# Exploitation - Overview

***

Once the mapping, and some basic functional analysis, of the web application have been conducted, the next step is to identify as much vulnerabilities as possible.\
\
Summary of the vulnerabilities impacting web applications:

| Component                 | Possible vulnerabilities                                                                                                                                                            |
| ------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| HTTP stack                | <p>Information leakage through HTTP headers or error message<br>Supports of unnecessary HTTP methods<br>HTTP headers misconfiguration<br>/cgi-bin Shellshock</p>                    |
| Clear text communications | <p>Transmission of credentials and sensitive data<br>Session hijacking</p>                                                                                                          |
| SSL/TLS configuration     | <p>Use of an invalid certificate<br>Supports of insecure encryption protocols or algorithms</p>                                                                                     |
| Third-party components    | <p>Use of unsecure default configuration<br>CVE & public exploits</p>                                                                                                               |
| Client-side validation    | Absence of replicated checks server side                                                                                                                                            |
| Authentication            | <p>Username enumeration<br>Weak password policy<br>Absence of brute force protection mechanisms<br>Desin flaws of auxiliary functionalities</p>                                     |
| Session                   | <p>Predictable tokens<br>Insecure handling of tokens</p>                                                                                                                            |
| Access control            | <p>Horizontal partitioning bypass<br>Vertical privilege escalation</p>                                                                                                              |
| Business logic            | <p>Absence of business validation on data input<br>Business flaw and vulnerability by design<br>Absence of anti Cross Site Request Forgery token on core business functionality</p> |
| User-supplied data        | <p>Cross-site scripting<br>SQL injection<br>LDAP injection<br>Template injection<br>OS code injection<br></p>                                                                       |
| XML                       | <p>XML Injection<br>XML External Entities (XXE)</p>                                                                                                                                 |
| File download             | <p>Path traversal<br>Local and remote file inclusion<br></p>                                                                                                                        |
| File upload               | <p>Shell/reverse shell upload<br>Malicious file upload</p>                                                                                                                          |
| Native code interaction   | Buffer overflows                                                                                                                                                                    |
| Dynamic redirects         | Redirection and header injection attacks                                                                                                                                            |
| Off-site links & API      | <p>Communication of sensible or tracking information<br>Leak of query string parameters in the Referer header</p>                                                                   |

***

### References

**The Web Application Hacker's Handbook** Finding and Exploiting Security Flaws, 2nd Edition Dafydd Stuttard, Marcus Pinto - ISBN: 978-1-118-02647-2

[OWASP](https://www.owasp.org)

[Jdow.io - Web Application Penetration Testing Cheat Sheet](https://jdow.io/blog/2018/03/18/web-application-penetration-testing-methodology/)

[Anant Shrivastava - Web Application finger printing](https://anantshri.info/articles/web_app_finger_printing.html)