Difficulty
easy
Average duration
1 hrs
Technologies
PHP
HTML and CSS
cybersecurity
owasp-a03-injection
blue-team
threat-hunting
xss
Difficulty
easy
Average duration
1 hrs
Technologies
PHP
HTML and CSS
cybersecurity
owasp-a03-injection
blue-team
threat-hunting
xss
In this lab, you will take on the role of a security analyst tasked with auditing an online store that appears to function normally. However, unusual behavior has recently been reported when interacting with certain features of the site. It is suspected that there may be an active vulnerability allowing an attacker to manipulate page content.
Your job is to inspect the application with a critical mindset, identify any weak points in user input handling, and determine if there is a functionality exposed to exploitation.
In this lab, you will practice:
👉 This challenge uses the same virtual machine as the previous lab: Pwned! - Find the backdoor. If you already downloaded it, there's no need to do it again.
1 https://storage.googleapis.com/cybersecurity-machines/web-threats-lab.ova
1 http://<ip_machine>/softwarelicenser/
student:4geeks-lab
.SoftwareLicenser is a live online store currently under internal review. Some users have reported strange behavior when browsing certain pages or submitting forms. Your mission is to inspect the application as a Blue Team analyst, identify any suspicious interactions, and determine if there's a vulnerable endpoint that allows malicious content injection.
If you manage to identify the compromised file, you’ll be able to validate it and close the incident — the system will reveal what you're looking for to confirm your findings.
1validate-xss
Good luck, Analyst!
Difficulty
easy
Average duration
1 hrs
Technologies
PHP
HTML and CSS
cybersecurity
owasp-a03-injection
blue-team
threat-hunting
xss
Difficulty
easy
Average duration
1 hrs
Technologies
PHP
HTML and CSS
cybersecurity
owasp-a03-injection
blue-team
threat-hunting
xss
Difficulty
easy
Average duration
1 hrs
Technologies
PHP
HTML and CSS
cybersecurity
owasp-a03-injection
blue-team
threat-hunting
xss
Difficulty
easy
Average duration
1 hrs
Technologies
PHP
HTML and CSS
cybersecurity
owasp-a03-injection
blue-team
threat-hunting
xss
Difficulty
easy
Average duration
1 hrs
Technologies
PHP
HTML and CSS
cybersecurity
owasp-a03-injection
blue-team
threat-hunting
xss
Difficulty
easy
Average duration
1 hrs
Technologies
PHP
HTML and CSS
cybersecurity
owasp-a03-injection
blue-team
threat-hunting
xss