Mapping The Application

the first steep in process of attacking the application is gathering and some key information about it to gain a better understanding what are you up against. the mapping exercise begins by enumerating the application content and functionality to understand what the web application does and how it behaves. much of this functionality is easy to identify, but some of it maybe hidden, requiring a degree of guesswork and lucky discover.

• Enumerating Content and Functionality 

In a typical web application, the majority of content and functionality can be identified via manual browsing.

as shown below :

ATTACKING SESSION MANAGEMENT

 The session management mechanism is a fundamental security component in the majority of web applications. It is what enables the applications to uniquely identify a given user across a number of different requests, and to handle data that it accumulates about the state of that user's interaction with the applications. Where an applications implements login functionality, session management is of particular importance, as it what enables the applications to persist its assurance if any given user's identity beyond the requests in which they supply their credential.

Now I'll show you how to attacking session management on a web applications and do some privileges escalation on it.

Manual Sql Ijection

SQL INJECTION is a code injection technique that exploit a security vulnerable occurring in database layer of an application like Queries.  the vulnerability is present when user input either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly type and thereby unexpectedly executed. It happens from using poorly designed query language interpreters. In the wild, it has been noted that applications experience, on average.

so i will show you when vulnerability sql injection is present. I was found the vulnerability when I browse on a website that can be exploit with sql injection technique. the normally URL is http://victim.biz/?menuid=40, I tried to input character "( ' )" to get error from the application and the url like this http://victim.biz/?menuid='40 so the respond of the website was show a blank page. its mean that the target is vulnerable but I found the error message not yet.