Skip to main content

LI Security and Networks - Exercise 4 - Solution

Web Security

Set up environment

Set up the environment and find the VM IP.

  1. Download the VM and load it up.
  2. Enter the aliceblack account.
  3. Open terminal, and type in ifconfig -a to see the VM IP in your local.
  4. Now you can visit the website via http://<Your-VM-IP>:80

Solution

Q1

Investigate the products: Find a SQL injection attack that makes the site display all of the products it has in the database. One of the products that is not normally displayed includes a token, submit this token to the token submission website.

A1

Looking at the whole html file in /var/www/html and if we need to find the SQL injection attack breaking point, the we need to know where using SQL query.

According to question, we can see it is about products. Therefore, we can visit http://localhost:80/products to find something.

We can see the default url is http://192.168.64.3/product.php?filter=# when we click submit without type in anything.

Then we try to type in something, such as a. We can see it is listing all the products contain a in their name. So the box is banding with name.

Testing the filter search box by using order by. For example, we type in a' order by 1#. (We can't forget the # in the end because it comment the thing after that, if we do not have it, we will come with an error.)

We can see we have something, try to increase the number, then we know we have 6 tables in this database. It will helps us further.

tip

the url is http://192.168.64.3/product.php?filter=a%27+order+by+6%23# now

We try some SQL injection now.

we can force it to show all the products by using OR 1 = 1. For example, we use a' OR 1 = 1. We should now see all the data. We can easily find the token in My Little Pony.

Q2

Get access to the hidden site: Investigate the websites cookies and find a way to get access to the hidden content on the site using an account you have created on the website yourself. You will find a token displayed on the main page of the hidden site, submit this token.

A2

According to the question, we need to create an account. (For example, username a & password a)