GitBook: [master] one page modified
This commit is contained in:
parent
f3258e6ecb
commit
2adf9a38e7
@ -58,13 +58,13 @@ whatweb -a 3 <URL> #Aggresive
|
||||
webtech -u <URL>
|
||||
```
|
||||
|
||||
Search **for** [**vulnerabilities of the web application** **version**](../../search-exploits.md)\*\*\*\*
|
||||
Search **for** [**vulnerabilities of the web application** **version**](../../search-exploits.md)
|
||||
|
||||
**Check if any WAF**
|
||||
|
||||
* \*\*\*\*[**https://github.com/EnableSecurity/wafw00f**](https://github.com/EnableSecurity/wafw00f)\*\*\*\*
|
||||
* \*\*\*\*[**https://github.com/Ekultek/WhatWaf.git**](https://github.com/Ekultek/WhatWaf.git)\*\*\*\*
|
||||
* \*\*\*\*[**https://nmap.org/nsedoc/scripts/http-waf-detect.html**](https://nmap.org/nsedoc/scripts/http-waf-detect.html)\*\*\*\*
|
||||
* [**https://github.com/EnableSecurity/wafw00f**](https://github.com/EnableSecurity/wafw00f)
|
||||
* [**https://github.com/Ekultek/WhatWaf.git**](https://github.com/Ekultek/WhatWaf.git)
|
||||
* [**https://nmap.org/nsedoc/scripts/http-waf-detect.html**](https://nmap.org/nsedoc/scripts/http-waf-detect.html)
|
||||
|
||||
### **Cookies**
|
||||
|
||||
@ -75,22 +75,22 @@ Also, the [**flags of the cookies**](../../pentesting-web/hacking-with-cookies.m
|
||||
|
||||
Some **tricks** for **finding vulnerabilities** in different well known **technologies** being used:
|
||||
|
||||
* [**IIS tricks**](iis-internet-information-services.md)\*\*\*\*
|
||||
* [**PHP \(php has a lot of interesting tricks that could be exploited\)**](php-tricks-esp/)\*\*\*\*
|
||||
* \*\*\*\*[**Nginx**](nginx.md)\*\*\*\*
|
||||
* \*\*\*\*[**Python**](python.md)\*\*\*\*
|
||||
* \*\*\*\*[**Flask**](flask.md)\*\*\*\*
|
||||
* \*\*\*\*[**WebDav**](put-method-webdav.md)\*\*\*\*
|
||||
* \*\*\*\*[**CGI**](cgi.md)\*\*\*\*
|
||||
* [**Tomcat**](tomcat.md)\*\*\*\*
|
||||
* \*\*\*\*[**Jenkins**](jenkins.md)\*\*\*\*
|
||||
* \*\*\*\*[**JBOSS**](jboss.md)\*\*\*\*
|
||||
* \*\*\*\*[**JIRA**](jira.md)
|
||||
* [**JSP**](jsp.md)\*\*\*\*
|
||||
* \*\*\*\*[**Wordpress**](wordpress.md)\*\*\*\*
|
||||
* \*\*\*\*[**Drupal**](drupal.md)\*\*\*\*
|
||||
* \*\*\*\*[**VMWare \(EXS, VCenter...\)**](vmware-esx-vcenter....md)\*\*\*\*
|
||||
* \*\*\*\*[**GraphQL**](graphql.md)\*\*\*\*
|
||||
* [**IIS tricks**](iis-internet-information-services.md)
|
||||
* [**PHP \(php has a lot of interesting tricks that could be exploited**](php-tricks-esp/)
|
||||
* [**Nginx**](nginx.md)
|
||||
* [**Python**](python.md)
|
||||
* [**Flask**](flask.md)
|
||||
* [**WebDav**](put-method-webdav.md)
|
||||
* [**CGI**](cgi.md)
|
||||
* [**Tomcat**](tomcat.md)
|
||||
* [**Jenkins**](jenkins.md)
|
||||
* [**JBOSS**](jboss.md)
|
||||
* [**JIRA**](jira.md)
|
||||
* [**JSP**](jsp.md)
|
||||
* [**Wordpress**](wordpress.md)
|
||||
* [**Drupal**](drupal.md)
|
||||
* [**VMWare \(EXS, VCenter**](vmware-esx-vcenter....md)
|
||||
* [**GraphQL**](graphql.md)
|
||||
|
||||
If the **source code** of the application is available in **github**, apart of performing by **your own a White box test** of the application \(no guide available yet in hacktricks\) there is **some information** that could be **useful** for the current **Black-Box testing**:
|
||||
|
||||
@ -108,10 +108,10 @@ If the web application is using any well known **tech/platform listed before** o
|
||||
|
||||
You should look for these kind of vulnerabilities every time you find a **path** were a **different technology** is **running**. For example, if you find a **java** webapp and in `/wordpress` a **wordpress** is running.
