HTB ACADEMY — Introduction to Web Applications
Last updated
Last updated
Read only
Read only
Read only
Read only
Sensitive Data Exposure refers to the availability of sensitive data in clear-text to the end-user. This is usually found in the source code of the web page or page source on the front end of web applications. This is the HTML source code of the application, not to be confused with the back end code that is typically only accessible on the server itself. We can view any website's page source in our browser by right-clicking anywhere on the page and selecting View Page Source from the pop-up menu.
Question : Check the above login form for exposed passwords. Submit the password as the answer.
I spawn the machine and then i landed to the login page.
By opening the page code source (CRTL + u), we see a commentary, and we got a username and a password.
Then, we can reply to the question asked.
HTML injection occurs when unfiltered user input is displayed on the page. This can either be through retrieving previously submitted code, like retrieving a user comment from the back end database, or by directly displaying unfiltered user input through JavaScript on the front end.
Question : What text would be displayed on the page if we use the following payload as our input:<a href="http://www.hackthebox.com">Click Me</a>
I spawn the machine and then i landed on this page
After click on the button, a input popup appear and then we write into the following code : <a href="http://www.hackthebox.com">Click Me</a>
After clicking OK, we got Our answer.
HTML Injection vulnerabilities can often be utilized to also perform Cross-Site Scripting (XSS) attacks by injecting JavaScript code to be executed on the client-side. Once we can execute code on the victim's machine, we can potentially gain access to the victim's account or even their machine. XSS is very similar to HTML Injection in practice. However, XSS involves the injection of JavaScript code to perform more advanced attacks on the client-side, instead of merely injecting HTML code.
There are three main types of XSS:
Reflected XSS
Occurs when user input is displayed on the page after processing (e.g., search result or error message).
Stored XSS
Occurs when user input is stored in the back end database and then displayed upon retrieval (e.g., posts or comments).
DOM XSS
Occurs when user input is directly shown in the browser and is written to an HTML DOM object (e.g., vulnerable username or page title).
Question : Try to use XSS to get the cookie value in the above page.
I spawn the machine
After landed on the page :
By clicking on the button ( the same input popup than for HTML injection ) and after wrote into these code #"><img src=/ onerror=alert(document.cookie)> we got our answer
The third type of front end vulnerability that is caused by unfiltered user input is Cross-Site Request Forgery (CSRF). CSRF attacks may utilize XSS vulnerabilities to perform certain queries, and API calls on a web application that the victim is currently authenticated to. This would allow the attacker to perform actions as the authenticated user. It may also utilize other vulnerabilities to perform the same functions, like utilizing HTTP parameters for attacks.
( Read only )
A back-end server is the hardware and operating system on the back end that hosts all of the applications necessary to run the web application. It is the real system running all of the processes and carrying out all of the tasks that make up the entire web application. The back end server would fit in the Data access layer.
The answer is given into this table :
Linux, Apache, MySQL, and PHP.
Windows, Apache, MySQL, and PHP.
Windows, IIS, .NET, and SQL Server
macOS, Apache, MySQL, and PHP.
Cross-Platform, Apache, MySQL, and PHP/PERL.
A web server is an application that runs on the back end server, which handles all of the HTTP traffic from the client-side browser, routes it to the requested pages, and finally responds to the client-side browser. Web servers usually run on TCP ports 80 or 443, and are responsible for connecting end-users to various parts of the web application, in addition to handling their various responses.
I didn't find the answer in the course text. I've looked at the hint (Submit just the code name, without the code number. For example, for the code (200 OK), the answer would be just ‘OK’.) and search on internet.
Web applications utilize back end databases to store various content and information related to the web application. This can be core web application assets like images and files, web application content like posts and updates, or user data like usernames and passwords. This allows web applications to easily and quickly store and retrieve data and enable dynamic content that is different for each user.
The answer of the question is another time not in the text, you need to find it on internet :
after spawning the machine, i made a GET request with curl to retrieve the user with id=1
and we get our answer :
You will find the solution on internet, according to the french gouvernment CVE reporting site :
CVE-2014-6271 is a remote code execution vulnerability.
after a web research we find :
