forked from webpwnized/mutillidae
-
Notifications
You must be signed in to change notification settings - Fork 0
/
privilege-escalation.php
executable file
·53 lines (51 loc) · 1.74 KB
/
privilege-escalation.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
<div class="page-title">Privilege Escalation</div>
<?php include_once (__SITE_ROOT__.'/includes/back-button.inc');?>
<?php include_once (__SITE_ROOT__.'/includes/hints/hints-menu-wrapper.inc'); ?>
<table style="margin-left:auto; margin-right:auto; width: 600px;">
<tr>
<td class="form-header">Privilege Escalation</td>
</tr>
<tr><td> </td></tr>
<tr><td class="label">Cookies</td></tr>
<tr><td> </td></tr>
<tr>
<td>
Some sites keep authentication and/or authorization tokens in the
user-agent (i.e. browser, phone, tablet). This gives the user (and XSS)
large amounts of control over these tokens.
<br/><br/>
For privilege escalation via cookies, alter the cookie values and monitor the
effect. Also, regsiter for two (or more) accounts, log into both, and note any
differences between the respective cookies.
</td>
</tr>
<tr><td> </td></tr>
<tr><td class="label">SQL Injection</td></tr>
<tr><td> </td></tr>
<tr>
<td>
Login pages can be vulnerable to SQL injection such that a password
or possibly a username is required to authenticate.
</td>
</tr>
<tr><td> </td></tr>
<tr><td class="label">Brute Force</td></tr>
<tr><td> </td></tr>
<tr>
<td>
THC Hydra (http://www.thc.org/thc-hydra) and Burp Suite can be used to guess usernames and passwords quickly.
Both tools can attempt to log into sites and report the result.
</td>
</tr>
<tr><td> </td></tr>
<tr><td class="label">Secret Adminnistrative Pages</td></tr>
<tr><td> </td></tr>
<tr>
<td>
Built in pages can sometimes be accessed without a login or using
privilege escalation. These pages can grant administrative authority
to create other admin accounts.
</td>
</tr>
<tr><td> </td></tr>
</table>