Exploitation - Overview

Once the mapping, and some basic functional analysis, of the web application have been conducted, the next step is to identify as much vulnerabilities as possible. Summary of the vulnerabilities impacting web applications:

ComponentPossible vulnerabilities

HTTP stack

Information leakage through HTTP headers or error message Supports of unnecessary HTTP methods HTTP headers misconfiguration /cgi-bin Shellshock

Clear text communications

Transmission of credentials and sensitive data Session hijacking

SSL/TLS configuration

Use of an invalid certificate Supports of insecure encryption protocols or algorithms

Third-party components

Use of unsecure default configuration CVE & public exploits

Client-side validation

Absence of replicated checks server side


Username enumeration Weak password policy Absence of brute force protection mechanisms Desin flaws of auxiliary functionalities


Predictable tokens Insecure handling of tokens

Access control

Horizontal partitioning bypass Vertical privilege escalation

Business logic

Absence of business validation on data input Business flaw and vulnerability by design Absence of anti Cross Site Request Forgery token on core business functionality

User-supplied data

Cross-site scripting SQL injection LDAP injection Template injection OS code injection


XML Injection XML External Entities (XXE)

File download

Path traversal Local and remote file inclusion

File upload

Shell/reverse shell upload Malicious file upload

Native code interaction

Buffer overflows

Dynamic redirects

Redirection and header injection attacks

Off-site links & API

Communication of sensible or tracking information Leak of query string parameters in the Referer header


The Web Application Hacker's Handbook Finding and Exploiting Security Flaws, 2nd Edition Dafydd Stuttard, Marcus Pinto - ISBN: 978-1-118-02647-2


Jdow.io - Web Application Penetration Testing Cheat Sheet

Anant Shrivastava - Web Application finger printing

Last updated