Awesome
<p align="center"> <img src="./LogoVLA.png" alt="Dojo-101" style="width: 400px;" /> </p>
β οΈ Disclaimer : This repository, together with its tools, is provided by Taisen-Solutions on an "as is" basis. Be aware that this application is highly vulnerable, including remote command and code execution. Use it at your own risk. Taisen-Solutions makes no representations or warranties of any kind, express or implied, as to the operation of the information, content, materials, tools, services and/or products included on the repository. Taisen-Solution disclaims, to the full extent permissible by applicable law, all warranties, express or implied, including but not limited to, implied warranties of merchantability and fitness for a particular purpose.
π± Use Case
π Vulnerabilities
| MITRE Reference | Description | Difficulty |
|---|---|---|
| CWE-22 | Path Traversal | Medium |
| CWE-78 | OS Command Injection | Easy |
| CWE-79 | Cross-site Scripting | Easy |
| CWE-89 | SQL Injection | Easy |
| CWE-94 | Code Injection | Hard |
| CWE-91 | XML Injection | Hard |
| CWE-98 | Remote File Inclusion | Hard |
| CWE-184 | Incomplete List of Disallowed Inputs | Medium |
| CWE-200 | Exposure of Sensitive Information to an Unauthorized Actor | Medium |
| CWE-213 | Exposure of Sensitive Information Due to Incompatible Policies | Easy |
| CWE-284 | Improper Access Control | Medium |
| CWE-287 | Improper Authentication | Medium |
| CWE-319 | Cleartext Transmission of Sensitive Information | Easy |
| CWE-326 | Inadequate Encryption Strength | Easy |
| CWE-434 | Unrestricted Upload of File with Dangerous Type | Hard |
| CWE-502 | Deserialization of Untrusted Data | Hard |
| CWE-521 | Weak Password Requirements | Easy |
| CWE-532 | Insertion of Sensitive Information into Log File | Easy |
| CWE 639 | Insecure Direct Object Reference | Medium |
| CWE-611 | XML External Entity Reference | Hard |
| CWE-787 | Out-of-bounds Write | Easy |
| CWE-798 | Use of Hard-coded Credentials | Easy |
| CWE-829 | Local File Inclusion | Easy |
| CWE-912 | Backdoor | Hard |
| CWE-918 | Server-Side Request Forgery | Medium |
| CWE-1270 | Generation of Incorrect Security Tokens | Medium |
π Context
VLA is designed as a vulnerable backend application, running in the following environment :
π Hint & Write Up
- Try reading Dojo-101, this project contains all you need to hack this app !
- Buy me a coffee to get the solution/exploit you want
- Become a sponsor and get a complete Write Up
β Prerequisites
Check .csproj file to get the current dotnet version and install .NET SDK
β¬οΈ Download
git clone https://github.com/Aif4thah/VulnerableLightApp.git
cd .\VulnerableLightApp\
π§ Build
dotnet build
π₯ Run
dotnet run [--url=<url>]
Alternatively, you can use bin files :
.\bin\Debug\net8.0\VulnerableWebApplication.exe [--url=<url>]
Your first request may return a 401 code due to unsuccessful authentication. Start Hacking !
π οΈ Debug
Dotnet Framework
Verify you use the intended .NET Framework
where dotnet
dotnet --version
dotnet --list-sdks
Dotnet on Linux
Ubuntu / Debian exemple
wget https://packages.microsoft.com/config/debian/12/packages-microsoft-prod.deb -O packages-microsoft-prod.deb
dpkg -i packages-microsoft-prod.deb
apt update && apt install -y dotnet-sdk-8.0 dotnet-runtime-8.0
Certificates
To trust the certificate
dotnet dev-certs https --trust
Dependancies
dependancies have to be dowloaded from standard sources
dotnet nuget add source "https://api.nuget.org/v3/index.json" --name "Microsoft"
Misc
- Be aware that VLA runs Linux and MacOS, but is only tested and supported on Windows.
π CrΓ©dits
- Special thanks to all the hackers and students who pushed me to improve this work
- Project maintened by Michael Vacarella