Exploitation - Overview
Once the mapping, and some basic functional analysis, of the web application have been conducted, the next step is to identify as much vulnerabilities as possible. Summary of the vulnerabilities impacting web applications:
HTTP stack
Information leakage through HTTP headers or error message Supports of unnecessary HTTP methods HTTP headers misconfiguration /cgi-bin Shellshock
Clear text communications
Transmission of credentials and sensitive data Session hijacking
SSL/TLS configuration
Use of an invalid certificate Supports of insecure encryption protocols or algorithms
Third-party components
Use of unsecure default configuration CVE & public exploits
Client-side validation
Absence of replicated checks server side
Authentication
Username enumeration Weak password policy Absence of brute force protection mechanisms Desin flaws of auxiliary functionalities
Session
Predictable tokens Insecure handling of tokens
Access control
Horizontal partitioning bypass Vertical privilege escalation
Business logic
Absence of business validation on data input Business flaw and vulnerability by design Absence of anti Cross Site Request Forgery token on core business functionality
User-supplied data
Cross-site scripting SQL injection LDAP injection Template injection OS code injection
XML
XML Injection XML External Entities (XXE)
File download
Path traversal Local and remote file inclusion
File upload
Shell/reverse shell upload Malicious file upload
Native code interaction
Buffer overflows
Dynamic redirects
Redirection and header injection attacks
Off-site links & API
Communication of sensible or tracking information Leak of query string parameters in the Referer header
References
The Web Application Hacker's Handbook Finding and Exploiting Security Flaws, 2nd Edition Dafydd Stuttard, Marcus Pinto - ISBN: 978-1-118-02647-2
Last updated