Jason Sheh

Hacker101 课程作业(三)


0x06 Level 6: Student Center

In this exercise, you get to maintain a student list.
In this level, there are 6 vulnerabilities, falling into the following classes:
Reflected/Stored XSS
SQL Injection
CSRF
Have fun!
Note: Your changes are only persisted for your current session.

XSS

存储型XSS

SQL
国外好像比较喜欢用()

CSRF
可以直接添加名单

<form action="http://levels-b.hacker101.com/level6/post_add" method="POST">
    <input type="text" name="firstname" value="CSRF"><br>
    <input type="text" name="lastname" value="TEST"><br>
    <input id="button" type="submit">
</form>

0x07 Level 7: Guardian

In this exercise, you lack credentials.
只有两个漏洞,终于能找全了 :)
In this level, there are 2 vulnerabilities, falling into the following classes:
SQL Injection
Reflected XSS

XSS

SQLI

0x08 Level 8: Document Exchange

In this exercise, you’re given the power of file uploads.

In this level, there are 5 vulnerabilities, falling into the following classes:
XSS
Directory Traversal
SQL Injection
Code Execution
In theory, you shouldn’t be able to overwrite templates/code for the coursework, but that’s not 100% so try not to do it, please!

Have fun!

XSS
修改MIME type为XSS payload

SQLI
https://levels-b.hacker101.com/level8/view/1281?download=True and 0