1.

BRUTE FORCE ATTACK

Security Level High
Description A brute force attack can manifest itself in many different ways, but
primarily consists in an attacker configuring predetermined values,
making requests to a server using those values, and then analyzing
the response.
Observation

Ease of Moderate
Exploitation
Impact Unauthorized access of users ’personal information’
Recommendation There should be some restriction on password like at would be
combination of uppercase, number and symbols
Location  https://www.way2sms.com/
References https://www.owasp.org/index.php/Category:OWASP
 2. SQL Injection
Security Level High
Description A SQL injection attack consists of insertion of a SQL query via
the input data from the client to the application.
Observation User ID: ‘or ‘1’=’1
Password: ‘or ‘1’=’1

Ease of Moderate
Exploitation
Impact SQL Injection has become a common issue with database-driven
web sites. The flaw is easily detected, and easily exploited, and
as such, any site or software package with even a minimal user
base is likely to be subject to an attempted attack of this kind.
Recommendation We should protect password by using combinations of upper
case, numbers and symbols.
Location https://acsnskoolapps.in
References https://www.owasp.org/index.php/SQL_Injection
 3. GET SQL Injection
Security Level High
Description A GET SQL injection attack consists of insertion or "injection"
of a SQL query via the input data from URL.
Observation C:\sqlmap-master>python sqlmap.py -u
testphp.vulnweb.com/artists.php?artist=1 –dbs

C:\sqlmap-master>python sqlmap.py -u
testphp.vulnweb.com/artists.php?artist=1 -D acuart –tables

C:\sqlmap-master>python sqlmap.py -u
testphp.vulnweb.com/artists.php?artist=1 -D acuart -T users –
column

C:\sqlmap-master>python sqlmap.py -u
testphp.vulnweb.com/artists.php?artist=1 -D acuart -T users -C
name,phone --dump

Ease of Exploitation Moderate

Impact A successful SQL injection exploit can read sensitive data
from the database, modify database data
(Insert/Update/Delete), execute administration operations on
the database.
Recommendation Use the bind method and whitelist attributes which can be updated.
Use a model which does not have values the user should not edit.
Location  /examples/servlets/nonblocking/bytecounter
References https://www.owasp.org/index.php/SQL_Injection
 4. POST SQL Injection
Security Level High
Description A GET SQL injection attack consists of insertion or "injection" of a
SQL query via the input data from post request.
Observation C:\sqlmap-master>python sqlmap.py -r postsql1.txt "id" --dbs --
threads 5
C:\sqlmap-master>python sqlmap.py -r postsql1.txt "id" -D acuart –
tables

C:\sqlmap-master>python sqlmap.py -r postsql1.txt "id" -D acuart -T

users –column

C:\sqlmap-master>python sqlmap.py -r postsql1.txt "id" -D acuart -T

users -C name,phone --dump

Ease of Moderate
Exploitation
Impact A successful SQL injection exploit can read sensitive data from the
database, modify database data (Insert/Update/Delete), execute
administration operations on the database.
Recommendation Use the bind method and whitelist attributes which can be updated.
Use a model which does not have values the user should not edit.
Location  /examples/servlets/nonblocking/bytecounter
References https://www.owasp.org/index.php/SQL_Injection
 5. Cross-Site Request Forgery
(CSRF)
Security Level Medium
Description CSRF is an attack that tricks the victim into submitting a
malicious request. If the user is currently authenticated to the
site, the site will have no way to distinguish between the forged
request sent by the victim and a legitimate request sent by the
victim.
Observation Capture the change request on burp suite and generate CSRF POC.
Save the file in .html format and open it in other browser
Ease of Moderate
Exploitation
Impact It changes the request which consist of reservation of 2 rooms and 4 persons to 8
rooms and 20 persons.
Recommendation The most common method to append CSRF tokens to each request and associate
them with user’s session.
Location https://hotelornate.com.pk/leftmenubody.php?id=56
References https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)
 6. CLICK JACKING
Security Level Medium
Description Click jacking is an attack that tricks a user into clicking a
webpage element which is invisible or disguised as another
element. clickjacking is performed by displaying an invisible
page or HTML element, inside an iframe, on top of the page
the user sees.
Observation Create a HTML page inside an iframe and save It with .html
extension.

Open it in a browser.

Ease of Moderate
Exploitation
Impact

Recommendation Click jacking can be prevented using a host of client side

browser plugins such as
• No Script – http://noscript.net
• Web Protection Suite –
http://www.comitari.com/Web_Protection_Suite
Location http://www.gits.ac.in/
References https://www.owasp.org/index.php/Testing_for_Clickjacking_(OTG-CLIENT-009)
 7. File Upload
Security Level Low
Description This page allows visitors to upload files to the server.
Observation Uploaded files may pose a significant risk if not handled correctly. A
remote attacker could send a multipart/form-data POST request with a
specially-crafted filename or mime type and execute arbitrary code.

Ease of Moderate
Exploitation
Impact If the uploaded files are not safely checked an attacker may upload
malicious files.
Recommendation Restrict file types accepted for upload.
Change the permissions on the upload folder so the files within it are
not executable.
If possible, rename the files that are uploaded.
Location  http://localhost/DVWA-master/vulnerabilities/upload/#

References https://www.owasp.org/index.php/Unrestricted_File_Upload
 8. IDOR (Insecure Direct Object
Reference)
Security Level Medium
Description IDOR (Insecure Direct Object Reference) is a common
vulnerability that occurs when a reference to an internal
implementation object is exposed without any other access
control. The vulnerability is often easy to discover and allows
attackers to access unauthorized data.
Observation First it shows php id as 7 and give me some info of a author but
when php id get changed to 8 it shows data of another author.
Ease of Moderate
Exploitation
Impact It can compromise all the data that can be referenced by the
parameter
Recommendation Use per user or session indirect object references. This
prevents attackers from directly targeting unauthorized
resources.

Location https://www.af.org.pk/publication-detail.php?id=8
References https://www.owasp.org/index.php/Top_10_2010-A4-
Insecure_Direct_Object_References