Goal:
- Become an administrator
Steps:
- Exploit an XSS
- Exploit an SQLi Reflected
- Getting an access to the admin panel to retrieve the validation password
I recommend the following links before starting the challenge:
- https://portswigger.net/kb/issues/00200331_client-side-sql-injection-reflected-dom-based
- https://sql.sh/
- https://www.owasp.org/index.php/SQL_Injection
Necessary steps to configure the challenge correctly:
- Be sure to change the credentials of your current database in the
config/db.phpfile - Import
challenge.sqlinto your favorite DBMS. - Create a bot system (with PhantomJS or something else) that visits the
bot/log.htmlfile every minute. - The challenge is free of rights, reusable and modifiable. Feel free to send me your updates.
This information needs to be divulged in a way (index.php.bak?), that's why I give it here:
- The database contains a table
users - The
userstable contains 4 columns:username,password,adminandviews - When registering, 0 is assigned to the
admincolumn
The front-end used comes from the site https://root-me.org (which I recommend).