- Fuzz the Application - Check if the appliation using AngularJS - Check for Content Security Policy - Check if httonly and Secure flags are added in the cookie or not & HSTS - If there is any payment involved --> Try to perform Race conditions - Login as Admin and LowPriv user and check BAC & IDOR using ZAP/Burp - ChecK Session Vulnerabilities - Take the sessionID of the user and logout --> return using the same sessionID - Check Password Reset Link --> req email and go to the link --> see if there are any external urls being used inside the webpage --> check the referer of the domain --> see if the Password reset token is available in the Referrer header. - Check Parameter Pollution --> Add same parameters twice with different varaiable/ID - Look for IDOR & Broken Access Control - Use Burp Authorize or Owasp ZAP (Access Control from Market place) to test - `AutoComplete=off` --> Credit card Processing/Password --> Check if the browser cached the card info or not after updating the info on the website. It should not store the Card info - Inspect the form and see if AutoComplete=off is added in the form or not. - Look for any avalilable docs on the website and extract metadata using exiftool -a file.doc - Check Google Dorks - site:hackingdream.net AND intitle:"index of" - site:hackingdream.net AND ("mysql error with query" OR "mysqli_query" OR "mysqli_query" OR "pdo_mysql") - site:hackingdream.net AND ("[MICROSOFT]["ODBC SQL" OR "[SQL SERVER]") - site:hackingdream.net AND ("PostgreSQL server: FATAL" OR "not a valid PostgreSQL result") - site:hackingdream.net AND ("ORA-00933" OR "ORA-00921" OR "ORA-00936" OR "ORA-12541" OR "[ODBC SQL]") More dorks here https://www.boxpiper.com/posts/google-dork-list-error-messages - site:hackingdream.net AND (ext:"backup" OR ext:"bak" OR ext:"old") - site:hackingdream.net AND intitle:"500" - site:hackingdream.net AND (inurl:"api" OR inurl:"key" OR inurl:"apikey") - site:hackingdream.net AND -inurl:"https" -
Comments
Post a Comment