WebApp Pentesting 101

<Insert inspiring quote here>

Guy who couldn’t come up with anything

Recent Posts

WebApps 101: Server Side Request Forgery

Server Side Request Forgery (SSRF) is when you’re able to get a webserver to issue web requests on your behalf. In typical SSRF examples, the attacker might cause the server to make a connection back to itself, or to other web-based services within the organization’s infrastructure, or to external third-party systems. Testing for SSRF Keep […]

WebApps 101: Directory Traversal

Anytime that you notice the URL is calling on a file name, you should test to see if there is a directory traversal vulnerability. Testing for Directory Traversal An easy way to test is to simply try and place ./ in front of the filename in the URL. If the page reloads and looks the […]

WebApps 101: Broken Authorization Controls

This post intends to serve as a guide for some easy wins to look for when pentesting a web application for weak authorization controls. Note that this differs from Broken Authentication Controls, as Authentication takes place before Authorization comes in. This post will be updated as I learn more about broken controls to look for. […]

WebApps 101: Broken Authentication Controls

This post intends to serve as a guide for some easy wins to look for when pentesting a web application for weak authentication controls. Note that this differs from Broken Authorization Controls, as Authentication takes place first. This post will be updated as I learn more about broken controls to look for. Check session cookies. […]

Using Cross Site Scripting (XSS) to Steal Cookies

We can leverage the following website so that we do not need our own webserver. https://webhook.site/ With a webhook in hand, we’re ready to craft our payload. Our payload should look like this. We’ll want to make sure we replace the URL with our generated webhook address. Once the browser renders the JavaScript the <img […]

Basic Cross Site Scripting (XSS) Bypass Techniques

In some cases, a bit of filtering is involved. The web developer may have added some regular expressions, to prevent simple XSS payloads from working. This post intends to serve as a list of simple bypass techniques to try when attempting to inject XSS payloads. Tweaking the case of your script tags. Some filters are […]

Command Injection Tips

While working through TheCyberMentor’s Linux Privesc course, I learned something new and wanted to place this here so I can refer to it later. There’s a box on TryHackMe called ConvertMyVideo. This post does not intend to serve as a walk-through or write-up of that box, but rather is a using it as an example […]

File Upload Bypass Techniques

In this guide, I’m going to show you one method to consider when you come across a file upload that only accepts PNG files. This method could theoretically be used for other file-types as well, but I’ll demonstrate uploading a PHP file on a file upload feature that “should” only allow PNG files on Popcorn […]

Bypassing XSS Defenses Part 1: Finding Allowed Tags and Attributes

This post intends to serve as a guide for a common bypass technique when you’re up against a web application firewall (WAF). In the event that the WAF limits what tags and attributes are allowed to be passed, we can use BurpSuite’s Intruder functionality to learn which tags are allowed. Table of Contents: Setting the […]

Exploiting Cross Site Request Forgery (CSRF) & Bypassing Defenses

Wondering what Cross Site Request Forgery is? Go check out my previous post on this topic at Let’s Talk Basics About Cross Site Request Forgery (CSRF). Ready to learn more about how to exploit it? You’re in the right place. The concepts and examples shown in this post were taken from PortSwigger’s WebSecurity Academy. Table […]

Using PHP Wrappers within LFI to Obtain PHP Script Source Code

You find a Local File Inclusion (LFI) running PHP, you’re able to leverage a PHP wrapper to convert the file to Base64, which you can then decode on your own machine to view the source-code of the page. In this example, we’ll be using FRIENDZONE on HackTheBox. Confirming LFI on our example At the following […]

Stay Involved

Get new content delivered directly to your inbox.