|
||||
|
||||
* [**Abusing hop-by-hop headers**](../../pentesting-web/abusing-hop-by-hop-headers.md)\*\*\*\*
|
||||
* \*\*\*\*[**Request Smuggling**](../../pentesting-web/http-request-smuggling.md)\*\*\*\*
|
||||
* \*\*\*\*[**Cache Poisoning / Cache Deception**](../../pentesting-web/cache-deception.md)\*\*\*\*
|
||||
* \*\*\*\*[**Uncovering CloudFlare**](uncovering-cloudflare.md)\*\*\*\*
|
||||
* [**Abusing hop-by-hop headers**](../../pentesting-web/abusing-hop-by-hop-headers.md)
|
||||
* [**Request Smuggling**](../../pentesting-web/http-request-smuggling.md)
|
||||
* [**Cache Poisoning / Cache Deception**](../../pentesting-web/cache-deception.md)
|
||||
* [**Uncovering CloudFlare**](uncovering-cloudflare.md)
|
||||
|
||||
## Automatic scanners
|
||||
|
||||
@ -132,7 +132,7 @@ If a CMS is used don't forget to **run a scanner**, maybe something juicy is fou
|
||||
[**CMSScan**](https://github.com/ajinabraham/CMSScan): [**WordPress**](wordpress.md), [**Drupal**](drupal.md), **Joomla**, **vBulletin** websites for Security issues. \(GUI\)
|
||||
[**VulnX**](https://github.com/anouarbensaad/vulnx)**: Joomla,** [**Wordpress**](wordpress.md)**,** [**Drupal**](drupal.md)**, PrestaShop, Opencart
|
||||
CMSMap**: [**\(W\)ordpress**](wordpress.md)**, \(J\)oomla,** [**\(D\)rupal**](drupal.md) **or \(M\)oodle**
|
||||
[**droopscan**](https://github.com/droope/droopescan)**:** [**Drupal**](drupal.md)**, Joomla, Moodle, Silverstripe,** [**Wordpress**](wordpress.md)\*\*\*\*
|
||||
[**droopscan**](https://github.com/droope/droopescan)**:** [**Drupal**](drupal.md)**, Joomla, Moodle, Silverstripe,** [**Wordpress**](wordpress.md)
|
||||
|
||||
```bash
|
||||
cmsmap [-f W] -F -d <URL>
|
||||
@ -184,15 +184,15 @@ Information about SSL/TLS vulnerabilities:
|
||||
|
||||
Launch some kind of **spider** inside the web. The goal of the spider is to **find as much paths as possible** from the tested application. Therefore, web crawling and external sources should be used to find as much valid paths as possible.
|
||||
|
||||
* [**gospider**](https://github.com/jaeles-project/gospider) **\(go\):** HTML spider, LinkFinder in JS files and external sources \(Archive.org, CommonCrawl.org, VirusTotal.com, AlienVault.com\).
|
||||
* [**hakrawler**](https://github.com/hakluke/hakrawler) _\*\*_\(go\): HML spider, with LinkFider for JS files and Archive.org as external source.
