This page is designed to capture any parameters sent and store them in a file and a database table. It loops through
the POST and GET parameters and records them to a file named captured-data.txt. On this system, the
file should be found at /var/www/mutillidae/captured-data.txt. The page
also tries to store the captured data in a database table named captured_data. There is another page named
captured-data.php that attempts to list the contents of this table.
The data captured on this request is: page = capture-data.php
showhints = 1
PHPSESSID = 31904d6a808ca8244665a59ea2ba4c8e
showhints = 1
PHPSESSID = 31904d6a808ca8244665a59ea2ba4c8e
Would it be possible to hack the hacker? Assume the hacker will view the captured requests with a web browser.
Hints
Cross Site Scripting
This page is the easiest in the site to inject XSS. The page reflects any input. This input
could be from the Cookies, and URL query parameter, or any POSTed parameter.
Cross Site Scripting Via URL query parameters
Try make up any URL query parameter and inject a script. In reality, just inject a script
as the variable. This page is very easy to inject.
Cross Site Scripting Via POST parameters
Use Burp-Suite to create POST parameters. Make one of the parameters a cross site script.
Cross Site Scripting Via Cookie
Use Cookie Manager or Burp-Suite to create a cross site script. When this page
prints the value of the cookie to the screen, the script will execute.
Mutillidae: Born to be Hacked
Back