|
LAB: Hacking into SweetsComplete
Execute a reflected XSS attack
.
- In your browser open http://localhost/sweetscomplete/
- Click on the Products button
- Click purchase on one of the products listed
- Click Buy this item
- On the top right of the screen click on Shopping Cart
- Enter under Notes: <script>alert("TEST");</script>
- Checkmark Update and then click the Update button
- On the top right of the screen again click on Shopping Cart
- Notice that javascript is now running
Exploit an information disclosure vulnerability
.
- In your browser open http://localhost/sweetscomplete/
- Enter this URL: http://localhost/sweetscomplete/?page=XXX
- Make a note of the amount information revealed
Execute a code injection attack, exploiting a file upload vulnerability
.
- In your browser open http://localhost/sweetscomplete/
- Click on the Contact Us button
- Next to Special Order click on the Browse button
- In your Working Files folder for this chapter browse to info.php
- Click Submit
- From your browser enter this URL:
http://localhost/sweetscomplete/?page=../uploads/info - Note that you are now running the PHP code you uploaded on the sweetscomplete website
Execute an SQL injection attack
.
- In your browser open http://localhost/sweetscomplete/
- Click on Our Members
- In the search field enter the following:
A%' UNION SELECT `password`,`dob`,`balance`,`phone`,`name` FROM `members`;-- - Note that you can now see member passwords and account balances
|
|