Warning
This repository and its tools are provided "as is" without warranty of any kind, either express or implied, including but not limited to, any warranties of merchantability, fitness for a particular purpose, and non-infringement. The authors shall not be liable for any claims, damages, or other liabilities arising from, out of, or in connection with the use of this tool. The user is solely responsible for ensuring their use of this tool complies with all applicable laws and regulations. The authors disclaim any liability for illegal or unethical use.
flowchart TD
A{**.NET REST API**}
A --> B[SQL DB]
A --> C[File System]
A --> D[Host services]
A --> F[GraphQL]
A --> G[App Services]
A --> H[Memory]
B --> I(*Identities*)
C --> J(*Logs*)
C --> K(*Secrets*)
D --> L(*DNS*)
F --> M(*Sensitive Data*)
G --> O(*Serialized Data*)
G --> R(*Business Logic*)
H --> P(*Variables and functions*)
| Business Workflow | Relevant OWASP ASVS Chapters |
|---|---|
| Personal Data Management | V1 Architecture, Design and Threat Modeling, V5 Validation, Sanitization and Encoding |
| Employee Management | V2 Authentication, V9 Cryptography |
| Client Management | V4 Access Control, V6 Stored Data |
| Banking data Management | V7 Cryptography at Rest, V10 Malicious Code |
| Contracts and Documents Management | V13 File and Resources, V5 Validation, Sanitization and Encoding |
| Identities and Secrets Management | V2 Authentication, V9 Cryptography |
| Administrative Tasks | V4 Access Control, V17 Business Logic |
| Log Management | V19 Logging and Monitoring |
| Service Behavior | V14 API and Web Service Security, V17 Business Logic |
| MITRE Reference | Description | Difficulty |
|---|---|---|
| CWE-22 | Path Traversal | Medium |
| CWE-78 | OS Command Injection | Medium |
| CWE-79 | Cross-site Scripting | Medium |
| CWE-89 | SQL Injection | Easy |
| CWE-94 | Code Injection | Hard |
| CWE-91 | XML Injection | Hard |
| CWE-98 | Remote File Inclusion | Hard |
| CWE-184 | Incomplete List of Disallowed Inputs | Medium |
| CWE-200 | Exposure of Sensitive Information to an Unauthorized Actor | Medium |
| CWE-209 | Generation of Error Message Containing Sensitive Information | Easy |
| CWE-213 | Exposure of Sensitive Information Due to Incompatible Policies | Easy |
| CWE-284 | Improper Access Control | Medium |
| CWE-287 | Improper Authentication | Medium |
| CWE-319 | Cleartext Transmission of Sensitive Information | Easy |
| CWE-326 | Inadequate Encryption Strength | Easy |
| CWE-434 | Unrestricted Upload of File with Dangerous Type | Hard |
| CWE-502 | Deserialization of Untrusted Data | Hard |
| CWE-521 | Weak Password Requirements | Easy |
| CWE-532 | Insertion of Sensitive Information into Log File | Easy |
| CWE 639 | Insecure Direct Object Reference | Medium |
| CWE-611 | XML External Entity Reference | Hard |
| CWE-787 | Out-of-bounds Write | Easy |
| CWE-798 | Use of Hard-coded Credentials | Easy |
| CWE-829 | Local File Inclusion | Easy |
| CWE-840 | Business Logic Error | Easy |
| CWE-912 | Backdoor | Hard |
| CWE-918 | Server-Side Request Forgery | Medium |
| CWE-1270 | Generation of Incorrect Security Tokens | Medium |
-
Try reading Dojo-101, this project contains all you need to hack this app.
-
Become a sponsor and get access to the full methodology and complete write-up.
git clone https://github.com/Aif4thah/VulnerableLightApp.git
cd .\VulnerableLightApp\You can use Dotnet or Docker
Check .csproj file to get the current dotnet version and install .NET SDK
dotnet run [--url=<url>]Alternatively, you can use bin files :
dotnet build
.\bin\Debug\net8.0\VulnerableWebApplication.exe [--url=<url>]docker build -t vulnerablelightapp .
docker run -p 3000:3000 vulnerablelightapp Default : 127.0.0.1:3000
curl -k https://127.0.0.1:3000Ubuntu / Debian exemple
wget https://packages.microsoft.com/config/debian/12/packages-microsoft-prod.deb -O packages-microsoft-prod.deb
dpkg -i packages-microsoft-prod.deb
apt update && apt install -y dotnet-sdk-8.0 dotnet-runtime-8.0Verify you use the intended .NET Framework
where dotnet
dotnet --version
dotnet --list-sdksTo trust the certificate
dotnet dev-certs https --trustdependancies have to be dowloaded from standard sources
dotnet nuget add source "https://api.nuget.org/v3/index.json" --name "Microsoft"-
Special thanks to all the hackers and students who pushed me to improve this work
-
Project maintened by Michael Vacarella
-
Support this effort and give back by sponsoring on GitHub!