Answers can be found at http://mdsec.net/wahh.
- You are attacking an application that employs two different servers: an application server and a database server. You have discovered a vulnerability that allows you to execute arbitrary operating system commands on the application server. Can you exploit this vulnerability to retrieve sensitive application data held within the database?
- In a different case, you have discovered a SQL injection flaw that can be exploited to execute arbitrary operating system commands on the database server. Can you leverage this vulnerability to compromise the application server? For example, could you modify the application's scripts held on the application server, and the content returned to users?
You are attacking a web application that is hosted in a shared environment. By taking out a contract with the ISP, you can acquire some web space on the same server as your target, where you are permitted to upload PHP scripts.
Can you exploit this situation to compromise the application you are targeting?
- The architecture components Linux, Apache, MySQL, and PHP are often found installed on the same physical server. Why can this diminish the security posture of the application's architecture?
- How could you look for evidence that the application you are attacking is part of a wider application managed by an application service provider?