VulnerableApp icon indicating copy to clipboard operation
VulnerableApp copied to clipboard

Published 20 hours ago verified publisher icon SasanLabs

Add new Vulnerabilities to fulfil goal for handling 100 vulnerabilities

Open preetkaran20 opened this issue 5 years ago • 11 comments
trafficstars

Is your feature request related to a problem? Please describe. There are many new vulnerabilities which need to be included like:

  1. Unrestricted File Upload
  2. XXE
  3. XSLT

There vulnerabilities need to be thought through because this requires handling of sessions which is quite tricky for vulnerableApp. Many be this need a better thinking.

  1. Source Code Disclosure - /WEB-INF
  2. CSRF attack
  3. Session Fixation

preetkaran20 avatar Aug 09 '20 19:08 preetkaran20

For handling 2nd part: https://github.com/SasanLabs/VulnerableApp/issues/173

preetkaran20 avatar Aug 09 '20 19:08 preetkaran20

Need to handle first part i.e. Unrestricted File Upload, XXE, XSLT faster.

preetkaran20 avatar Aug 09 '20 19:08 preetkaran20

XXE -> Example can be used is of Email template or say workflow design or something like that. Actually because we have designed VulnApp in a way where one Api call and that is entirely vulnerable so designing all vulnerabilities in that is tough. Need to think on on this.

preetkaran20 avatar Aug 11 '20 21:08 preetkaran20

XSLT -> https://www.w3schools.com/xml/tryxslt.asp?xmlfile=cdcatalog&xsltfile=cdcatalog i think can serve as an example. i.e. an endpoint where give the XML and XSLT and we will build the UI.

preetkaran20 avatar Aug 11 '20 21:08 preetkaran20

XXE can be added something like register functionality. XSLT can be to fetch the registered users and showing in the format exposed using XSLT (May be fields etc)

preetkaran20 avatar Aug 16 '20 06:08 preetkaran20

File upload:

  1. Upload a JS file can be used for XSS if possible.
  2. if we name file as something like "../../../something.jsp" and if it does place it in correct place then jsp can be executed and can be quite harmful and we can steal or control anything.
  3. Replacing any existing JS file can be dangerous and impacts customer experience.

Read this tutorial: https://www.youtube.com/watch?v=CmF9sEyKZNo

preetkaran20 avatar Aug 17 '20 06:08 preetkaran20

https://github.com/SasanLabs/VulnerableApp/issues/177 for handling File Upload.

preetkaran20 avatar Aug 17 '20 22:08 preetkaran20

Unrestricted File Upload is done.

preetkaran20 avatar Sep 06 '20 15:09 preetkaran20

As we are having RFI and Unvalidated Redirects which we have not added completely so instead of handling XXE and XSLT i will start working on adding those.

preetkaran20 avatar Sep 06 '20 15:09 preetkaran20

https://github.com/SasanLabs/VulnerableApp/issues/23

preetkaran20 avatar Sep 06 '20 15:09 preetkaran20

URL redirection -> With Ajax calls is quite tough. We can add the client side url redirection but server side requires UI Framework changes. Need to think more on it.

preetkaran20 avatar Sep 19 '20 09:09 preetkaran20