Proj 4 for CNIT 122: Scanning a LAMP Application with w3af (10 pts.)

Background

Many websites are vulnerable to SQL injection and other attacks. W3af is a free vulnerability scanner from Rapid7 that finds such vulnerabilities.

What You Need

A BackTrack Linux 5 real or virtual machine running the vulnerable LAMP Web application you made in the previous project

Starting BackTrack

If you are using BackTrack 5, you need to do these things at startup:

Log in as root with password toor
Start the graphical desktop with startx

Scanning your Web Application with w3af

In a Terminal window, execute these commands:

cd /pentest/web/w3af
./w3af_gui

w3af starts with a pretty GUI. When it asks whether you want to update w3af, click No. (Updating is probably a good idea, but not necessary for this project. I used revision 4287 and it worked.)

In the "Update Report" window, click the OK button.

In the main w3af window, on the left side, click "audit_high_risk". Click in the "Target:" field and enter this URL:

http://localhost/customer.html

Your screen should look like the image below:

Click the Start button. The scan should only take a few seconds, and find the "Blind SQL injection", as shown below on this page:

Turning In Your Project

Make sure the "Blind SQL injection" message is visible.

Save this screen shot with a filename of Proj 4 from Your Name.

Email the image to cnit.122sam@gmail.com with a subject of "Project 4 from YOUR NAME".

Last modified: 8-30-11