[Owasp-o2-platform] How to change a parameter?

Dinis Cruz dinis at ddplus.net
Wed Dec 8 11:19:00 EST 2010


Hummm, it looks like there is a file permission problem that is preventing
the download of the extra references needed to run that PoC.

Here is the error:


[9:06:38 AM] ERROR: [CSharp_FastCompiler] Compilation Error:
0::0::CS0006::Metadata file 'O2_External_O2Mono.dll' could not be
found::
[9:06:38 AM] ERROR: [CSharp_FastCompiler] Compilation Error:
0::0::CS0006::Metadata file 'O2_Core_XRules.dll' could not be found::


Which version of O2 are you running? (the MSI or EXE)

Check out what is currently set-up in the O2 Runtime dir, which you
can find out by just executing this script:

return Environment.CurrentDirectory;

Dinis

On Wed, Dec 8, 2010 at 1:20 PM, Thiago Stuckert <
thiago.melo.stuckert at gmail.com> wrote:

> Sorry for the late feedback.
> The script worked for me. =)
> But I fail to open the 'WebGoat BlackBox exploits', I have to install
> something before?
> Follow the error attached.
> Thank you for your support, Thiago.
>
>
> On 3 December 2010 12:44, dinis cruz <dinis.cruz at owasp.org> wrote:
>
>> Hi Thiago
>>
>> Thanks for giving O2 a try, I've looked at your script and have come up
>> with a *first-pass-at-a-solution* which you can get from here:
>> http://o2platform.wordpress.com/2010/12/03/solving-webgoat-sql-injection-lesson-3rd-one/
>>
>> Expanding on how the blog's entry description on I solved the problem you
>> where having (i.e. how to change the value of the* ie.selectLists()[1].options()[0].select()
>> *field), here are the specific steps/workflow I took to address it:
>>
>>
>>    - See if there is an Watin_IE extension method that already supports
>>    this (see Watin_IE_ExtensionMethod.cs<http://code.google.com/p/o2platform/source/browse/trunk/O2_Scripts/APIs/Windows/WatiN/WatiN_IE_ExtensionMethods.cs>for the full list). Unfortunately, today (unlike TextBoxes for example) that
>>    is not there (basically because nobody asked for it before :)  ). Also note
>>    that this version of WatiN doesn't support the direct editing of this value,
>>    i.e.: *ie.selectLists()[1].options()[0].Value = PAYLOAD*
>>    - Since there was no easy way to change it (and I was pressed for
>>    time), I decided to manipulate directly the HTML (instead of creating the
>>    extension method):
>>       - First I tried to change the value of the Option directly: *ie.selectLists()[1].options()[0].outerHtml("PAYLOAD")
>>       *which although worked in the control, it broke the HTML of the
>>       page
>>       - I then decided to change the select control directly, ie: *
>>       ie.selectLists()[1].outerHtml("PAYLOAD") *which worked ok (note
>>       that that actual payload was a search and replace for the current value of
>>       the option we wanted to edit
>>    - Once the Html was modified, it was just a case of submitting the
>>    button using *ie.button("ViewProfile").click(); *
>>    - I also added a check at the end to make sure it was working
>>
>> Couple notes:
>>
>>    - This script can be dramatically simplified once we add support for
>>    modifying the Options Html tag to the Watin_IE_ExtensionMethod.cs<http://code.google.com/p/o2platform/source/browse/trunk/O2_Scripts/APIs/Windows/WatiN/WatiN_IE_ExtensionMethods.cs>).
>>    There is also a number of debug message that I put in this code to help
>>    understanding what is going on (which can be removed)
>>    - There is actually an WebGoat API which could be used to perform a
>>    number of actions (see API_WebGoat.cs<http://code.google.com/p/o2platform/source/browse/trunk/O2_Scripts/_Sample_Vulnerabilities/WebGoat/API_WebGoat.cs>
>>    )
>>    - This script should be converted into an UnitTest with the final
>>    check done using an Assert.That(...)
>>    - For performance reasons this script can also be written without IE
>>    Browser automation (O2 also has extended support for direct Http
>>    Requests/Responses manipulations)
>>    - One of the research projects that I'm doing at the moment (and could
>>    really do with some help) is how to 'translate' this script into something
>>    that can be consumed by an BlackBox scanner or proxy (one of my targets is
>>    Custom O2 version of Netsparker <http://www.mavitunasecurity.com/> that
>>    I'm building)
>>
>> Let us know if this works out for you
>>
>> Dinis Cruz
>>
>> Blog: http://diniscruz.blogspot.com
>> Twitter: http://twitter.com/DinisCruz
>> Web: http://www.owasp.org/index.php/O2
>>
>>
>>   On 3 December 2010 13:12, Thiago Stuckert <
>> thiago.melo.stuckert at gmail.com> wrote:
>>
>>>  Hi, I am trying to solve the third stage of WebGoat sqli through the
>>> O2.
>>> I can select the larry profile in the list with:
>>> ie.selectLists()[1].options()[0].select().flash();
>>> but I fail to change the value of the paramater id.
>>>
>>> Another way to do this, is intercept the request with webscarab,
>>> Someone automated the webscarab with O2?
>>>
>>> Follow my script:
>>>
>>> panel.clear();
>>> var ie = panel.add_IE().silent(true);
>>>
>>> ie.open("http://172.16.234.138");
>>> ie.link("OWASP WebGoat version 5.3.x").click();
>>> ie.link("Injection Flaws").click();
>>> ie.link("LAB: SQL Injection").click();
>>> ie.link("Stage 3: Numeric SQL Injection").click();
>>>
>>> /*Login with larry user*/
>>> ie.field("password").value("larry");
>>> ie.button("Login").flash().click();
>>>
>>> ie.selectLists()[1].options()[0].select().flash();
>>> var payload = "101 OR 1=1 ORDER BY salary desc";
>>>
>>> /*Change the id*/
>>> /* I couldnt do this */
>>>
>>> ie.button("ViewProfile").click();
>>>
>>> return 0;
>>>
>>> --
>>> Thiago
>>>
>>> _______________________________________________
>>> Owasp-o2-platform mailing list
>>> Owasp-o2-platform at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-o2-platform
>>>
>>>
>>
>
>
> --
> Thiago
>
> _______________________________________________
> Owasp-o2-platform mailing list
> Owasp-o2-platform at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-o2-platform
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-o2-platform/attachments/20101208/a89a43d0/attachment.html 


More information about the Owasp-o2-platform mailing list