Bodge IT Store is a vulnerable web application intended for pen-testers to practice their web app pen-test skills in a safe environment.
The Bodge It Store include the following significant vulnerabilities:
- Cross Site Scripting
- SQL injection
- Hidden (but unprotected) content
- Cross Site Request Forgery
- Debug code
- Insecure Object References
- Application logic vulnerabilities
Installation
Backtrack5 was used for this purpose
1. Install tomcat
$ apt-get install tomcat6
2. Download bodgeit, unzip and move the war file to the /var/lib/tomcat6/webapps folder
$ wget http://bodgeit.googlecode.com/files/bodgeit.1.3.0.zip
$ unzip bodgeit.1.3.0.zip
$ mv bodgeit.war /var/lib/tomcat6/webapps
3. Start tomcat
$ /etc/init.d/tomcat6 start
$ /etc/init.d/tomcat6 start
4. If all went well, you can now access the bodgeit store instance on the IP address of the BT5 or localhost - http://127.0.0.1:8080/bodgeit
Challenges
The challenges link is http://192.168.80.140:8080/bodgeit/score.jsp
Note that the IP address 192.168.80.140 is the IP address of my BT5 VM instance.
In solving these challenges, the following tools were used:
- Firefox with firebug addon
- Burpsuite free edition
Challenge 1: Login as test@thebodgeitstore.com
- Navigate to the login page http://192.168.80.140:8080/bodgeit/login.jsp
- Login as test@thebodgeitstore.com’ or ‘’=’
Challenge 2: Login as user1@thebodgeitstore.com
- Navigate to the login page http://192.168.80.140:8080/bodgeit/login.jsp
- Login as user1@thebodgeitstore.com’ or ‘’=’
Challenge 3: Login as user1@thebodgeitstore.com
- Navigate to the login page http://192.168.80.140:8080/bodgeit/login.jsp
- Login as admin@thebodgeitstore.com’ or ‘’=’
Challenge 4: Find hidden content as a non admin user
- Navigate to the bodgeit main page http://192.168.80.140:8080/bodgeit
- View the source code to find admin.jsp
Challenge 5: Find diagnostic data
- I didn’t probe enough to find this J. Le me know if you find it
Challenge 6: Display a popup using: <script>alert(“XSS”)</script>
- I didn’t probe enough to find this J. Le me know if you find it
Challenge 7: Access someone elses’ basket
- Navigate to the “your basket” page http://192.168.80.140:8080/bodgeit/basket.jsp
- View your cookies and manipulate the value of the “b_id” cookie
Challenge 8: Get the store to owe you money
- Navigate to the “your basket” page http://192.168.80.140:8080/bodgeit/basket.jsp
- Add any item to your basket
- Before updating your basket, manipulate the quantity value to a negative number
Challenge 9: Change your password via a GET request
- http://192.168.80.139:8080/bodgeit/password.jsp?password1=newpass&password2=newpass
This comment has been removed by the author.
ReplyDeletehow to Force someone to add an item to their basket when they visit your webpage in bodegit application?
ReplyDelete