Бях на събитие в init Lab, което от презентация мина към конкретни упражнения върху тестови инстанции за CTF предизвикателства. Това са моите бележките от лекцията:
Tools:
-ffuf – brute force, vhosts scanning, could pass requests to burp
— quickhits – common list for content discovery
-burp suite – intercepting requests, manipulating parameters, etc. (used as a browser proxy)
-sqlmap – sql injections
-interactsh – free alternative to burp collaborator
vulnerabilities:
-bruteforce / content discovery
— unprotected content
— directory listing
— backup files
-authentication/authorisation
–IDOR – insecure direct object reference (change the value of a request parameter like user_id)
-xss => htmlspecialchars() saves the day
–DOM XSS
–reflected XSS
–cookie stealing => httponly flag is the basic protection
–phpinfo page cookie stealing
-sql inj
–addslashes()
–real_escape_string()
–prepared statements prevent it all