Web - Server

Entdecken Sie die Protokolle und Technologien, die das Internet am laufen halten und lernen Sie diese zu hintergehen

Diese Übungen sind darauf ausgelegt einem HTML, HTTP und andere serverseitige Einrichtungen näher zu bringen. Es werden einem in Grundzügen das Innenleben eines Servers gezeigt: verschiedener Identifikationsmethoden, Auslesen von Formulardaten, usw.

Benötigte Vorkenntnisse:
Grundkenntnisse HTML
Grundkentnisse HTTP
Grundkentnisse Webbrowser

60 Übungen

Ergebnis	Name der Übung	Validierung	Anzahl der Punkte	Schwierigkeitsgrad ↓↑	Autor	Bewertung	Musterlösung
	HTML - Source code	49% 69597	5		g0uZ		2
	HTTP - POST	10% 13919	15		Th1b4ud		1
	HTTP - User-agent	25% 34802	10		g0uZ		3
	Weak password	35% 50158	10		g0uZ		1
	HTTP - Open redirect	16% 23117	10		Swissky		1
	Install files	15% 21204	15		g0uZ		1
	HTTP - Improper redirect	13% 17510	15		Arod		1
	HTTP - Verb tampering	15% 21106	15		g0uZ		1
	HTTP - Headers	16% 23029	15		Arod		1
	HTTP - Directory indexing	24% 34552	15		g0uZ		1
	Backup file	18% 25266	15		g0uZ		1
	PHP - Command injection	16% 22469	10		sambecks		4
	XML External Entity	2% 2267	35		sambecks		0
	XSLT - Code execution	1% 1438	30		ghozt		1
	LDAP injection - Authentication	4% 5084	35		g0uZ		1
	NoSQL injection - Authentication	3% 3757	35		mastho		0
	PHP - Path Truncation	2% 2801	35		Geluchat		0
	PHP - Serialization	3% 3535	35		Arod		0
	SQL injection - Numeric	5% 6522	35		g0uZ		0
	SQL Injection - Routed	2% 1802	35		soka		0
	SQL Truncation	3% 3040	35		Geluchat		0
	SQL injection - Insert	1% 1328	40		sambecks		0
	XPath injection - Authentication	3% 3823	35		g0uZ		0
	Java - Spring Boot	1% 952	40		dvor4x		0
	Local File Inclusion - Wrappers	1% 1413	40		sambecks		0
	PHP - Eval	1% 1038	40		chmod		0
	SQL injection - Error	3% 3092	40		sambecks		0
	SQL injection - Authentication - GBK	3% 3776	30		dvor4x		0
	SQL injection - File reading	2% 2415	40		Arod		0
	XPath injection - String	2% 2017	40		g0uZ		0
	NoSQL injection - Blind	1% 1295	45		ghozt		0
	SQL injection - Time based	2% 2242	45		ycam		0
	SQL injection - String	6% 8418	30		g0uZ		1
	PHP - preg_replace()	4% 4636	30		sambecks		0
	SQL injection - Authentication	13% 18320	30		g0uZ		2
	PHP - assert()	5% 6425	25		Birdy42		1
	CRLF	10% 13547	20		g0uZ		1
	File upload - Double extensions	11% 15653	20		g0uZ		1
	File upload - MIME type	9% 12115	20		g0uZ		2
	HTTP - Cookies	14% 19379	20		g0uZ		1
	JSON Web Token (JWT) - Introduction	1% 96	20		Knowledge		0
	Directory traversal	12% 16336	25		g0uZ		1
	File upload - Null byte	8% 11389	25		g0uZ		1
	Remote File Inclusion	4% 5486	30		g0uZ		2
	JSON Web Token (JWT) - Weak secret	1% 63	25		Jrmbt		0
	PHP - Filters	7% 10010	25		g0uZ		1
	PHP - register globals	6% 8359	25		g0uZ		1
	File upload - ZIP	3% 3620	30		ghozt		0
	Command injection - Filter bypass	2% 2679	30		sambecks		0
	Java - Server-side Template Injection	4% 4612	30		righettod		0
	JSON Web Token (JWT) - Public key	1% 41	30		Jrmbt		0
	Local File Inclusion	9% 12745	30		g0uZ		0
	Local File Inclusion - Double encoding	5% 6050	30		zM		1
	PHP - Loose Comparison	2% 2790	30		ghozt		0
	PHP - type juggling	4% 4439	30		vic		0
	Server Side Request Forgery	1% 434	50		sambecks		0
	SQL injection - Blind	3% 3576	50		g0uZ		0
	LDAP injection - Blind	2% 1488	55		g0uZ		0
	XPath injection - Blind	1% 977	75		g0uZ		0
	SQL injection - Filter bypass	1% 949	80		sambecks		0

Ergebnisse der Übungen

Nickname	Übungen	Sprache	date
Thefreethinker	HTTP - POST		22. August 2019 zu 06:12
BedBug	File upload - Null byte		22. August 2019 zu 06:05
vuanhhao	Backup file		22. August 2019 zu 06:04
vuanhhao	PHP - Command injection		22. August 2019 zu 06:03
Thefreethinker	HTTP - Headers		22. August 2019 zu 05:59
B14CK SPID3R	JSON Web Token (JWT) - Public key		22. August 2019 zu 05:32
lordOfSadi	PHP - Injection de commande		22. August 2019 zu 05:31
Tidyhooker	HTTP - Directory indexing		22. August 2019 zu 05:25
BedBug	JSON Web Token (JWT) - Introduction		22. August 2019 zu 05:19
Oshimai	HTML - Code source		22. August 2019 zu 05:16