OWASP Mutillidae II: Web Pwn in Mass Production
|
| Home | | | Login/Register | | | Show Popup Hints | | | Toggle Security | | | Enforce SSL | | | Reset DB | | | View Log | | | View Captured Data |
-
OWASP 2017
- A1 - Injection (SQL)
-
A1 - Injection (Other)
- Application Log Injection
- Buffer Overflow
- Cascading Style Injection
- CBC-bit Flipping
- Command Injection
- Frame Source Injection
-
HTML Injection (HTMLi)
- Add to your blog
- Browser Info
- DNS Lookup
- Pen Test Tool Lookup
- Text File Viewer
- User Info (SQL)
- User Info (XPath)
- Set Background Color
- HTML5 Web Storage
- Capture Data Page
- View Captured Data
- Document Viewer
- Arbitrary File Inclusion
- Poll Question
- Register User
- Login
- Those "Back" Buttons
- Styling with Mutilidae
- Password Generator
- HTMLi via HTTP Headers
- HTMLi Via DOM Injection
- HTMLi Via Cookie Injection
- HTTP Parameter Pollution
- JavaScript Injection
- JavaScript Object Notation (JSON) Injection
- Parameter Addition
- XML External Entity Injection
- XML Entity Expansion
- XML Injection
- XPath Injection
- A2 - Broken Authentication and Session Management
-
A3 - Cross Site Scripting (XSS)
-
Reflected (First Order)
- DNS Lookup
- Pen Test Tool Lookup
- Text File Viewer
- User Info (SQL)
- Set Background Color
- HTML5 Web Storage
- Capture Data Page
- Document Viewer
- Arbitrary File Inclusion
- XML Validator
- User Info (XPath)
- Poll Question
- Register User
- Browser Info
- Those "Back" Buttons
- Styling with Mutilidae
- Password Generator
- Client-side Control Challenge
- Persistent (Second Order)
- DOM-Based
- Via "Input" (GET/POST)
- Via HTTP Headers
- Via HTTP Attribute
- Via Misconfiguration
- Against HTML5 Web Storage
- Against JSON
- Via Cookie Injection
- Via XML Injection
- Via XPath Injection
- Via Path Relative Style Sheet Injection
- BeeF Framework Targets
-
Reflected (First Order)
- A4 - Broken Access Control
- A5 - Security Misconfiguration
- A6 - Sensitive Data Exposure
- A7 - Insufficient Attack Protection
- A8 - Cross Site Request Forgery (CSRF)
- A9 - Using Components with Known Vulnerabilities
- A10 - Underprotected APIs
- OWASP 2013
- OWASP 2010
- Web Services
- HTML 5
- Others
- Documentation
- Resources
Want to Help?
Capture DataHints and Videos
Data Capture Page This page is designed to capture any parameters sent and store them in a file and a database table. It loops through the POST and GET parameters and records them to a file named captured-data.txt. On this system, the file should be found at /tmp/captured-data.txt. The page also tries to store the captured data in a database table named captured_data and logs the captured data. There is another page named captured-data.php that attempts to list the contents of this table. The data captured on this request is: popUpNotificationCode = SL5 page = capture-data.php showhints = 0 PHPSESSID = kjuvjpl9rupq70j9gukk4nbc77 Would it be possible to hack the hacker? Assume the hacker will view the captured requests with a web browser.
Back
Help Me!
