Hacker101 课程作业(三)

0x06 Level 6: Student Center

In this exercise, you get to maintain a student list.
In this level, there are 6 vulnerabilities, falling into the following classes:
Reflected/Stored XSS
SQL Injection
CSRF
Have fun!
Note: Your changes are only persisted for your current session.

  • XSS
  • 存储型XSS
  • SQL
  • 国外好像比较喜欢用()

  • CSRF
  • 可以直接添加名单

    <form action="http://levels-b.hacker101.com/level6/post_add" method="POST">
    	<input type="text" name="firstname" value="CSRF"><br>
    	<input type="text" name="lastname" value="TEST"><br>
    	<input id="button" type="submit">
    </form>
    

    0x07 Level 7: Guardian

    In this exercise, you lack credentials.
    只有两个漏洞,终于能找全了 🙂
    In this level, there are 2 vulnerabilities, falling into the following classes:
    SQL Injection
    Reflected XSS

  • XSS
  • SQLI
  • 0x08 Level 8: Document Exchange

    In this exercise, you’re given the power of file uploads.

    In this level, there are 5 vulnerabilities, falling into the following classes:
    XSS
    Directory Traversal
    SQL Injection
    Code Execution
    In theory, you shouldn't be able to overwrite templates/code for the coursework, but that's not 100% so try not to do it, please!

    Have fun!

  • XSS
  • 修改MIME type为XSS payload

  • SQLI
  • https://levels-b.hacker101.com/level8/view/1281?download=True and 0

    发表评论

    电子邮件地址不会被公开。 必填项已用*标注