Scribd Logo
Upload

Welcome to Scribd!

  • Week 9 Penetration Testing Report: Application Name SQL Injection

    Uploaded by

    sdxfcgtvyiuioljhg
    7 views13 pages
    The penetration testing report summarizes the findings of a security assessment of the Week 9 Labs. The assessment uncovered 4 high, 4 medium, and 4 low severity vulnerabilities across 9 sub-labs. The vulnerabilities included SQL injection issues that could allow data extraction, authentication bypass, and sensitive data exposure. Detailed proofs of concept and recommendations for remediation, such as input sanitization, are provided for each finding.

    Original Description:

    Original Title

    Week_9_Penetration_Testing_Report

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The penetration testing report summarizes the findings of a security assessment of the Week 9 Labs. The assessment uncovered 4 high, 4 medium, and 4 low severity vulnerabilities across 9 sub-labs. The vulnerabilities included SQL injection issues that could allow data extraction, authentication bypass, and sensitive data exposure. Detailed proofs of concept and recommendations for remediation, such as input sanitization, are provided for each finding.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    7 views13 pages

    Week 9 Penetration Testing Report: Application Name SQL Injection

    Uploaded by

    sdxfcgtvyiuioljhg
    The penetration testing report summarizes the findings of a security assessment of the Week 9 Labs. The assessment uncovered 4 high, 4 medium, and 4 low severity vulnerabilities across 9 sub-labs. The vulnerabilities included SQL injection issues that could allow data extraction, authentication bypass, and sensitive data exposure. Detailed proofs of concept and recommendations for remediation, such as input sanitization, are provided for each finding.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 13

    Week 9

    Penetration Testing Report

    Introduction
    This report document hereby describes the proceedings and results of a Black Box security
    assessment conducted against the Week 9 Labs. The report hereby lists the findings and
    corresponding best practice mitigation actions and recommendations.

    1. Objective
    The objective of the assessment was to uncover vulnerabilities in the Week 9 Labs and
    provide a final security assessment report comprising vulnerabilities, remediation strategy
    and recommendation guidelines to help mitigate the identified vulnerabilities and risks
    during the activity.

    2. Scope
    This section defines the scope and boundaries of the project.

    Application SQL Injection


    Name

    3. Summary
    Outlined is a Black Box Application Security assessment for the Week 9 Labs.

    Total number of Sub-labs: 9 Sub-labs

    High Medium Low

    4 4 4

    High - Number of Sub-labs with hard difficulty level

    Medium - Number of Sub-labs with medium difficulty level

    Low - Number of Sub-labs with Easy difficulty level


    1. SQL Injection
    1.1. Strings & Errors Part 1!
    Reference Risk Rating
    Strings & Errors Part 1! Low 

    Tools Used
    Burp suite & SQLi payloads
    Vulnerability Description
    Generic SQL Injection Payloads
    How It Was Discovered
    Automated Tools and manual basic SQL payload injection in given parameters
    Vulnerable URLs
    https://www.bugbountyhunter.org/internship_labs/HTML/sqli_lab/lab_1/lab_1.php
    Consequences of not Fixing the Issue
    Can lead to user’s credential leak and account takeover
    Suggested Countermeasures
    Input sanitization both in input parameters and URLs
    References
    https://drive.google.com/file/d/1fOVWwPEWJr7mp6zFys2Tad8SrDcyNHQM/view

    Proof of Concept
    This section contains the proof of the above vulnerabilities as the screenshot of the
    vulnerability of the lab
    1.2. Strings & Errors Part 2!
    Reference Risk Rating
    Strings & Errors Part 2! Low

    Tools Used
    Burp suite & SQLi payloads
    Vulnerability Description
    Generic SQL Injection Payloads (commenting)
    How It Was Discovered
    Automated Tools and manual payload: id=1#
    Vulnerable URLs
    https://www.bugbountyhunter.org/internship_labs/HTML/sqli_lab/lab_2/lab_2.php
    Consequences of not Fixing the Issue
    Can lead to Database exploitation, user’s data/credential leaks.
    Suggested Countermeasures
    User input sanitization and filtrationDatabase
    References
    https://drive.google.com/file/d/1fOVWwPEWJr7mp6zFys2Tad8SrDcyNHQM/view

    Proof of Concept
    This section contains the proof of the above vulnerabilities as the screenshot of the
    vulnerability of the lab

