Prajwal's Blog

Some application try to prevent SSRF attacks by blacklisting requests containing certain keywords. This could be a good defense if done correctly however if done loosely it could still easily be bypassed.

Login authentication is often plagued with SQL Injection vulnerabilities and thus sanitisation of input from a webpage is all the more important. Such attacks can often lead to compromise of privileged accounts. I load the lab website and navigate to the login page and input the username 'administrator' with a random password:

This lab explores the lack of sanitisation of inputs while retrieving data from a database. This can lead to disclosure of sensitive information to unauthorised individuals and pose serious risk to organisations. I begin by visiting the site and find there are categories filters:

This lab demonstrates server side vulnerability of arbitrary command execution using requests to server. These are generally the result of improper data sanitization on the server and it can lead to giving complete control to the attacker. I begin the lab by loading the website and looking around:

This lab demonstrates the website's lack of proper checks on the file type of the upload and the flaws that arise from implicitly trusting the MIME Type / Content-Type header. I start the lab by loading up the website and logging in with provided credentials 'wiener:peter' and found a similar set to the previous lab I did for File Upload Vulnerabilities:

This Lab shows the flawed file upload methods present on some sites where they do not check for if the file being uploaded is the correct file type and not some malicious script. I started the lab by loading the website and logging in using the provided credentials 'wiener:peter' and went to the 'My Account' page to find the image upload option:

This Lab explores the web servers lack of protection against access of local network, often on internal private network the admin page for web servers is left unprotected due to the network being isolated but if the client facing server doesn't have necessary protections this basically allows the attacker to have free access to admin panel. I load the webpage and choose the first product to see the `POST` request it was sending and stumbled across a private IP:

This Lab demonstrates the lack of protection which allows someone to send request to the server's loopback access and receive output as if it was being accessed locally. I loaded the website and chose a random product to look the request it send for checking stock as that would be communicating as `POST` with the server so this could be used to send commands to the server:

This one was rather simple, it demonstrated the lack of verification controls some websites have for 2FA where they do not check if the user has passed the second check or not.

The lab shows how to brute force credentials using a standard Sniper attack on a website's authentication page using Burpsuite Intruder. This lab did not provide any user credentials, however it did give two wordlists for usernames and passwords respectively, I saved those and then accessed the website to have a look around: