e-commerce site. Internet browsers of everybody who visits that page run a script, and that script sends the cookie of the user to the server of the attacker in an encrypted way.

2) Open Firefox by clicking the Kali icon on the bottom left corner, typing Firefox, and clicking on the Firefox ESR icon.

2

1

4

3

2

1

Note: Figure out that the upload form is vulnerable because it does not perform required checks before uploading the file. A properly programmed and configured web application should not allow uploading files with particular extensions like php, sh, cmd, bat, vbs, ps, py, which are script extensions.

Section-4: Exploit SQL Injection Vulnerability

"Injection" is the most notorious web application security risk. It is in the first order in the OWASP top ten list. There are many kinds of injections, such as SQL, NoSQL, LDAP. SQL injection is the most commonly exploited injection vulnerability. In SQL injection, malicious SQL statements are inserted into the forms for malicious purposes, such as logging into web applications without valid credentials or dumping database contents.

2) Open Firefox by clicking the Kali icon on the bottom left corner, typing Firefox, and clicking on the Firefox ESR icon

This is a simple web application; it returns the user information when you type in the user ID.

Note: This error message is an indication that web application is vulnerable. Because this message is not a custom message displayed by the web application, instead it is the error message generated by the SQL server.

The characters and their orders should be:

1) One

2) Single quote

3) Space

4) o letter

5) r letter

6) Space

7) Single quote

8) One

9) Equal sign

10) One

11) Single quote

12) Dash

13) Dash

14) Space

Take a screenshot of the browser window showing the dump of all user accounts.