Cloudgoat RCE_WEB_APP Scenario Introduction CloudGoat is a training and learning platform developed by Rhino Security Labs to help individuals and organizations understand the risks and vulnerabilities associated with cloud-based applications. One of the scenarios available on CloudGoat is the RCE_web_app scenario, which allows users to practice exploiting remote code execution vulnerabilities in a web application running on the cloud. In this blog post, we will walk through the RCE_web_app scenario in CloudGoat and provide a step-by-step guide on how to exploit the vulnerability and gain access to the application’s backend. We will also discuss the significance of this vulnerability and how it can be prevented in real-world scenarios. By the end of this post, you should have a better understanding of the risks and challenges associated with web application security in the cloud and how to mitigate them. So, let’s get started! ...

OS Command Injection Vulnerable Example The following snippet contains a Flask web application written in Python that executes the nslookup command to resolve the host supplied by the user. @app.route("/dns") def page(): hostname = request.values.get(hostname) cmd = 'nslookup ' + hostname return subprocess.check_output(cmd, shell=True) We can see the hostname appended to the command and executed on a subshell with the paratmeter shell=true, an attacker could stack another command with ; in the GET parameter to inject other commands for example cat /etc/paswd . ...

Templated Dificulty: easy Description: Can you exploit this simple mistake? Solution First we visit the site and see that uses jinja2, this template is susceptible to SSTI attacks. We see that the directory searched is rendered in the page with 25, so its vulnerable to SSTI. We use the payload that will allow us to RCE on the server to read the file flag.txt, we extract it from PayloadsAllTheThings. ...

OS command injection allows an attacker to execute arbitrary operating system (OS) commands on the server that is running an application, and typically fully compromise the application and all its data. OS command injection, simple case This lab contains an OS command injection vulnerability in the product stock checker. The application executes a shell command containing user-supplied product and store IDs, and returns the raw output from the command in its response. ...

Cross-site scripting known as XSS is a web vulnerability in which malicious scripts are injected int benign and trusted websites. XSS occur when an attacker send malicious code in any user input fields in a browser to a different end-user. Mechanisms In an XSS attack the attacker inject script in HTML code so you’ll have to know javascript and HTML syntax, wbe uses scripts to control client-side application logic and make the website interactive, for example this script generates Hello! pop-up on the web page: ...