⌘Ctrlk

0xPThree.gitbook.io

- Ports
  21 - FTP
  22 - SSH
  23 - Telnet
  25, 465, 587 - SMTP(S)
  53 - DNS
  80, 443 - HTTP(S)
  Frameworks
  Fuzzing
  Grafana
  Languages
  WebDAV
  Web Vulnerabilities
  CloudFlare Bypass
  Command Injection
  CSTI
  File Inclusion/Path Traversal
  SQL Injection
  SSI
  SSTI
  Upload bypass
  XLST
  XML Injection
  88 - Kerberos
  135, 593 - MSRPC
  139, 445 - SMB
  161, 162, 10161, 10162 - SNMP
  1433, 3306 - SQL
  2049 - NFS
  2375 - Docker
- Python
- Firmware
- JTAG
- SPI
- UART
- USB
- MSSQL
TODO

Powered by GitBook

Proxies
User input
Reflected Values
Search functionalities
Forms, WebSockets and PostMsgs
HTTP Headers
Bypasses
Structured objects / Specific functionalities
Files
External Identity Management
Other Helpful Vulnerabilities

Network Services
Ports
80, 443 - HTTP(S)

Web Vulnerabilities

Proxies

Server Side Inclusion
Cloudflare Bypass
XSLT Server Side Injection

User input

Reflected Values

If the introduced data may somehow be reflected in the response, the page might be vulnerable to several issues.

Client Side Template Injection
Command Injection
File Inclusion/Path Traversal

TODO:

Prototype Pollution to XSS
Server Side Inclusion/Edge Side Inclusion
Server Side Request Forgery
Server Side Template Injection
Reverse Tab Nabbing
XSLT Server Side Injection
XSS
XSSI
XS-Search

Some of the mentioned vulnerabilities require special conditions, others just require the content to be reflected. You can find some interesting polygloths to test quickly the vulnerabilities in:

Search functionalities

If the functionality may be used to search some kind of data inside the backend, maybe you can (ab)use it to search arbitrary data.

File Inclusion/Path Traversal
NoSQL Injection
LDAP Injection
ReDoS
SQL Injection
XPATH Injection

Forms, WebSockets and PostMsgs

When a websocket posts a message or a form allowing users to perform actions vulnerabilities may arise.

Cross Site Request Forgery
Cross-site WebSocket hijacking (CSWSH)
PostMessage Vulnerabilities

HTTP Headers

Depending on the HTTP headers given by the web server some vulnerabilities might be present.

Clickjacking
Content Security Policy bypass
Cookies Hacking
CORS - Misconfigurations & Bypass

Bypasses

There are several specific functionalities where some workarounds might be useful to bypass them

2FA/OTP Bypass
Bypass Payment Process
Captcha Bypass
Login Bypass
Race Condition
Rate Limit Bypass
Reset Forgotten Password Bypass
Registration Vulnerabilities

Structured objects / Specific functionalities

Some functionalities will require the data to be structured in a very specific format (like a language serialized object or XML). Therefore, it's easier to identify if the application might be vulnerable as it needs to be processing that kind of data. Some specific functionalities may be also vulnerable if a specific format of the input is used (like Email Header Injections).

Deserialization
Email Header Injection
JWT Vulnerabilities
XML External Entity

Files

Functionalities that allow uploading files might be vulnerable to several issues. Functionalities that generate files including user input might execute unexpected code. Users that open files uploaded by users or automatically generated including user input might be compromised.

File Upload
Formula Injection
PDF Injection
Server Side XSS

External Identity Management

OAUTH to Account takeover
SAML Attacks

Other Helpful Vulnerabilities

These vulnerabilities might help to exploit other vulnerabilities.

Domain/Subdomain takeover
IDOR
Parameter Pollution
Unicode Normalization vulnerability

Last updated 2 years ago

Proxies
User input
Reflected Values
Search functionalities
Forms, WebSockets and PostMsgs
HTTP Headers
Bypasses
Structured objects / Specific functionalities
Files
External Identity Management
Other Helpful Vulnerabilities