OWASP Top 10
This page will be a dedicated one to the OWASP Top 10 to act like a writeup of the TryHackMe room (link of the room below)
Last updated
This page will be a dedicated one to the OWASP Top 10 to act like a writeup of the TryHackMe room (link of the room below)
Last updated
Broken Access Control
Cryptographic Failures
Injection
Insecure Design
Security Misconfiguration
Vulnerable and Outdated Components
Identification and Authentication Failures
Software and Data Integrity Failures
Security Logging & Monitoring Failures
Server-Side Request Forgery (SSRF)
3 examples of CWE for this category: Cross-Site Request Forgery (CSRF), Path Traversal: '.../...//', Improper Access Control
Broken Access Control allows attackers to bypass authorisation, allowing them to view sensitive data or perform tasks they aren't supposed to. Access control is a security mechanism used to control which users or systems are allowed to access a particular resource or system.
IDOR or Insecure Direct Object Reference refers to an access control vulnerability where you can access resources you wouldn't ordinarily be able to see.
3 examples of CWE for this category: Weak Encoding for Password, Use of Hard-coded Cryptographic Key, Use of a Broken or Risky Cryptographic Algorithm
Access to the DB file
Get the hash of the admin
Crack the hash (Weak Encoding for Password)
Login as the admin !
3 examples of CWE for this category: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Command Injection is a vulnerability that occurs when an attacker manipulates input fields to inject malicious commands into a vulnerable application. This can lead to unauthorised execution of arbitrary commands on the targeted server, potentially resulting in data breaches, system compromise, or unintended operations.
Use the "inline commands" to execute OS Command Injection inside a PHP script vulnerable
$(....)
Use the "Insecure Design" of the password reset system to login as joseph user (remember of the Instragram vulnerability about password resseting)
Use a debugging interface to execute Python command and access to credentials inside the app.py file.
Simply, it's when a system use a well-known vulnerability
Use an exploit to obtain a RCE on the server (https://www.exploit-db.com/exploits/47887)
Authentication and session management constitute core components of modern web applications. Authentication allows users to gain access to web applications by verifying their identities.
Brute force attacks
Weak credentials
Weak session cookies
Use a developer's mistake (re-registration of an existing user) to login as darren by addind a blank space before the username -> " darren"
When a system don't use any kind of integrity checks (hash for example)
Explain how to use a system which can check integrity of a resource the client need to download when he visit your website. For example, for the jquery third-party libraries, instead of using:
You can use this https://www.srihash.org/ to generate hashes for any library:
Will be around JWT and the None Algorithm
Everything about logging
Read a log to find some information
SSRF vulnerabilities often arise from implementations where our web application needs to use third-party services (external API for example to perform an action).
Use our own server to get the API key
