Security Misconfiguration in DVNA

Security Misconfiguration

Step 1: Login to the application and navigate to /app/calc. Notice that there is a simple calculator functionality

Step 2: Enter some math expression such as 2+4 and press enter. Intercept this request using Burp

Step 3: Send the intercepted request to Burp Repeater(CTRL+R) and navigate to repeater(CTRL+SHIFT+R)

Step 4: Forward the request and notice that the expression is evaluated and application returns a HTTP 200 response

Step 5: Modify the value of eqn in the POST request body to a. Forward the request and notice that the response is a "500 Internal Server Error" and application returns a stack trace

PreviousA6 - Security Misconfiguration NextSecurity Misconfiguration in Mutillidae

Last updated 4 years ago