⚠️ This repository and its tools are provided "as is." The author(s) make no representations or warranties, express or implied, regarding the operation of the information, content, materials, tools, services, or products included. The author(s) disclaim, to the full extent permissible by law, all warranties, express or implied, including implied warranties of merchantability and fitness for a particular purpose.
flowchart TD
A{**.NET REST API**}
A --> B[SQL DB]
A --> C[File System]
A --> D[Host services]
A --> F[GraphQL]
A --> G[App Services]
A --> H[Memory]
B --> I(*Identities*)
C --> J(*Logs*)
C --> K(*Secrets*)
D --> L(*DNS*)
F --> M(*Sensitive Data*)
G --> O(*Serialized Data*)
G --> R(*Business Logic*)
H --> P(*Variables and functions*)
| MITRE Reference | Description | Difficulty |
|---|---|---|
| CWE-22 | Path Traversal | Medium |
| CWE-78 | OS Command Injection | Easy |
| CWE-79 | Cross-site Scripting | Easy |
| CWE-89 | SQL Injection | Easy |
| CWE-94 | Code Injection | Hard |
| CWE-91 | XML Injection | Hard |
| CWE-98 | Remote File Inclusion | Hard |
| CWE-184 | Incomplete List of Disallowed Inputs | Medium |
| CWE-200 | Exposure of Sensitive Information to an Unauthorized Actor | Medium |
| CWE-213 | Exposure of Sensitive Information Due to Incompatible Policies | Easy |
| CWE-284 | Improper Access Control | Medium |
| CWE-287 | Improper Authentication | Medium |
| CWE-319 | Cleartext Transmission of Sensitive Information | Easy |
| CWE-326 | Inadequate Encryption Strength | Easy |
| CWE-434 | Unrestricted Upload of File with Dangerous Type | Hard |
| CWE-502 | Deserialization of Untrusted Data | Hard |
| CWE-521 | Weak Password Requirements | Easy |
| CWE-532 | Insertion of Sensitive Information into Log File | Easy |
| CWE 639 | Insecure Direct Object Reference | Medium |
| CWE-611 | XML External Entity Reference | Hard |
| CWE-787 | Out-of-bounds Write | Easy |
| CWE-798 | Use of Hard-coded Credentials | Easy |
| CWE-829 | Local File Inclusion | Easy |
| CWE-840 | Business Logic Error | Easy |
| CWE-912 | Backdoor | Hard |
| CWE-918 | Server-Side Request Forgery | Medium |
| CWE-1270 | Generation of Incorrect Security Tokens | Medium |
- Try reading Dojo-101, this project contains all you need to hack this app.
- Become a sponsor and get access to the full methodology and complete write-up.
git clone https://github.com/Aif4thah/VulnerableLightApp.git
cd .\VulnerableLightApp\You can use Dotnet or Docker
Check .csproj file to get the current dotnet version and install .NET SDK
dotnet run [--url=<url>]Alternatively, you can use bin files :
dotnet build
.\bin\Debug\net8.0\VulnerableWebApplication.exe [--url=<url>]docker build -t vulnerablelightapp .
docker run -p 3000:3000 vulnerablelightapp Default : 127.0.0.1:3000
curl -k https://127.0.0.1:3000Your first request may return a 401 code due to unsuccessful authentication. It's ok, Start Hacking !
Verify you use the intended .NET Framework
where dotnet
dotnet --version
dotnet --list-sdksUbuntu / Debian exemple
wget https://packages.microsoft.com/config/debian/12/packages-microsoft-prod.deb -O packages-microsoft-prod.deb
dpkg -i packages-microsoft-prod.deb
apt update && apt install -y dotnet-sdk-8.0 dotnet-runtime-8.0To trust the certificate
dotnet dev-certs https --trustdependancies have to be dowloaded from standard sources
dotnet nuget add source "https://api.nuget.org/v3/index.json" --name "Microsoft"- Be aware that VLA runs Linux and MacOS, but is only tested and supported on Windows.
- Special thanks to all the hackers and students who pushed me to improve this work
- Project maintened by Michael Vacarella