OWASP Mutillidae II: Keep Calm and Pwn On
|
| Home | | | Login/Register | | | Toggle Hints | | | Show Popup Hints | | | Toggle Security | | | Enforce SSL | | | Reset DB | | | View Log | | | View Captured Data |
-
OWASP 2017
- A1 - Injection (SQL)
-
A1 - Injection (Other)
- Application Log Injection
- Buffer Overflow
- Cascading Style Injection
- CBC-bit Flipping
- Command Injection
- Frame Source Injection
-
HTML Injection (HTMLi)
- Add to your blog
- Browser Info
- DNS Lookup
- Echo Message
- Pen Test Tool Lookup
- Text File Viewer
- User Info (SQL)
- User Info (XPath)
- Set Background Color
- HTML5 Web Storage
- Capture Data Page
- View Captured Data
- Document Viewer
- Arbitrary File Inclusion
- Poll Question
- Register User
- Login
- Those "Back" Buttons
- Styling with Mutilidae
- Password Generator
- HTMLi via HTTP Headers
- HTMLi Via DOM Injection
- HTMLi Via Cookie Injection
- HTTP Parameter Pollution
- JavaScript Injection
- JavaScript Object Notation (JSON) Injection
- LDAP Injection
- Parameter Addition
- XML External Entity Injection
- XML Entity Expansion
- XML Injection
- XPath Injection
- A2 - Broken Authentication and Session Management
- A3 - Sensitive Data Exposure
- A4 - XML External Entities
- A5 - Broken Access Control
- A6 - Security Misconfiguration
-
A7 - Cross Site Scripting (XSS)
-
Reflected (First Order)
- DNS Lookup
- Echo Message
- Pen Test Tool Lookup
- Text File Viewer
- User Info (SQL)
- Set Background Color
- HTML5 Web Storage
- Capture Data Page
- Document Viewer
- Arbitrary File Inclusion
- XML Validator
- User Info (XPath)
- Poll Question
- Register User
- Browser Info
- Those "Back" Buttons
- Styling with Mutilidae
- Password Generator
- Client-side Control Challenge
- Persistent (Second Order)
- DOM-Based
- Cross Site Request Forgery (CSRF)
- Via "Input" (GET/POST)
- Via HTTP Headers
- Via HTTP Attribute
- Via Misconfiguration
- Against HTML5 Web Storage
- Against JSON
- Via Cookie Injection
- Via XML Injection
- Via XPath Injection
- Via Path Relative Style Sheet Injection
-
BeeF Framework Targets
- Add to your blog
- View someone's blog
- Show Log
- DNS Lookup
- Echo Message
- Pen Test Tool Lookup
- Text File Viewer
- User Info (SQL)
- Set Background Color
- HTML5 Web Storage
- Capture Data Page
- Document Viewer
- Arbitrary File Inclusion
- XML Validator
- User Info (XPath)
- Poll Question
- Register User
- Password Generator
-
Reflected (First Order)
- A8 - Insecure Deserialization
- A9 - Using Components with Known Vulnerabilities
- A10 - Insufficient Logging and Monitoring
- OWASP 2010
Want to Help?
User PollHints and Videos
Back
Help Me!
