New OWASP WebGoat movies

By YGN Ethical Hacker Group - 

We have added the following movies to our OWASP WebGoat page in accordance with the latest version 5.4 - http://yehg.net/lab/pr0js/training/webgoat.php :

- CSRF Prompt By-Pass
- CSRF Token By-Pass
- Off-by-One Buffer Overflow
- Blind Numeric SQL Injection
- Modify Data with SQL Injection
- Add Data with SQL Injection


Enjoy Haxing WebGoat! 























































Popular posts from this blog









Open-Realty CMS 3.x | Persistent Cross Site Scripting (XSS) Vulnerability







By


YGN Ethical Hacker Group



-















 1. OVERVIEW   Open-Realty CMS 3.x versions are vulnerable to Persistent Cross Site  Scripting (XSS).    2. BACKGROUND   Open-Realty is the world's leading real estate listing marketing and  management CMS application, and has enjoyed being the real estate web  site software of choice for professional web site developers since  2002.    3. VULNERABILITY DESCRIPTION   Multiple parameters are not properly sanitized, which allows attacker  to conduct Cross Site Scripting attack. This may allow an attacker to  create a specially crafted URL that would execute arbitrary script  code in a victim's browser.    4. VERSIONS AFFECTED   3.x    5. PROOF-OF-CONCEPT/EXPLOIT   /admin/ajax.php (parameter: title, full_desc, ta)   ///////////////////////////////////////////////////////   POST /admin/ajax.php?action=ajax_update_listing_data HTTP/1.1  Host: localhost  Content-Length: 574  Origin: http://localhost   X-Requested-With: XMLHttpRequest  Content-Type: application/x-www-form-urlencoded  








Read more










OxWall 1.1.1 <= Multiple Cross Site Scripting Vulnerabilities (CVE-2012-0872)







By


YGN Ethical Hacker Group



-















 1. OVERVIEW  OxWall 1.1.1 and lower versions are vulnerable to Cross Site Scripting.   2. BACKGROUND  Oxwall is a free open source software package for building social  networks, family sites and collaboration systems. It is a flexible  community website engine developed with the aim to provide people with  a well-coded, user-friendly software platform for social needs. It is  easy to set up, configure and manage Oxwall while you focus on your  site idea. We are testing the concept of free open source community  software for complete (site,sub-site setups) and partial  (widgets,features) community and collaboration solutions for companies  and individuals.   3. VULNERABILITY DESCRIPTION  Multiple parameters were not properly sanitized, which allows attacker  to conduct Cross Site Scripting attack. This may allow an attacker to  create a specially crafted URL that would execute arbitrary script  code in a victim's browser.   4. VERSIONS AFFECTED  1.1.1 and lower   5. PROOF-OF-CONCE








Read more










Elgg 1.7.9 <= | Multiple Cross Site Scripting Vulnerabilities







By


YGN Ethical Hacker Group



-
















 1. OVERVIEW
 
 The Elgg 1.7.9 and lower versions are vulnerable to multiple Cross Site Scripting.
 
 
 2. BACKGROUND
 
 Elgg is an award-winning social networking engine, delivering the building blocks that enable businesses, schools, universities and associations to create their own fully-featured social networks and applications. Well-known Organizations with networks powered by Elgg include: Australian Government, British Government, Federal Canadian Government, MITRE, The World Bank, UNESCO, NASA, Stanford University, Johns Hopkins University and more (http://elgg.org/powering.php)
 
 
 3. VULNERABILITY DESCRIPTION
 
 Several parameters (page_owner, content,internalname, QUERY_STRING) are not properly sanitized, which allows attacker to conduct Cross Site Scripting attack. This may allow an attacker to create a specially crafted URL that would execute arbitrary script code in a victim's browser. 
 
 
 4. VERSIONS AFFECTED
 
 Elgg 1.7.9 <= 
 
 
 5. PROOF-OF-CONCEPT/EXPLOIT








Read more