Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-21 20:23:18 +00:00
Code Issues Projects Releases Packages Wiki Activity

GITBOOK-4096: change request with no subject merged in GitBook

Browse source
This commit is contained in:
CPol 2023-09-26 11:09:53 +00:00 committed by gitbook-bot
parent 526d927d6a
commit 7d1cde6b91
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
4 changed files with 11 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
SUMMARY.md
View file

@ -540,7 +540,7 @@
* [Cookie Bomb](pentesting-web/hacking-with-cookies/cookie-bomb.md)
* [CORS - Misconfigurations & Bypass](pentesting-web/cors-bypass.md)
* [CRLF (%0D%0A) Injection](pentesting-web/crlf-0d-0a.md)
* [Cross-site WebSocket hijacking (CSWSH)](pentesting-web/cross-site-websocket-hijacking-cswsh.md)
* [WebSocket Attacks](pentesting-web/websocket-attacks.md)
* [CSRF (Cross Site Request Forgery)](pentesting-web/csrf-cross-site-request-forgery.md)
* [Dangling Markup - HTML scriptless injection](pentesting-web/dangling-markup-html-scriptless-injection/README.md)
* [SS-Leaks](pentesting-web/dangling-markup-html-scriptless-injection/ss-leaks.md)

4
pentesting-web/race-condition.md
View file

@ -315,6 +315,10 @@ The **problem** appears when you **accept it** and automatically sends an **`aut
Once you have **obtained a valid RT** you could try to **abuse it to generate several AT/RT** and **even if the user cancels the permissions** for the malicious application to access his data, **several RTs will still be valid.**
## **RC in WebSockets**
In [**WS\_RaceCondition\_PoC**](https://github.com/redrays-io/WS\_RaceCondition\_PoC) you can find a PoC in Java to send websocket messages in **parallel** to abuse **Race Conditions also in Web Sockets**.
## References
* [https://hackerone.com/reports/759247](https://hackerone.com/reports/759247)

2
pentesting-web/web-vulnerabilities-methodology/README.md
View file

@ -77,7 +77,7 @@ If the functionality may be used to search some kind of data inside the backend,
When a websocket posts a message or a form allowing users to perform actions vulnerabilities may arise.
* [ ] [**Cross Site Request Forgery**](../csrf-cross-site-request-forgery.md)
* [ ] [**Cross-site WebSocket hijacking (CSWSH)**](../cross-site-websocket-hijacking-cswsh.md)
* [ ] [**Cross-site WebSocket hijacking (CSWSH)**](../websocket-attacks.md)
* [ ] [**PostMessage Vulnerabilities**](../postmessage-vulnerabilities/)
### **HTTP Headers**

6
pentesting-web/cross-site-websocket-hijacking-cswsh.md → pentesting-web/websocket-attacks.md
View file

@ -1,4 +1,4 @@
# Cross-site WebSocket hijacking (CSWSH)
# WebSocket Attacks
<details>
@ -165,6 +165,10 @@ Exposing the web application and making a user connect to it you will be able to
sudo python3 -m http.server 80
```
## Race Conditions
Race Conditions in WebSockets are also a thing, [check this information to learn more](race-condition.md#rc-in-websockets).
## Other vulnerabilities
As Web Sockets are a mechanism to **send data to server side and client side**, depending on how the server and client handles the information, **Web Sockets can be used to exploit several other vulnerabilities like XSS, SQLi or any other common web vuln using input of s user from a websocket.**