Building Testing Environment: The Practice of Web Application Penetration Testing
Building Testing Environment: The Practice of Web Application Penetration Testing
Building Testing Environment: The Practice of Web Application Penetration Testing
Take DVWA (Damn Vulnerable Web Application) as an example, Start Apache and MySQL, and
access with http://127.0.0.1 .
After started, you can use the following command to set the password to 123456 (This is a weak
password, just for example, please modify it)
C:\xampp\mysql\bin\mysqladmin -u root password 123456
We found there was a request list which includes requests we submit just now.
Note that there is a button “Bruter”, click it, it will switch to Bruter tool.
The username and password field has been identified automatically.
The dictionary files are located in the same directory with WebCruiserWVS.exe and supports
custom modifying.
Click “Go” to start guess process, result will be list in the window.
Log in with the username and password.
3. SQL Injection
Select “SQL Injection” menu, input 1 and submit:
Input 1’ to try:
MySQL throw exception because of unpaired single quotes.
Now, we can suspect that there is SQL Injection vulnerability here.
Continue try 1 and 1=1 and 1 and 1=2
But we found it is not the same as expected, SQL Injection with integer type was ruled out.
Continue try with 1' and '1'='1 and 1' and '1'='2
There is no result return to us when we input 1’ and ‘1’=’2
Till now, we can adjudge there is SQL Injection vulnerability with string type here.
Recap :
Criterion of SQL Injection
Assume the initial response is Response0,
Response by append true logic is Response1,
Response by append false logic is Response2,
If Response1= Response0, but Response1 != Response2, SQL Injection exists.
SQL Injection vulnerabilities found. Right click vulnerability and select “SQL INJECTION POC”,
continue click ”Get Environment Information”:
4. XSS
Select XSS from the menu,
http://127.0.0.1/dvwa/vulnerabilities/xss_s/
Input text and script directly in the title and content field, such as:
testinput<img src=0 onerror="alert(123456)">
Or use scanner, it found 2 XSS vulnerabilities.
Note: In order to improve efficiency, WebCruiser Web Vulnerability Scanner can scan designated
vulnerability type (setting) or designated URL (ScanURL button) separately.