Mbinu za Udhaifu za Web

Reading time: 5 minutes

Kila Web Pentest, kuna sehemu nyingi zilizofichwa na zilizo wazi ambazo zinaweza kuwa hatarini. Chapisho hili ni orodha ya ukaguzi ili kuthibitisha kuwa umetafuta udhaifu katika maeneo yote yanayoweza.

Proxies

• Abusing hop-by-hop headers
• Cache Poisoning/Cache Deception
• HTTP Request Smuggling
• H2C Smuggling
• Server Side Inclusion/Edge Side Inclusion
• Uncovering Cloudflare
• XSLT Server Side Injection
• Proxy / WAF Protections Bypass

User input

Reflected Values

Ikiwa data iliyowekwa inaweza kwa namna fulani kurejeshwa katika jibu, ukurasa unaweza kuwa hatarini kwa masuala kadhaa.

• Client Side Template Injection
• Command Injection
• CRLF
• Dangling Markup
• File Inclusion/Path Traversal
• Open Redirect
• Prototype Pollution to XSS
• Server Side Inclusion/Edge Side Inclusion
• Server Side Request Forgery
• Server Side Template Injection
• Reverse Tab Nabbing
• XSLT Server Side Injection
• XSS
• XSSI
• XS-Search

Baadhi ya udhaifu zilizotajwa zinahitaji masharti maalum, nyingine zinahitaji tu yaliyomo kurejeshwa. Unaweza kupata polygloths kadhaa zenye kuvutia za kujaribu haraka udhaifu katika:

Reflecting Techniques - PoCs and Polygloths CheatSheet

Search functionalities

Ikiwa kazi inaweza kutumika kutafuta aina fulani ya data ndani ya backend, labda unaweza (ab)use ili kutafuta data yoyote.

• File Inclusion/Path Traversal
• NoSQL Injection
• LDAP Injection
• ReDoS
• SQL Injection
• XPATH Injection

Forms, WebSockets and PostMsgs

Wakati websocket inatuma ujumbe au fomu inayoiruhusu watumiaji kufanya vitendo, udhaifu unaweza kutokea.

• Cross Site Request Forgery
• Cross-site WebSocket hijacking (CSWSH)
• PostMessage Vulnerabilities

HTTP Headers

Kulingana na HTTP headers zinazotolewa na web server, baadhi ya udhaifu yanaweza kuwepo.

• Clickjacking
• Content Security Policy bypass
• Cookies Hacking
• CORS - Misconfigurations & Bypass

Bypasses

Kuna kazi maalum kadhaa ambapo mbinu za kumzunguka zinaweza kuwa muhimu.

• 2FA/OTP Bypass
• Bypass Payment Process
• Captcha Bypass
• Login Bypass
• Race Condition
• Rate Limit Bypass
• Reset Forgotten Password Bypass
• Registration Vulnerabilities

Structured objects / Specific functionalities

Baadhi ya kazi zinahitaji data kuwa imepangwa kwa muundo maalum sana (kama object iliyoseriwaliwa ya lugha fulani au XML). Kwa hiyo, ni rahisi kugundua kama programu inaweza kuwa hatarini kwani inahitaji kusindika aina hiyo ya data.
Baadhi ya kazi maalum pia zinaweza kuwa hatarini ikiwa muundo maalum wa input utatumika (kama Email Header Injections).

• Deserialization
• Email Header Injection
• JWT Vulnerabilities
• XML External Entity
• GraphQL Attacks
• gRPC-Web Attacks

Files

Kazi zinazoruhusu kupakia faili zinaweza kuwa hatarini kwa masuala mbalimbali.
Kazi zinazotengeneza faili zikiwemo input ya mtumiaji zinaweza kutekeleza msimbo usiotarajiwa.
Watumiaji wanaofungua faili zilizopakiwa na watumiaji wengine au zilizotengenezwa kiotomatiki zikiwemo input ya mtumiaji wanaweza kuathiriwa.

• File Upload
• Formula Injection
• PDF Injection
• Server Side XSS

External Identity Management

• OAUTH to Account takeover
• SAML Attacks

Other Helpful Vulnerabilities

Udhaifu hizi zinaweza kusaidia kuendesha udhaifu mwingine.

• Domain/Subdomain takeover
• IDOR
• Mass Assignment (CWE-915)
• Parameter Pollution
• Unicode Normalization vulnerability