GitBook: [master] one page modified
This commit is contained in:
parent
17b7f4d0da
commit
d405732c50
@ -28,6 +28,15 @@ You could **replace** the **`album_id`** parameter with something completely dif
|
|||||||
|
|
||||||
/api/account?**id=<your account id>** → /api/account?**id=<your account id>&id=<admin's account id>**
|
/api/account?**id=<your account id>** → /api/account?**id=<your account id>&id=<admin's account id>**
|
||||||
|
|
||||||
|
### Wildcard parameter
|
||||||
|
|
||||||
|
Try to use the following symbols as wildcards: **\***, **%**, **\_**, **.**
|
||||||
|
|
||||||
|
* /api/users/\*
|
||||||
|
* /api/users/%
|
||||||
|
* /api/users/\_
|
||||||
|
* /api/users/.
|
||||||
|
|
||||||
### HTTP requet method change
|
### HTTP requet method change
|
||||||
|
|
||||||
You can try to use the HTTP methods: **GET, POST, PUT, DELETE, PATCH, INVENTED** to try check if the web server gives you unexpected information with them.
|
You can try to use the HTTP methods: **GET, POST, PUT, DELETE, PATCH, INVENTED** to try check if the web server gives you unexpected information with them.
|
||||||
@ -40,6 +49,25 @@ Try to play between the following content-types \(bodifying acordinly the reques
|
|||||||
* **application/xml** --> <user>test</user>
|
* **application/xml** --> <user>test</user>
|
||||||
* **application/json** --> {"user": "test"}
|
* **application/json** --> {"user": "test"}
|
||||||
|
|
||||||
|
### Parameters types
|
||||||
|
|
||||||
|
If **JSON** data is working try so send unexpected data types like:
|
||||||
|
|
||||||
|
* {"username": "John"}
|
||||||
|
* {"username": true}
|
||||||
|
* {"username": 1}
|
||||||
|
* {"username": \[true\]}
|
||||||
|
* {"username": \["John", true\]}
|
||||||
|
* {"username": {"$neq": "lalala"}}
|
||||||
|
* any other combination you may imagine
|
||||||
|
|
||||||
|
If you can send **XML** data, check for [XXE injections](../../pentesting-web/xxe-xee-xml-external-entity.md).
|
||||||
|
|
||||||
|
If you send regular POST data, try to send arrays and dictionaries:
|
||||||
|
|
||||||
|
* username\[\]=John
|
||||||
|
* username\[$neq\]=lalala
|
||||||
|
|
||||||
### Play with routes
|
### Play with routes
|
||||||
|
|
||||||
`/files/..%2f..%2f + victim ID + %2f + victim filename`
|
`/files/..%2f..%2f + victim ID + %2f + victim filename`
|
||||||
|
Loading…
Reference in New Issue
Block a user