Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-22 04:33:28 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #346 from SidharthR27/master

Browse source 
Update web-vulnerabilities-methodology.md
This commit is contained in:
Carlos Polop 2022-06-05 02:15:50 +01:00 committed by GitHub
commit 83430fc5eb
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 4 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
pentesting-web/client-side-template-injection-csti.md
View file

@ -19,7 +19,7 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
# Summary
It is like a [**Server Side Template Injection**](ssti-server-side-template-injection/) but in the **client**. The **SSTI** can allow you the **execute code** on the remote server, the **CSTI** could allow you to **execute arbitrary JavaScript** code in the victim.
It is like a [**Server Side Template Injection**](ssti-server-side-template-injection/) but in the **client**. The **SSTI** can allow you to **execute code** on the remote server, the **CSTI** could allow you to **execute arbitrary JavaScript** code in the victim.
The way to **test** for this vulnerability is very **similar** as in the case of **SSTI**, the interpreter is going to expect something to execute **between doubles keys** and will execute it. For example using something like: `{{ 7-7 }}` if the server is **vulnerable** you will see a `0` and if not you will see the original: `{{ 7-7 }}`

6
pentesting-web/web-vulnerabilities-methodology.md
View file

@ -16,7 +16,7 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
</details>
In every pentest web there is **several hidden and obvious places that might be vulnerable**. This post is meant to be a checklist to confirma that you have searched vulnerabilities in all the posible places.
In every pentest web there is **several hidden and obvious places that might be vulnerable**. This post is meant to be a checklist to confirm that you have searched vulnerabilities in all the possible places.
## Proxies
@ -74,7 +74,7 @@ If the functionality may be used to search some kind of data inside the backend,
* [ ] [**LDAP Injection**](ldap-injection.md)
* [ ] [**ReDoS**](regular-expression-denial-of-service-redos.md)
* [ ] [**SQL Injection**](sql-injection/)
* [ ] [**XAPTH Injection**](xpath-injection.md)
* [ ] [**XPATH Injection**](xpath-injection.md)
### **Forms, WebSockets and PostMsgs**
@ -97,7 +97,7 @@ Depending on the HTTP headers given by the web server some vulnerabilities might
There are several specific functionalities were some workarounds might be useful to bypass them
* [ ] [**2FA/OPT Bypass**](2fa-bypass.md)
* [ ] [**2FA/OTP Bypass**](2fa-bypass.md)
* [ ] [**Bypass Payment Process**](bypass-payment-process.md)
* [ ] [**Captcha Bypass**](captcha-bypass.md)
* [ ] [**Login Bypass**](login-bypass/)