|
||||
* [**dirhunt**](https://github.com/Nekmo/dirhunt) _\*\*_\(python\): HTML spider, also indicates "juicy files".
|
||||
* [**gospider**](https://github.com/jaeles-project/gospider) \(go\): ****HTML spider, LinkFinder in JS files and external sources \(Archive.org, CommonCrawl.org, VirusTotal.com, AlienVault.com\).
|
||||
* [**hakrawler**](https://github.com/hakluke/hakrawler) \(go\): HML spider, with LinkFider for JS files and Archive.org as external source.
|
||||
* [**dirhunt**](https://github.com/Nekmo/dirhunt) \(python\): HTML spider, also indicates "juicy files".
|
||||
* [**evine** ](https://github.com/saeeddhqan/evine)\(go\): Interactive CLI HTML spider. It also searches in Archive.org
|
||||
* \*\*\*\*[**meg**](https://github.com/tomnomnom/meg) \(go\): This tool isn't a spider but it can be useful. You can just indicate a file with hosts and a file with paths and meg will fetch each path on each host and save the response.
|
||||
* \*\*\*\*[**urlgrab**](https://github.com/IAmStoxe/urlgrab) \(go\): HTML spider with JS rendering capabilities. However, it looks like it's unmaintained, the precompiled version is old and the current code doesn't compile
|
||||
* [**gau**](https://github.com/lc/gau) _\*\*_\(go\): HTML spider that uses external providers \(wayback, otx, commoncrawl\)
|
||||
* [**meg**](https://github.com/tomnomnom/meg) \(go\): This tool isn't a spider but it can be useful. You can just indicate a file with hosts and a file with paths and meg will fetch each path on each host and save the response.
|
||||
* [**urlgrab**](https://github.com/IAmStoxe/urlgrab) \(go\): HTML spider with JS rendering capabilities. However, it looks like it's unmaintained, the precompiled version is old and the current code doesn't compile
|
||||
* [**gau**](https://github.com/lc/gau) go\): HTML spider that uses external providers \(wayback, otx, commoncrawl\)
|
||||
* [**ParamSpider**](https://github.com/devanshbatham/ParamSpider): This script will find URLs with parameter and will list them.
|
||||
* \*\*\*\*[**galer**](https://github.com/dwisiswant0/galer) \(go\): HTML spider with JS rendering capabilities.
|
||||
* [**galer**](https://github.com/dwisiswant0/galer) \(go\): HTML spider with JS rendering capabilities.
|
||||
|
||||
### Brute Force directories and files
|
||||
|
||||
@ -200,7 +200,7 @@ Start **brute-forcing** from the root folder and be sure to brute-force **all**
|
||||
Tools:
|
||||
|
||||
* **Dirb** / **Dirbuster** - Included in Kali, **old** \(and **slow**\) but functional. Allow auto-signed certificates and recursive search. Too slow compared with th other options.
|
||||
* [**Dirsearch**](https://github.com/maurosoria/dirsearch) **\*\*\(python\): It doesn't allow auto-signed certificates but** allows recursive\*\* search.
|
||||
* [**Dirsearch**](https://github.com/maurosoria/dirsearch) \(python\)**: It doesn't allow auto-signed certificates but** allows recursive search.
|
||||
* [**Gobuster**](https://github.com/OJ/gobuster) \(go\): It allows auto-signed certificates, it **doesn't** have **recursive** search.
