a4apphack » Tutorials http://a4apphack.com Get more out of the Apps! Wed, 11 Jan 2012 20:25:40 +0000 en hourly 1 http://wordpress.org/?v= http://a4apphack.com http://a4apphack.com/blog/wp-content/themes/primus/favicon.ico a4apphack Gruyere – Vulnerable Web Application At Google Code (Previously Jarlsberg) http://a4apphack.com/security/sec-code/jarlsberg-vulnerable-web-application-at-google-code http://a4apphack.com/security/sec-code/jarlsberg-vulnerable-web-application-at-google-code#comments Mon, 17 May 2010 19:11:29 +0000 rajivvishwa http://a4apphack.com/index.php/?p=1936 Gruyere is a vulnerable application which can be used to learn and understand web vulnerabilities. Detailed documentation is provided on the type of the vulnerabilities present in the application and ways to exploits it.

Update: Jarlsberg is now Gruyere

This codelab shows how web application vulnerabilities can be exploited and how to defend against these attacks. The best way to learn things is by doing, so you’ll get a chance to do some real penetration testing, actually exploiting a real application. Specifically, you’ll learn the following:

  • How an application can be attacked using common web security vulnerabilities, like cross-site scripting vulnerabilities (XSS) and cross-site request forgery (XSRF).
  • How to find, fix, and avoid these common vulnerabilities and other bugs that have a security impact, such as denial-of-service, information disclosure, or remote code execution.

Documentation Here

Jarlsberg - Hosted Vulnerable App

Some Exploit Screenshots

Information Disclosure – Read the contents of the database off of a running server by exploiting a configuration vulnerability.

Debug Dump Page URL – http://google-gruyere.appspot.com/457262944951/dump.jtl

The id changes based on your session.

Jarlsberg Dump Page

Reflected XSS

Alert Dialog box which indicates the presence of Cross Site Scripting Vulnerability present in Jarlsberg


Stored XSS alert

Stored XSS alert


Features

Jarlsberg includes a number of special features and technologies which add attack surface.

  • HTML in Snippets: Users can include a limited subset of HTML in their snippets.
  • File upload: Users can upload files to the server, e.g., to include pictures in their snippets.
  • Web administration: System administrators can manage the system using a web interface.
  • New accounts: Users can create their own accounts.
  • Template language: Jarlsberg Template Language(JTL) is a new language that makes writing web pages easy as the templates connect directly to the database. Documentation for JTL can be found in gruyere/jtl.py.
  • AJAX: Jarlsberg uses AJAX to implement refresh on the home and snippets page. You should ignore the AJAX parts of Jarlsberg except for the challenges that specifically tell you to focus on AJAX.

Vulnerabilities In Gruyere

  • Cross-Site Scripting (XSS)
    • File Upload XSS
    • Reflected XSS
    • Stored XSS
    • Stored XSS via HTML Attribute
    • Stored XSS via AJAX
    • Reflected XSS via AJAX
  • Client-State Manipulation
    • Elevation of Privilege
    • Cookie Manipulation
  • Cross-Site Request Forgery (XSRF)
  • Cross Site Script Inclusion (XSSI)
  • Path Traversal
    • Information disclosure via path traversal
    • Data tampering via path traversal
  • Denial of Service
    • DoS – Quit the Server
    • DoS – Overloading the Server
  • Code Execution
  • Information disclosure
  • AJAX vulnerabilities
    • DoS via AJAX
    • Phishing via AJAX
  • Buffer Overflow and Integer Overflow
  • SQL Injection

Explore hosted version of Jarlsberg and start uncovering the vulnerabilities

Gruyere Hosted Version

Gruyere (Previously Jarlsberg) Info
App Name Gruyere (Previously Jarlsberg)
License free
Type
  • online
  • code
App URL Download
More Info link


]]> http://a4apphack.com/security/sec-code/jarlsberg-vulnerable-web-application-at-google-code/feed 0 XSS Made Simple- Flash Animation http://a4apphack.com/security/xss-made-simple-flash-animation http://a4apphack.com/security/xss-made-simple-flash-animation#comments Thu, 26 Mar 2009 07:57:09 +0000 rajivvishwa http://a4apphack.com/blog/?p=1010

CrossSite Scripting (XSS) attacks are a type of injection problem, in which malicious scripts are injected into the otherwise benign and trusted web sites. Cross-site scripting (XSS) attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user in the output it generates without validating or encoding it.

An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by your browser and used with that site. These scripts can even rewrite the content of the HTML page.” – OWASP

Understanding XSS or to make one understand it ain’t easy. Too much of theory will confuse the person rather than helping him out. The best way of explaining it!; through flash animations and that is how virtualforge guys have done. This animation is intended for both a layman and a security analyst.

They have published two set of flash applications which demonstrates XSS. Here cookie theft and file access are demonstrated.

Screenshot
XSS Animation Screenshot

Check the following links

Example 1 : Car Auction

http://www.virtualforge.de/vmovie/xss_lesson_1/xss_selling_platform_v1.0.swf

Example 2 : Online Application

http://www.virtualforge.de/vmovie/xss_lesson_2/xss_selling_platform_v2.0.swf

Read More about XSS at Wiki and OWASP

See CrossSiteRequestForgery (XSRF) in action, here.

]]> http://a4apphack.com/security/xss-made-simple-flash-animation/feed 0