Saka

Hello, I have prepared an article that will give you information about the Saka project in general.

1. What’s Saka
2. Running the Application
3. Web Vulnerabilities

What’s Saka

Saka is a project that can run on a docker container developed with .Net Core 3 which contains web vulnerabilities and also works on environments that support .Net Core 3.

It is divided into three as scope of project, hints and attack page.

Scope of project

On the homepage of the project, a scenario text welcomes the users. This text was created to help testers on the project explain the scope and move in the expected direction.

Hints

Three hints are left to help the tester during the detection of vulnerabilities in the project. As you go from left to right, the detail given in the clues increases.

• Hint 1 : The minimum information about the vulnerability is given as hint.
• Hint 2 : Some of the words in the payloads used to trigger the vulnerability are given as hints.
• Hint 3 : A direct payload for the vulnerability to happen or instructions on how to do it, is given as hint.

Attack Page

It is the page that contains the relevant web vulnerability.

Running the Application

It is the part that shows how to run the container pulled from Docker hub or the Saka project cloned via github.

Docker

docker pull erdemstar/saka:container-name
docker run -d -p 80:80 erdemstar/saka:container-name

Visual Studio 2019 IDE

git clone https://github.com/Erdemstar/Saka
cd project-name
- mouse click on project-name.sln
- devenv project-name.sln (CMD)

Web Vulnerabilities

Saka is a project that contains different web vulnerabilities. You can find out what the existing vulnerabilities are and how they are resolved from the links below.

Cross Site Scripting

Reflected XSS

• Reflected XSS (Input)
• Reflected XSS (JS Variable)
• Reflected XSS (Referer)
• Reflected XSS (Tag Attribute)
• Reflected XSS (Tag Attribute href)
• Reflected XSS (User agent)