tbhm:11_auxiliary
Differences
This shows you the differences between two versions of the page.
| tbhm:11_auxiliary [2026/05/14 09:18] – TBHM import drew | tbhm:11_auxiliary [2026/05/14 09:28] (current) – converted from markdown to dokuwiki syntax drew | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | # Auxiliary | + | ====== |
| - | ## The vulns formerly known as " | + | ===== The vulns formerly known as " |
| - | - Content Spoofing or HTML injection | + | * Content Spoofing or HTML injection |
| - | - Referer leakage | + | |
| - | - security headers | + | |
| - | - path disclosure | + | |
| - | - clickjacking | + | |
| - | - ++ | + | |
| - | ## How to test a web app in n minutes | + | ===== How to test a web app in n minutes |
| How can you get maximum results within a given time window? | How can you get maximum results within a given time window? | ||
| - | ## Data Driven Assessment (diminishing return FTW) | + | ===== Data Driven Assessment (diminishing return FTW) ===== |
| - | 1. Visit the search, registration, | + | - Visit the search, registration, |
| - | 2. Scan those specific functions with Burp's built-in scanner | + | |
| - | 3. Check your cookie, log out, check cookie, log in, check cookie. Submit old cookie, see if access. | + | |
| - | 4. Perform user enumeration checks on login, registration, | + | |
| - | 5. Do a reset and see if; the password comes plaintext, uses a URL based token, is predictable, | + | |
| - | 6. Find numeric account identifiers anywhere in URLs and rotate them for context change | + | |
| - | 7. Find the security-sensitive function(s) or files and see if vulnerable to non-auth browsing (idors), lower-auth browsing, CSRF, CSRF protection bypass, and see if they can be done over HTTP. | + | |
| - | 8. Directory brute for top short list on SecLists | + | |
| - | 9. Check upload functions for alternate file types that can execute code (xss or php/ | + | |
tbhm/11_auxiliary.txt · Last modified: by drew