|
||||
* [**Feroxbuster**](https://github.com/epi052/feroxbuster) **- Fast, supports recursive search.**
|
||||
* [**wfuzz**](https://github.com/xmendez/wfuzz) `wfuzz -w /usr/share/seclists/Discovery/Web-Content/raft-medium-directories.txt https://domain.com/api/FUZZ`
|
||||
@ -208,9 +208,9 @@ Tools:
|
||||
|
||||
**Recommended dictionaries:**
|
||||
|
||||
* \*\*\*\*[https://github.com/danielmiessler/RobotsDisallowed](https://github.com/danielmiessler/RobotsDisallowed) \(Very interesting\)
|
||||
* [https://github.com/danielmiessler/RobotsDisallowed](https://github.com/danielmiessler/RobotsDisallowed) \(Very interesting\)
|
||||
* [**Seclists**](https://github.com/danielmiessler/SecLists)
|
||||
* [**Dirsearch**](https://github.com/maurosoria/dirsearch) _\*\*_included dictionary
|
||||
* [**Dirsearch**](https://github.com/maurosoria/dirsearch) included dictionary
|
||||
* [http://gist.github.com/jhaddix/b80ea67d85c13206125806f0828f4d10](http://gist.github.com/jhaddix/b80ea67d85c13206125806f0828f4d10)
|
||||
* [Assetnote wordlists](https://wordlists.assetnote.io/)
|
||||
* _/usr/share/wordlists/dirb/common.txt_
|
||||
@ -221,12 +221,12 @@ _Note that anytime a new directory is discovered during brute-forcing or spideri
|
||||
|
||||
### What to check on each file found
|
||||
|
||||
* \*\*\*\*[**Broken link checker**](https://github.com/stevenvachon/broken-link-checker): Find broken links inside HTMLs that may be prone to takeovers
|
||||
* [**Broken link checker**](https://github.com/stevenvachon/broken-link-checker): Find broken links inside HTMLs that may be prone to takeovers
|
||||
* **File Backups**: Once you have found all the files, look for backups of all the executable files \("_.php_", "_.aspx_"...\). Common variations for naming a backup are: _file.ext~, \#file.ext\#, ~file.ext, file.ext.bak, file.ext.tmp, file.ext.old, file.bak, file.tmp and file.old_
|
||||
* **Discover new parameters**: You can use tools like **\*\*\[**Arjun**\]\(**[https://github.com/s0md3v/Arjun](https://github.com/s0md3v/Arjun)**\)** and **\[**Parameth**\]\(**[https://github.com/maK-/parameth](https://github.com/maK-/parameth)**\) to discover hidden parameters. If you can, you could try to search** hidden parameters\*\* on each executable web file.
|
||||
* **Discover new parameters**: You can use tools like [Arjun](https://github.com/s0md3v/Arjun) ****and ****[parameth](https://github.com/maK-/parameth) **to discover hidden parameters. If you can, you could try to search** hidden parameters on each executable web file.
|
||||
* **Comments:** Check the comments of all the files, you can find **credentials** or **hidden functionality**.
|
||||
* If you are playing **CTF**, a "common" trick is to **hide** **information** inside comments at the **right** of the **page** \(using **hundreds** of **spaces** so you don't see the data if you open the source code with the browser\). Other possibility is to use **several new lines** and **hide information** in a comment at the **bottom** of the web page.
|
||||
* **API keys**: If you **find any API key** there is guide that indicates how to use API keys of different platforms: **\*\*\[**keyhacks**\]\(**[https://github.com/streaak/keyhacks](https://github.com/streaak/keyhacks)**\)**, **\[**zile**\]\(**[https://github.com/xyele/zile.git](https://github.com/xyele/zile.git)**\)**, **\[**truffleHog**\]\(**[https://github.com/dxa4481/truffleHog/](https://github.com/dxa4481/truffleHog/)**\)**, **\[**SecretFinder**\]\(**[https://github.com/m4ll0k/SecretFinder](https://github.com/m4ll0k/SecretFinder)**\)**, **\[**RegHex_\*\]\(_[https://github.com/l4yton/RegHex\)\](https://github.com/l4yton/RegHex%29\)\*\*\*
|
||||
* **API keys**: If you **find any API key** there is guide that indicates how to use API keys of different platforms: [keyhacks](https://github.com/streaak/keyhacks), ****[zile](https://github.com/xyele/zile.git), ****[truffleHog](https://github.com/dxa4481/truffleHog/), [SecretFinder](https://github.com/m4ll0k/SecretFinder), [RegHex](https://github.com/l4yton/RegHex%29\)
|
||||
* **S3 Buckets**: While spidering look if any **subdomain** or any **link** is related with some **S3 bucket**. In that case, [**check** the **permissions** of the bucket](buckets/).
