Web Application Exploitation
First things first, two good resources for webapp pentest.
The Web Application Hacker’s Handbook
SQL Injection (SQLi)
TODO
Read more about SQL database, how it works, commands, common and advanced vulns and explolits. For advanced ones, blind SQLi is something I have read for sure.
Crosssite Scripting (XSS)
The author talks about XSS attack with BeEF framework. And a little bit of code obfuscation because there exists something called filters.
The recommended link is to a active XSS thread where people post XSS exploit findings.
And, below is the cheatsheet from OWSAP on XSS. If you have identified an XSS vulnerability, don’t forget to check this out.
Cross-site Request Forgery (CSRF)
The steps to confirm that a request can be vulnerable to CSRF:
- tool required - Burp Suite
- make a request to the target site, most case should be a post request
- send the reuqest to
Repeater - click
goand send a same request to the target site - if the response is with status code
200 - CSRF confirmed
Session Token Entropy
Entropy here means randomness. It is used to judge if a session token is secure enough.
Determine the entropy of a site’s session token:
- tool required - Burp Suite
- make a reuqest to the site
- in history tab, send the raw response to
Sequencer - pick the token that you are interested in
- click
Start live capture - results will be shown in a new window
It is hard to determine if a session token is well randomized. Sometimes, going over the source code is also needed to aid the process.
Fuzzing/Input validation
Here the author talks about the use of the Intruder function of Burp Suite. Nothing fancy. But have to remember this feature when it comes to fuzzing or bute forcing sutff.
Business Logic
Basic tests for business logic. So I directly quote the author
- Testing that users aren’t able to see other user’s sensitive data.
- Regular users can’t access administrative pages.
- Users can’t change data values of other users.
- Workflows cannot be modified outside their intended flow.
Summary
For webapp testing, the ultimate guide is OWSAP Guide for WebApp Testing.
438
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
