New OWASP WebGoat movies

By YGN Ethical Hacker Group - 

We have added the following movies to our OWASP WebGoat page in accordance with the latest version 5.4 - http://yehg.net/lab/pr0js/training/webgoat.php :

- CSRF Prompt By-Pass
- CSRF Token By-Pass
- Off-by-One Buffer Overflow
- Blind Numeric SQL Injection
- Modify Data with SQL Injection
- Add Data with SQL Injection


Enjoy Haxing WebGoat! 























































Popular posts from this blog









CubeCart 3.0.20 (3.0.x) and lower | Multiple Cross Site Scripting Vulnerabilities







By


YGN Ethical Hacker Group



-















 1. OVERVIEW   CubeCart 3.0.20 and lower versions are vulnerable to Cross Site Scripting.    2. BACKGROUND   CubeCart is an "out of the box" ecommerce shopping cart software  solution which has been written to run on servers that have PHP &  MySQL support. With CubeCart you can quickly setup a powerful online  store which can be used to sell digital or tangible products to new  and existing customers all over the world.    3. VULNERABILITY DESCRIPTION   Multiple parameters are not properly sanitized, which allows attacker  to conduct Cross Site Scripting attack. This may allow an attacker to  create a specially crafted URL that would execute arbitrary script  code in a victim's browser.    4. VERSIONS AFFECTED   3.0.20 and lower (aka 3.0.x family)    5. Affected URLs and Parameters   /admin/adminusers/permissions.php  (adminId parameter)  /admin/categories/index.php  (cat_name parameter)  /admin/categories/languages.php  (cat_master_id parameter)  /admin/customers/  (








Read more










Open-Realty CMS 3.x | Persistent Cross Site Scripting (XSS) Vulnerability







By


YGN Ethical Hacker Group



-















 1. OVERVIEW   Open-Realty CMS 3.x versions are vulnerable to Persistent Cross Site  Scripting (XSS).    2. BACKGROUND   Open-Realty is the world's leading real estate listing marketing and  management CMS application, and has enjoyed being the real estate web  site software of choice for professional web site developers since  2002.    3. VULNERABILITY DESCRIPTION   Multiple parameters are not properly sanitized, which allows attacker  to conduct Cross Site Scripting attack. This may allow an attacker to  create a specially crafted URL that would execute arbitrary script  code in a victim's browser.    4. VERSIONS AFFECTED   3.x    5. PROOF-OF-CONCEPT/EXPLOIT   /admin/ajax.php (parameter: title, full_desc, ta)   ///////////////////////////////////////////////////////   POST /admin/ajax.php?action=ajax_update_listing_data HTTP/1.1  Host: localhost  Content-Length: 574  Origin: http://localhost   X-Requested-With: XMLHttpRequest  Content-Type: application/x-www-form-urlencoded  








Read more










OxWall 1.1.1 <= Multiple Cross Site Scripting Vulnerabilities (CVE-2012-0872)







By


YGN Ethical Hacker Group



-















 1. OVERVIEW  OxWall 1.1.1 and lower versions are vulnerable to Cross Site Scripting.   2. BACKGROUND  Oxwall is a free open source software package for building social  networks, family sites and collaboration systems. It is a flexible  community website engine developed with the aim to provide people with  a well-coded, user-friendly software platform for social needs. It is  easy to set up, configure and manage Oxwall while you focus on your  site idea. We are testing the concept of free open source community  software for complete (site,sub-site setups) and partial  (widgets,features) community and collaboration solutions for companies  and individuals.   3. VULNERABILITY DESCRIPTION  Multiple parameters were not properly sanitized, which allows attacker  to conduct Cross Site Scripting attack. This may allow an attacker to  create a specially crafted URL that would execute arbitrary script  code in a victim's browser.   4. VERSIONS AFFECTED  1.1.1 and lower   5. PROOF-OF-CONCE








Read more