Web

Introduction

Related Tools

• Resources
  • PayloadAllTheThings Github
• API Testing
  • Postman
  • Insomia
• Web directory bruteforcers
  • dirb (run dirb on terminal)
  • dirbuster (requires GUI)
  • gobuster (similar tool)
  • dirsearch(faster alternative to dirb) GitHub
• Web crawlers
  • dirhunt GitHub
• Packet utils
  • Burp Suite (requires GUI) Website
  • wget

Key Concepts

• XXE (XML external entity) injection
  • Happens when an application parses uses data from XML files which can be modified to be malicious
  • Website
• LFI (Local File Inclusion)
  • Commonly found in PHP web application (maybe through Wordpress plugins etc)
  • Vulnerable websites can allow you to access local files through directory traversal
  • Look out for ways where you can supply a file path and it is served as a download/printed to the page
• XSS
  • Stored XSS
    • Website uses external resources that contains malicious code
    • If an SVG with XSS payload is in an iframe or embed of a website, it can be executed
  • Reflected XSS
    • When queries to a website is handled and returned in an unsafe way
  • DOM based XSS
    • Client side attack, browser executes payload that didn’t came from the server
• SQL Injection
  • Testing
    • Try using one (single or double) quote for the input and see if there is any errors
    • If an error is returned, the website might be vulnerable
  • Types of attack
    • Union based attack
      • Application displays the output of the query, allowing you to steal information from the database
    • Error based attack
      • Application returns an error with details about the query, helping you to craft queries to bypass checks
  • Resources
    • Sqlmap GitHub
    • Learn and try using SQL Website
• Query Selector Injection
  • In MongoDB + NodeJS web apps
    • Query for login details
    • Malicious input
    • {"$gt": “”} will result in true, $gt is a query selector which compares with ""
  • Mitigation
    • Make sure input gets sanitised as string
    • Remove $ and . to prevent query selectors

• CSRF

  • Steps to test for CSRF Guide

• Broken Authentication

  • Steps to test for Broken Authentication Guide

• Apache

  • .htaccess files are configuration files for its directory

• Practice

  • bWAPP, a free and open source deliberately insecure web application Website

• Common python applications pitfalls

  • Article explainling various common python application pitfalls which can be exploited Website

• Common files

  • robots.txt contains information for crawlers to know which files and directories it has permission to check, this could potentially show hidden files
  • sitemap.xml contains infomation about the pages a site has to help search engines crawl and index through the website faster

• AWS configuration flaw

  • Pacu, a web exploitation framework for exploiting configuration flaws in AWS servers GitHub

• Cookie Attack

  • Flask Unsign [Python Tool]](https://pypi.org/project/flask-unsign/)

• Server-side Template Injection (SSTI)

  • Reference GitHub / Translated Version
  • Payload for more languages Website
  • Payload all the things SSTI Github

.