Warning
This repository and its tools are provided "as is" without warranty of any kind, either express or implied, including but not limited to, any warranties of merchantability, fitness for a particular purpose, and non-infringement. The authors shall not be liable for any claims, damages, or other liabilities arising from, out of, or in connection with the use of this tool. The user is solely responsible for ensuring their use of this tool complies with all applicable laws and regulations. The authors disclaim any liability for illegal or unethical use.
Tip
Support this effort and give back by sponsoring on GitHub!
flowchart TD
A{**.NET REST API**}
A --> B[SQL DB]
A --> C[File System]
A --> D[Host services]
A --> F[GraphQL]
A --> G[App Services]
A --> H[Memory]
B --> I(*Identities*)
C --> J(*Logs*)
C --> K(*Secrets*)
D --> L(*DNS*)
F --> M(*Sensitive Data*)
G --> O(*Serialized Data*)
G --> R(*Business Logic*)
H --> P(*Variables and functions*)
| MITRE Reference | Description | Difficulty |
|---|---|---|
| CWE-22 | Path Traversal | Medium |
| CWE-78 | OS Command Injection | Easy |
| CWE-79 | Cross-site Scripting | Easy |
| CWE-89 | SQL Injection | Easy |
| CWE-94 | Code Injection | Hard |
| CWE-91 | XML Injection | Hard |
| CWE-98 | Remote File Inclusion | Hard |
| CWE-184 | Incomplete List of Disallowed Inputs | Medium |
| CWE-200 | Exposure of Sensitive Information to an Unauthorized Actor | Medium |
| CWE-213 | Exposure of Sensitive Information Due to Incompatible Policies | Easy |
| CWE-284 | Improper Access Control | Medium |
| CWE-287 | Improper Authentication | Medium |
| CWE-319 | Cleartext Transmission of Sensitive Information | Easy |
| CWE-326 | Inadequate Encryption Strength | Easy |
| CWE-434 | Unrestricted Upload of File with Dangerous Type | Hard |
| CWE-502 | Deserialization of Untrusted Data | Hard |
| CWE-521 | Weak Password Requirements | Easy |
| CWE-532 | Insertion of Sensitive Information into Log File | Easy |
| CWE 639 | Insecure Direct Object Reference | Medium |
| CWE-611 | XML External Entity Reference | Hard |
| CWE-787 | Out-of-bounds Write | Easy |
| CWE-798 | Use of Hard-coded Credentials | Easy |
| CWE-829 | Local File Inclusion | Easy |
| CWE-840 | Business Logic Error | Easy |
| CWE-912 | Backdoor | Hard |
| CWE-918 | Server-Side Request Forgery | Medium |
| CWE-1270 | Generation of Incorrect Security Tokens | Medium |
- Try reading Dojo-101, this project contains all you need to hack this app.
- Become a sponsor and get access to the full methodology and complete write-up.
git clone https://github.com/Aif4thah/VulnerableLightApp.git
cd .\VulnerableLightApp\You can use Dotnet or Docker
Check .csproj file to get the current dotnet version and install .NET SDK
dotnet run [--url=<url>]Alternatively, you can use bin files :
dotnet build
.\bin\Debug\net8.0\VulnerableWebApplication.exe [--url=<url>]docker build -t vulnerablelightapp .
docker run -p 3000:3000 vulnerablelightapp Default : 127.0.0.1:3000
curl -k https://127.0.0.1:3000Your first request may return a 401 code due to unsuccessful authentication. It's ok, Start Hacking !
Verify you use the intended .NET Framework
where dotnet
dotnet --version
dotnet --list-sdksUbuntu / Debian exemple
wget https://packages.microsoft.com/config/debian/12/packages-microsoft-prod.deb -O packages-microsoft-prod.deb
dpkg -i packages-microsoft-prod.deb
apt update && apt install -y dotnet-sdk-8.0 dotnet-runtime-8.0To trust the certificate
dotnet dev-certs https --trustdependancies have to be dowloaded from standard sources
dotnet nuget add source "https://api.nuget.org/v3/index.json" --name "Microsoft"- Be aware that VLA runs Linux and MacOS, but is only tested and supported on Windows.
- Special thanks to all the hackers and students who pushed me to improve this work
- Project maintened by Michael Vacarella