Merge pull request adeyosemanputra#173 from RupakBiswas-2304/master

Update in solution.md
v0nerd · Sep 18, 2022 · 94e1199 · 94e1199
2 parents 02b192e + 2149af8
commit 94e1199
Showing 1 changed file with 25 additions and 1 deletion.
diff --git a/pygoat/Solutions/solution.md b/pygoat/Solutions/solution.md
@@ -494,7 +494,7 @@ This results as being logged in as Admin
 
 
 
-**Server side Template Injection**
+### 2021-A3:Server side Template Injection
 
 `{% load log %}
 {% get_admin_log 5 as log %}
@@ -506,3 +506,27 @@ add a post which includes this content
 
 The result would look like this -->
 ![Screenshot from 2022-06-10 21-04-29](https://user-images.githubusercontent.com/75058161/173106213-9e218e81-d4b2-4447-9570-4aa8de3dea88.png)
+
+### 2021-A8: Software and Data Integrity failure
+This data is a demonstration that how an XSS attack can deceive users to download any malicious file. The lab consists of a page to download a file, and a direct link to that page is also given (from a hacker). Let's download both files and compare the hash before opening that.
+![image](https://user-images.githubusercontent.com/75058161/190912308-1d26fb2e-2c6c-4c67-bf2a-9bb0f4abbfd0.png)
+So as we can see the hashes don't match. So as a user we should always cross-check signatures for verification of Data Integrity. 
+
+More more information about the attack itself you can look into the url --> 
+```http://127.0.0.1:8000/2021/A8/lab2?username=user+%3Cscript%3Edocument.getElementById%28%22download_link%22%29.setAttribute%28%22href%22%2C%22%2Fstatic%2Ffake.txt%22%29%3B%3C%2Fscript%3Euser+%3Cscript%3Edocument.getElementById%28%22download_link%22%29.setAttribute%28%22href%22%2C%22%2Fstatic%2Ffake.txt%22%29%3B%3C%2Fscript%3E``` 
+It have a file url and XXS attack to replace the actual file url.
+
+### 2021-A9: Insufficient Logging & Monitoring
+This lab have active logging and have a login page ( we don't have credential )
+So every fake entry is logged so the user name is printed in the file itself..
+```ERROR:root:2022-07-04 07:21:50.906938:127.0.0.1:User1:Hash1```
+this is a sample hash ..
+So we can Enter user name anything and password = ```pass\nERROR:root:2022-07-04 07:21:50.906938:127.0.0.1:User1:Hash1```
+It will create one fake log and also it can cause log overflow also by passing lots of data in injection.
+
+### 2021:A10 : SSRF lab2
+This lab have a local page at ```/ssrf_target``` that can be only accesed from localhost. Now if we do ```python manage.py runserver``` that page will be accisible 
+but if we start the server by ```python manage.py runserver 0:8000``` the page wont be accessble from ```http://[your ip]/ssrf_target``` 
+
+Now comes the utility that takes the URL and fetch the data, if we give the localhost url to this utility it can fetch the data easily and we can see the page from outside localhost. 
+