|
||||
|
||||
### Special findings
|
||||
@ -244,7 +244,7 @@ _Note that anytime a new directory is discovered during brute-forcing or spideri
|
||||
The **JS code** of a web application can be really interesting: It could contain **API keys**, **credentials**, other **endpoints**, and understanding it you could be able to **bypass security measures**.
|
||||
It could be also very useful to **parse** the **JS files** in order to search for other **endpoints:** [**LinkFinder**](https://github.com/GerbenJavado/LinkFinder)**,** [**JSScanner**](https://github.com/dark-warlord14/JSScanner) **\(wrap of LinkFinder\),** [**JSParser**](https://github.com/nahamsec/JSParser)**,** [**relative-url-extractor**](https://github.com/jobertabma/relative-url-extractor)**.**
|
||||
Another interesting approach could be **monitoring the JS files** with a tool like [**JSMon**](https://github.com/robre/jsmon) that checks for changes.
|
||||
You should also **check** if the application is using any **outdated** and **vulnerable javascript library** with: [**RetireJS**](https://github.com/retirejs/retire.js/)\*\*\*\*
|
||||
You should also **check** if the application is using any **outdated** and **vulnerable javascript library** with: [**RetireJS**](https://github.com/retirejs/retire.js/)
|
||||
|
||||
If the **javascript** code is **obfuscated**, these tools could be useful:
|
||||
|
||||
@ -308,7 +308,7 @@ In several occasions you will need to **understand regular expressions** used, t
|
||||
|
||||
#### 502 Proxy Error
|
||||
|
||||
If any page **responds** with that **code**, it's probably a **bad configured proxy**. **\*\*If you send a HTTP request like: `GET https://google.com HTTP/1.1` \(with the host header and other common headers\), the** proxy **will try to** access **\_**google.com**\_ and you will have found a** SSRF\*\*.
|
||||
If any page **responds** with that **code**, it's probably a **bad configured proxy**. **If you send a HTTP request like: `GET https://google.com HTTP/1.1` \(with the host header and other common headers\), the** proxy **will try to** access **\_**google.com**\_ and you will have found a** SSRF.
|
||||
|
||||
#### **NTLM Authentication - Info disclosure**
|
||||
|
||||
@ -338,53 +338,53 @@ If you find a login page, here you can find some techniques to try to bypass it:
|
||||
|
||||
You should also check for:
|
||||
|
||||
* [**SQL Injection authentication bypass**](../../pentesting-web/sql-injection/#authentication-bypass)\*\*\*\*
|
||||
* \*\*\*\*[**NoSQL Injection**](../../pentesting-web/nosql-injection.md)\*\*\*\*
|
||||
* \*\*\*\*[**XPath Injection**](../../pentesting-web/xpath-injection.md)\*\*\*\*
|
||||
* \*\*\*\*[**LDAP Injection**](../../pentesting-web/ldap-injection.md)\*\*\*\*
|
||||
* [**SQL Injection authentication bypass**](../../pentesting-web/sql-injection/#authentication-bypass)
|
||||
* [**NoSQL Injection**](../../pentesting-web/nosql-injection.md)
|
||||
* [**XPath Injection**](../../pentesting-web/xpath-injection.md)
|
||||
* [**LDAP Injection**](../../pentesting-web/ldap-injection.md)
|
||||
|
||||
### Insert into/Create Object
|
||||
|
||||
Check for **\*\*\[**SQL INSERT INTO Injections._\*\]\(../../pentesting-web/sql-injection/\#insert-statement\)\_\*\*\*