    1.3. Strings & Errors Part 3!


    Reference Risk Rating
    Strings & Errors Part 3! Low

    Tools Used
    Burp suite & SQLi payloads
    Vulnerability Description
    Generic SQL Injection Payloads
    How It Was Discovered
    Automated Tools and basic SQL query payload
    Vulnerable URLs
    https://www.bugbountyhunter.org/internship_labs/HTML/sqli_lab/lab_3/lab_3.php
    Consequences of not Fixing the Issue
    Can lead to user’s or admin’s data expose
    Suggested Countermeasures
    User input sanitization on URL 
    References
    https://owasp.org/www-community/attacks/SQL_Injection

    Proof of Concept
    This section contains the proof of the above vulnerabilities as the screenshot of the
    vulnerability of the lab

    1.4. Let's Trick 'Em!


    Reference Risk Rating
    Let's Trick 'Em! Medium
    Tools Used
    Burp suite & SQLi payloads
    Vulnerability Description
    SQL Injection Auth Bypass Payloads
    How It Was Discovered
    Automated Tools and payload: admin@gmail.com’#
    Vulnerable URLs
    https://www.bugbountyhunter.org/internship_labs/HTML/sqli_lab/lab_4/lab_4.php
    Consequences of not Fixing the Issue
    Auth Bypass, can lead to user’s or admin’s data/credential leak, account takeover
    Suggested Countermeasures
    Proper user input sanitization in URL as well as in input section
    References
    https://owasp.org/www-community/attacks/SQL_Injection

    Proof of Concept
    This section contains the proof of the above vulnerabilities as the screenshot of the
    vulnerability of the lab

    1.5. Booleans And Blind!


    Reference Risk Rating
    Booleans And Blind! high
    Tools Used
    Burp suite & SQLi payloads
    Vulnerability Description
    UNION error-based SQL injection
    How It Was Discovered
    Automated Tools and payload: ?id=2%27UNION%20SELECT%201,2,3,%27--%20
    Vulnerable URLs
    https://www.bugbountyhunter.org/internship_labs/HTML/sqli_lab/lab_5/lab_5.php
    Consequences of not Fixing the Issue
    Data base leak with usernames and passwords, server takeover, privilege escalation
    Suggested Countermeasures
    Proper Input sanitization and validation and restricting the malicious SQL queries.
    References
    https://portswigger.net/web-security/sql-injection

    Proof of Concept
    This section contains the proof of the above vulnerabilities as the screenshot of the
    vulnerability of the lab

    1.6. Error Based: Tricked


    Reference Risk Rating
    Error Based: Tricked Medium
    Tools Used
    Burp suite & SQLi payloads
    Vulnerability Description
    Generic Error Based Payloads
    How It Was Discovered
    Automated Tools and payload: “)+or+(“1”)=(“1 both in email and password section.
    Vulnerable URLs
    https://www.bugbountyhunter.org/internship_labs/HTML/sqli_lab/lab_6/lab_6.php
    Consequences of not Fixing the Issue
    Auth bypass, credential expose, sensitive data retrieval and account takeover
    Suggested Countermeasures
    Proper Input sanitization and validation and restricting the malicious SQL queries
    References
    https://portswigger.net/web-security/sql-injection

    Proof of Concept
    This section contains the proof of the above vulnerabilities as the screenshot of the
    vulnerability of the lab

    1.7. Errors And Post!


    Reference Risk Rating
    Errors And Post! Medium

    Tools Used
    Burp suite & SQLi payloads
    Vulnerability Description
    Generic Error Based Payloads
    How It Was Discovered
    Automated Tools and payload: ' OR '1'='1 both in the email and password section.
    Vulnerable URLs
    https://www.bugbountyhunter.org/internship_labs/HTML/sqli_lab/lab_7/lab_7.php
    Consequences of not Fixing the Issue
    Auth bypass, credential expose, sensitive data retrieval and account takeover
    Suggested Countermeasures
    Proper Input sanitization and validation and restricting the malicious SQL queries
    References
    https://portswigger.net/web-security/sql-injection

    Proof of Concept
    This section contains the proof of the above vulnerabilities as the screenshot of the
    vulnerability of the lab

    1.8. User-Agents Lead Us!


    Reference Risk Rating
    User-Agents Lead Us! high

    Tools Used
    Burp suite & SQLi payloads
    Vulnerability Description
    SQL injection using UNION
    How It Was Discovered
    Automated Tools and payload of UNION to retrieve data of different ids in User-Agent section
    Vulnerable URLs
    https://www.bugbountyhunter.org/internship_labs/HTML/sqli_lab/lab_8/lab_8.php
    Consequences of not Fixing the Issue
    Sensitive data retrieval and credential leak and further account takeover
    Suggested Countermeasures
    Proper Input sanitization in the input section as well as the User-Agent section and restricting the
    malicious SQL queries to run.
    References
    https://portswigger.net/web-security/sql-injection

