Owasp Top 10

WAF RULE TESTING (UNRESTRICTED FILE UPLOAD VULNERABILITY)

Summary In this blog, we are going to test Unrestricted File upload vulnerability on XVWA application with OWASP CRS && CWAF 1.128 (latest version) Ruleset. Test Scenario 1. Test Unrestricted File Upload Vulnerability with OWASP CRS: OWASP CRS block possible malicious files upload i.e .php files from getting compromised by .php shell, but still we are able to find little flaw in the ...

WAF RULE TESTING (LOCAL FILE INCLUSION VULNERABILITY)

In this blog, we will be testing Local File Inclusion (LFI) vulnerability on vulnerable application with OWASP CRS & CWAF Ruleset 1.127 (latest version). Test Scenario 1. Testing LFI attack with OWASP CRS Include the OWASP CRS on apache config: Filename: REQUEST-930-APPLICATION-ATTACK-LFI PARANOIA_LEVEL:1 Rule ID: 930100,930110,930120,930130 Test these following payloads on the xvwa ...

WAF RULE TESTING (OS COMMAND INJECTION VULNERABILITY)

In this blog, we will be Testing OS command injection attack on vulnerable application with OWASP CRS & CWAF Ruleset. How to identify the flaw on OWASP CRS & CWAF Ruleset? At first, set up the vulnerable application i.e XVWA,OWASP Mutillidae Vulnerable App on the server for testing WAF rules. Install modsecurity and include both OWASP CRS && CWAF ruleset in apache config....