|
||||
Check for [SQL INSERT INTO Injections](../../pentesting-web/sql-injection/#insert-statement)
|
||||
|
||||
### **Upload Files**
|
||||
|
||||
Check for this vulnerabilities:
|
||||
|
||||
* \*\*\*\*[**File Upload**](../../pentesting-web/file-upload/)\*\*\*\*
|
||||
* [**File Upload**](../../pentesting-web/file-upload/)
|
||||
|
||||
## **User input Web Vulnerabilities list**
|
||||
|
||||
* \*\*\*\*[**2FA Bypass**](../../pentesting-web/2fa-bypass.md)\*\*\*\*
|
||||
* \*\*\*\*[**Captcha Bypass**](../../pentesting-web/captcha-bypass.md)\*\*\*\*
|
||||
* \*\*\*\*[**Clickjacking**](../../pentesting-web/clickjacking.md)\*\*\*\*
|
||||
* \*\*\*\*[**Client Side Template Injection \(CSTI\)**](../../pentesting-web/client-side-template-injection-csti.md)\*\*\*\*
|
||||
* \*\*\*\*[**Command Injection**](../../pentesting-web/command-injection.md)\*\*\*\*
|
||||
* \*\*\*\*[**Content Security Policy \(CSP\) Bypass**](../../pentesting-web/content-security-policy-csp-bypass.md)\*\*\*\*
|
||||
* \*\*\*\*[**Cookies Hacking**](../../pentesting-web/hacking-with-cookies.md)\*\*\*\*
|
||||
* \*\*\*\*[**CORS - Misconfigurations & Bypass**](../../pentesting-web/cors-bypass.md)\*\*\*\*
|
||||
* \*\*\*\*[**CRLF Injection**](../../pentesting-web/crlf-0d-0a.md)\*\*\*\*
|
||||
* \*\*\*\*[**CSRF \(Cross Site Request Forgery\)**](../../pentesting-web/csrf-cross-site-request-forgery.md)\*\*\*\*
|
||||
* \*\*\*\*[**Dangling Markup - HTML scriptless injection**](../../pentesting-web/dangling-markup-html-scriptless-injection.md)\*\*\*\*
|
||||
* \*\*\*\*[**Deserialization**](../../pentesting-web/deserialization/)\*\*\*\*
|
||||
* \*\*\*\*[**Email Header Injection**](../../pentesting-web/email-header-injection.md)\*\*\*\*
|
||||
* \*\*\*\*[**File Inclusion**](../../pentesting-web/file-inclusion/)\*\*\*\*
|
||||
* \*\*\*\*[**File Upload**](../../pentesting-web/file-upload/)\*\*\*\*
|
||||
* \*\*\*\*[**IDOR**](../../pentesting-web/idor.md)\*\*\*\*
|
||||
* \*\*\*\*[**JWT Vulnerabilities**](../../pentesting-web/hacking-jwt-json-web-tokens.md)\*\*\*\*
|
||||
* \*\*\*\*[**NoSQL Injection**](../../pentesting-web/nosql-injection.md)\*\*\*\*
|
||||
* \*\*\*\*[**LDAP Injection**](../../pentesting-web/ldap-injection.md)\*\*\*\*
|
||||
* \*\*\*\*[**Open Redirect**](../../pentesting-web/open-redirect.md)
|
||||
* [**Race Condition**](../../pentesting-web/race-condition.md)\*\*\*\*
|
||||
* \*\*\*\*[**SQL Injection**](../../pentesting-web/sql-injection/)\*\*\*\*
|
||||
* \*\*\*\*[**SSRF \(Server Side Request Forgery\)**](../../pentesting-web/ssrf-server-side-request-forgery.md)\*\*\*\*
|
||||
* \*\*\*\*[**SSTI \(Server Side Template Injection\)**](../../pentesting-web/ssti-server-side-template-injection.md)\*\*\*\*
|
||||
* \*\*\*\*[**Unicode Normalization vulnerability**](../../pentesting-web/unicode-normalization-vulnerability.md)\*\*\*\*
|
||||
* \*\*\*\*[**XPATH Injection**](../../pentesting-web/xpath-injection.md)\*\*\*\*
|
||||
* \*\*\*\*[**XSLT Server Side Injection**](../../pentesting-web/xslt-server-side-injection-extensible-stylesheet-languaje-transformations.md)\*\*\*\*
|
||||
