Skip to content

Commit

Permalink
GitBook: [master] one page modified
Browse files Browse the repository at this point in the history
  • Loading branch information
carlospolop authored and gitbook-bot committed Sep 21, 2020
1 parent 0f8cae6 commit 3afbd00
Showing 1 changed file with 11 additions and 0 deletions.
11 changes: 11 additions & 0 deletions pentesting/pentesting-web/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -252,10 +252,21 @@ In several occasions you will need to **understand regular expressions** used, t
* Try Unicode bypass: _/**%ef%bc%8f**path_ \(The URL encoded chars are like "/"\) so when encoded back it will be _//path_ and maybe you will have already bypassed the _/path_ name check
* **Other path bypasses**:
* site.com/secret –> HTTP 403 Forbidden
* site.com/SECRET –> HTTP 200 OK
* site.com/secret/ –> HTTP 200 OK
* site.com/secret/. –> HTTP 200 OK
* site.com//secret// –> HTTP 200 OK
* site.com/./secret/.. –> HTTP 200 OK
* site.com/secret.json –> HTTP 200 OK \(ruby\)
* **Other bypasses:**
* /v3/users\_data/1234 --> 403 Forbidden
* /v1/users\_data/1234 --> 200 OK
* {“id”:111} --> 401 Unauthriozied
* {“id”:\[111\]} --> 200 OK
* {“id”:111} --> 401 Unauthriozied
* {“id”:{“id”:111}} --> 200 OK
* {"user\_id":"<legit\_id>","user\_id":"<victims\_id>"} \(JSON Parameter Pollution\)
* user\_id=ATTACKER\_ID&user\_id=VICTIM\_ID \(Parameter Pollution\)
* Go to [https://archive.org/web/](https://archive.org/web/) and check if in the past that file was **worldwide accessible**.
* **Fuzz the page**: Try using HTTP Proxy **Headers**, HTTP Authentication Basic and NTLM brute-force \(with a few combinations only\) and other techniques. To do all of this I have created the tool [**fuzzhttpbypass**](https://github.com/carlospolop/fuzzhttpbypass).
* `X-Originating-IP: 127.0.0.1`
Expand Down

0 comments on commit 3afbd00

Please sign in to comment.