    Proof of Concept
    This section contains the proof of the above vulnerabilities as the screenshot of the
    vulnerability of the lab

    1.9. Referer Lead Us!


    Reference Risk Rating
    Referer Lead Us! medium

    Tools Used
    Burp suite & SQLi payloads
    Vulnerability Description
    SQL injection using UNION
    How It Was Discovered
    Automated Tools and payload of UNION to retrieve data of different ids in Referrer section
    Vulnerable URLs
    https://www.bugbountyhunter.org/internship_labs/HTML/sqli_lab/lab_9/lab_9.php
    Consequences of not Fixing the Issue
    Sensitive data retrieval and credential leak and further account takeover
    Suggested Countermeasures
    Proper Input sanitization in the input section as well as the Referrer section and restricting the
    malicious SQL queries to run.
    References
    https://owasp.org/www-community/attacks/SQL_Injection

    Proof of Concept
    This section contains the proof of the above vulnerabilities as the screenshot of the
    vulnerability of the lab

    1.10. Oh Cookies!
    Reference Risk Rating
    Oh, Cookies! high

    Tools Used
    Burp suite & SQLi payloads
    Vulnerability Description
    Time-Based, error-based and blind SQL injection
    How It Was Discovered
    Automated Tools and payload: %27UNION%20ALL%20SELECT%20@@VERSION,USER(),SLEEP(5)--
    %20
    Vulnerable URLs
    https://www.bugbountyhunter.org/internship_labs/HTML/sqli_lab/lab_10/lab_10.php
    Consequences of not Fixing the Issue
    Sensitive data retrieved (version, localhost, password), time delay, account takeover, and further
    privilege escalation and server and database takeover.
    Suggested Countermeasures
    Proper input sanitization in all input parameters and as well as in cookies, proper session time out
    and cookie clear, restriction malicious query to execute.
    References
    https://github.com/payloadbox/sql-injection-payload-list and https://portswigger.net/web-
    security/sql-injection/blind

    Proof of Concept
    This section contains the proof of the above vulnerabilities as the screenshot of the
    vulnerability of the lab

    1.11. WAF's Are Injected!


    Reference Risk Rating
    WAF's Are Injected! high

    Tools Used
    Burp suite & SQLi payloads
    Vulnerability Description
    Time-based and WAF bypass Blind SQL injection
    How It Was Discovered
    Automated Tools and payload: ?id=2%27UNION%20SELECT%201,2,SLEEP(5)--%20-
    Vulnerable URLs
    https://www.bugbountyhunter.org/internship_labs/HTML/sqli_lab/lab_11/lab_11.php
    Consequences of not Fixing the Issue
    WAF bypass, User or admin credential leak, time delay and blind SQL injection, leading to RCE
    Suggested Countermeasures
    Proper Input sanitization in every input section and rebuilding WAF, blacklisting all malicious
    queries and restricting them to execute
    References
    https://github.com/payloadbox/sql-injection-payload-list and https://portswigger.net/web-
    security/sql-injection/blind/lab-time-delays

    Proof of Concept
    This section contains the proof of the above vulnerabilities as the screenshot of the
    vulnerability of the lab

    1.12. WAF's Are Injected Part 2!


    Reference Risk Rating
    WAF's Are Injected Part 2! Medium

    Tools Used
    Burp suite & SQLi payloads
    Vulnerability Description
    Time-based and WAF bypass Blind SQL injection
    How It Was Discovered
    Automated Tools and payload: ?id=2")%20union%20select%201,sleep(5),8--+
    Vulnerable URLs
    https://www.bugbountyhunter.org/internship_labs/HTML/sqli_lab/lab_12/lab_12.php
    Consequences of not Fixing the Issue
    WAF bypass, User or admin credential leak, time delay and blind SQL injection, leading to RCE
    Suggested Countermeasures
    Proper Input sanitization in every input section and rebuilding WAF, blacklisting all malicious
    queries and restricting them to execute
    References
    https://github.com/payloadbox/sql-injection-payload-list and https://portswigger.net/web-
    security/sql-injection/blind/lab-time-delays

    Proof of Concept
    This section contains the proof of the above vulnerabilities as the screenshot of the
    vulnerability of the lab

    You might also like