* \*\*\*\*[**XXE \(XML External Entity\)**](../../pentesting-web/xxe-xee-xml-external-entity.md)\*\*\*\*
|
||||
* \*\*\*\*[**XSS \(Cross Site Scripting\)**](../../pentesting-web/xss-cross-site-scripting/)\*\*\*\*
|
||||
* \*\*\*\*[**XS-Search**](../../pentesting-web/xs-search.md)\*\*\*\*
|
||||
* [**2FA Bypass**](../../pentesting-web/2fa-bypass.md)
|
||||
* [**Captcha Bypass**](../../pentesting-web/captcha-bypass.md)
|
||||
* [**Clickjacking**](../../pentesting-web/clickjacking.md)
|
||||
* [**Client Side Template Injection \(CSTI**](../../pentesting-web/client-side-template-injection-csti.md)
|
||||
* [**Command Injection**](../../pentesting-web/command-injection.md)
|
||||
* [**Content Security Policy \(CSP\) Bypass**](../../pentesting-web/content-security-policy-csp-bypass.md)
|
||||
* [**Cookies Hacking**](../../pentesting-web/hacking-with-cookies.md)
|
||||
* [**CORS - Misconfigurations & Bypass**](../../pentesting-web/cors-bypass.md)
|
||||
* [**CRLF Injection**](../../pentesting-web/crlf-0d-0a.md)
|
||||
* [**CSRF \(Cross Site Request Forgery**](../../pentesting-web/csrf-cross-site-request-forgery.md)
|
||||
* [**Dangling Markup - HTML scriptless injection**](../../pentesting-web/dangling-markup-html-scriptless-injection.md)
|
||||
* [**Deserialization**](../../pentesting-web/deserialization/)
|
||||
* [**Email Header Injection**](../../pentesting-web/email-header-injection.md)
|
||||
* [**File Inclusion**](../../pentesting-web/file-inclusion/)
|
||||
* [**File Upload**](../../pentesting-web/file-upload/)
|
||||
* [**IDOR**](../../pentesting-web/idor.md)
|
||||
* [**JWT Vulnerabilities**](../../pentesting-web/hacking-jwt-json-web-tokens.md)
|
||||
* [**NoSQL Injection**](../../pentesting-web/nosql-injection.md)
|
||||
* [**LDAP Injection**](../../pentesting-web/ldap-injection.md)
|
||||
* [**Open Redirect**](../../pentesting-web/open-redirect.md)
|
||||
* [**Race Condition**](../../pentesting-web/race-condition.md)
|
||||
* [**SQL Injection**](../../pentesting-web/sql-injection/)
|
||||
* [**SSRF \(Server Side Request Forgery**](../../pentesting-web/ssrf-server-side-request-forgery.md)
|
||||
* [**SSTI \(Server Side Template Injection**](../../pentesting-web/ssti-server-side-template-injection.md)
|
||||
* [**Unicode Normalization vulnerability**](../../pentesting-web/unicode-normalization-vulnerability.md)
|
||||
* [**XPATH Injection**](../../pentesting-web/xpath-injection.md)
|
||||
* [**XSLT Server Side Injection**](../../pentesting-web/xslt-server-side-injection-extensible-stylesheet-languaje-transformations.md)
|
||||
* [**XXE \(XML External Entity**](../../pentesting-web/xxe-xee-xml-external-entity.md)
|
||||
* [**XSS \(Cross Site Scripting**](../../pentesting-web/xss-cross-site-scripting/)
|
||||
* [**XS-Search**](../../pentesting-web/xs-search.md)
|
||||
|
||||
**More references** for each Web Vulnerability: [https://cyberzombie.in/bug-bounty-methodology-techniques-tools-procedures/](https://cyberzombie.in/bug-bounty-methodology-techniques-tools-procedures/)
|
||||
**Another checklist**: [https://six2dez.gitbook.io/pentest-book/others/web-checklist](https://six2dez.gitbook.io/pentest-book/others/web-checklist)
|
||||
|
Loading…
Reference in New Issue
Block a user