Web

https://book.hacktricks.xyz/pentesting-web/web-vulnerabilities-methodology

https%3A%2F%2F1517081779-files.gitbook.io%2F~%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FmuMguNrsRx2mNyNqEox4%252Fsocialpreview%252FNtYxX5Um1Ml0KhPq6gZR%252Ffondo.png%3Falt%3Dmedia%26token%3D257c330a-9e87-4c69-bb95-c0b54588ea79

User input

Most of the web applications will allow users to input some data that will be processed later. Depending on the structure of the data the server is expecting some vulnerabilities may or may not apply.

Reflected Values

If the introduced data may somehow be reflected in the response, the page might be vulnerable to several issues.

Some of the mentioned vulnerabilities require special conditions, others just require the content to be reflected. You can find some interesting polygloths to test quickly the vulnerabilities in:

Reflecting Techniques - PoCs and Polygloths CheatSheet

Search functionalities

If the functionality may be used to search some kind of data inside the backend, maybe you can (ab)use it to search arbitrary data.

Forms, WebSockets and PostMsgs

When a websocket posts a message or a form allowing users to perform actions vulnerabilities may arise.

HTTP Headers

Depending on the HTTP headers given by the web server some vulnerabilities might be present.

Bypasses

There are several specific functionalities where some workarounds might be useful to bypass them

Structured objects / Specific functionalities

Some functionalities will require the data to be structured in a very specific format (like a language serialized object or XML). Therefore, it's easier to identify if the application might be vulnerable as it needs to be processing that kind of data. Some specific functionalities may be also vulnerable if a specific format of the input is used (like Email Header Injections).

Files

Functionalities that allow uploading files might be vulnerable to several issues. Functionalities that generate files including user input might execute unexpected code. Users that open files uploaded by users or automatically generated including user input might be compromised.

External Identity Management

Other Helpful Vulnerabilities

These vulnerabilities might help to exploit other vulnerabilities.

Last updated