Course Name and Number: CIS333
Lab Due Date: May 26th, 2013
In this lab, you will verify and perform a cross-site scripting (XSS) exploit and an SQL injection attack on the test bed Web application and Web server using the Damn Vulnerable Web Application (DVWA) found on the TargetUbuntu01 Linux VM server. You will use a Web browser and some simple command strings to identify the IP target host and its known vulnerabilities and exploits, and then attack the Web application and Web server using cross-site scripting (XSS) and an SQL injection to exploit the sample Web application running on that server.
Upon completing this lab, you will be able to: 3. Identify Web application and Web server backend database vulnerabilities as viable attack vectors 4. Develop an attack plan to compromise and exploit a website using cross-site scripting (XSS) against sample vulnerable Web applications 5. Conduct a manual cross-site scripting (XSS) attack against sample vulnerable Web applications 6. Perform SQL injection attacks against sample vulnerable Web applications with e-commerce data entry fields 7. MitigateknownWebapplicationandWebservervulnerabilitieswithsecuritycountermeasurestoeliminate risk from compromise and exploitation
Upon completion of this lab, you are required to provide the following deliverables to your instructor: 1. A written report of the identified vulnerabilities, exploits, and remediation steps covered in this lab; 2. Screen capture of the cross-site scripting (XSS) attack; 3. Screen capture of the SQL injection attack; 4. Lab Assessment Questions & Answers for Lab #8.
Lab #8 Written Report In this lab I was able to identify the vulnerabilities of the Web application immediately by uncovering the Web form’s ability to handle unexpected data. This was accomplished by using DVWA tool to perform an attack exploiting a