🔬Web App Scanning
Last updated
Last updated
🔬 Scanning Web Application with ZAProxy
Target IP:
192.192.29.3Scan and identify a vulnerable web app (bWAPP) with ZAProxy
Start owasp-zap from the start menu
Use Manual Explore and input the URL
http://192.192.29.3/
Launch Browser to open the browser session with the ZAP HUB
Login to the web app with bee:bug credentials
set the security level to low
Try some HTML and SQL Injection or other bugs from the https://192.192.29.3/portal.php page
Configure authenticated session in ZAProxy
Enable Forced User mode
Include in Context the Site https://192.192.29.3/ and confirm with OK
Run a Spider attack on the site, select the bee user and Start the scan
Run an Active Scan on the site, select the bee user and Start the scan
In the Alerts tab check the 🚩High risk Alerts
Try to navigate to https://192.192.29.3/htmli_stored.php, inject the XSS (Cross-site Scripting) payload and Submit it
The XSS payload will be triggered
Using the ZAP HUD, Site Alerts can be accessed. Every vulnerability is clickable and can be directly tried via the URL
Try a SQL Injection attack by opening this link
http://192.210.141.3/sqli_1.php?action=search&title=ZAP'+OR+'1'%3D'1'+--+
The table records will be dumped on the web page
🔬 Scanning Web Application with Nikto
Target IP:
192.157.60.3Scan and identify web app vulnerabilities (Multillidae II) with Nikto
LFI
Open the browser and navigate to
http://192.157.60.3/
In the Bash terminal run nikto and output the results to a file
Scan the target web app for Local File Inclusion (LFI) vulnerability by copying the link from the browser
http://192.157.60.3/index.php?page=arbitrary-file-inclusion.php
output to an HTML file
The PHP-Nuke Rocket add-in is vulnerable to file traversal, allowing an attacker to view any file on the host
View the contents of the passwd file of the target machine
http://192.157.60.3/index.php/index.php?page=../../../../../../../../../../etc/passwd
