Open a terminal window and paste in the following (ShellShock) exploit:
curl -H "User-Agent: () { :; }; /bin/eject" http://127.0.0.1:8080
Note: The application doesn't actually suffer from the ShellShock vulnerability. But, Cloud One Application Security's Malicious Payload algorithms will pick up on the attempts.
Note: Before you begin, be sure to enable the various algorithms within the SQL Injection Policy Configuration!!
To trigger a SQL Injection, do this:
-
Go to http://127.0.0.1:8080/
-
Login to the application
user / user123
- In the menu bar, click "Payments" > "Received Payments".
Note that there are no received payments visible for your user id (which is '3')
- In the URL bar, append the following and hit Enter: ' or 1=1'
After appending, the URL should look like this: http://127.0.0.1:8080/payment/list-received/3 or 1=1
If the attack is successful, you should now see received payments (that pertain to other users of the system).