"Practice Guide for Penetration Testing: tools and methods to be known"-reading notes (iv) Web-based exploit

Source: Internet
Author: User


Automatically scans for outdated, unpatched software on the Web server and automatically retrieves dangerous files residing on the server. can identify a number of specific problems, but also can check out the server configuration problems.


#./nikto.pl–h target_host–p Target_port–o Output_file_path

#./nikto.pl Update


Quickly and easily identify web vulnerabilities, including SQL injection, cross-site scripting, text inclusion, cross-site request forgery, and more.



The preferred tool for interacting with the target Web server.

After the vulnerability scan has been completed with Nikto and Websecurify, the next logical step is to run the web crawler on the target site. A web crawler is a very useful tool for checking and reading (or crawling) the target site to find all links and related files. With web crawlers, every link, webpage and known file of the target site is recorded and sorted. These categorical data are useful for accessing restricted Web pages and locating files or information that are inadvertently exposed.


# Java–jar WebScarab


1. Open the webscarab,tools–> use full-featured interface and restart

2. Set the browser to proxy mode,

Code injection attacks

The difference between explanatory and compiled languages is that explanatory languages produce machine code only before they are executed, whereas a compiled language requires the programmer to compile the source code and generate the executable file. Most of the current Web applications use interpretive programming languages and schema patterns for the backend databases that store information. In modern Web applications such as e-commerce, the job of explanatory language is to build a series of executable statements in conjunction with the programmer's initial work and user input .

SQL injection attacks:

SELECT * from users WHERE uname = ' or 1 = 1–and pwd = ' BT '

"*" wildcard, which informs SQL to return all columns of a matching record in a table

A pair of single quotes to the right of the equals sign is automatically added, indicating that the query object is a string

' OR 1 = 1-' Closes the left single quotation mark, keeping the query statement balanced. or 1 = 1 to make this query statement always true, all columns are returned. --The code after the comment.


Cross-site scripting is a process that injects a script into a Web application.

The injected script is saved in the original Web page, and all browsers accessing the Web page will run or process the script. Cross-site scripting attacks occur when the injection script actually becomes part of the original code.

Non-persistent cross-site scripting attack: A client sends a malicious script to a vulnerable server and the server reflects or bounces a script to the user. In this case, the payload (or script) is immediately executed. This attack process occurs in a single response/request. does not have persistence. To implement an attack, a malicious URL can only be sent to the user via e-mail, instant message, and so on, so the attack is performed on the attacker's browser.

Persistent cross-site scripting attacks: Malicious scripts are saved directly to the vulnerable server. Since the script is saved on the server, any user accessing the Web app will trigger the execution of the script.

WebGoat: Drill Platform

"Practice Guide for Penetration Testing: tools and methods to be known"-reading notes (iv) Web-based exploit

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.