RatSite

Instructions for Testing

Step 1: Gather All Parameters

Start by identifying all the input points in the application:

• Inspect the source code for form inputs (e.g., username, password, and hidden fields like CSRF tokens).
• Use browser developer tools to view all network requests made by the application. Look for parameters in the query string (GET requests) and in the body of POST requests.
• Record all discovered parameters and their expected input formats.

Step 2: Feed Parameters to SQLmap

Once you've gathered all parameters, you can test for SQL injection vulnerabilities using SQLmap:

• Start SQLmap with a specific URL, including query parameters, for GET requests:

sqlmap -u "http://example.com/login.php?username=admin&password=1234"

• For POST requests, save the request data using tools like Burp Suite or browser developer tools, then pass the file to SQLmap:

sqlmap -r request.txt

• Let SQLmap automatically test the parameters and identify potential vulnerabilities.

Step 3: Test with Authorize

Use the Authorize plugin or a similar tool to test for authorization flaws:

• Log in with a regular user account and capture requests made to the application.
• Replay the same requests while logged out or logged in as another user to see if unauthorized access is possible.
• Focus on endpoints handling sensitive data, such as user settings, orders, or administrative actions.

Tips for Success

• Document your findings carefully, including which parameters were vulnerable and the specific payloads used.
• Always validate the application’s response to confirm if a vulnerability is exploitable.
• Explore combinations of AngularJS, `urldecode`, and other techniques for crafting effective payloads.

Happy testing! Remember to act responsibly and use these skills ethically.