Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-22 04:33:28 +00:00
Code Issues Projects Releases Packages Wiki Activity

GitBook: [master] 3 pages modified

Browse source
This commit is contained in:
CPol 2021-07-26 10:54:04 +00:00 committed by gitbook-bot
parent 32662e9981
commit 899a6ab514
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
3 changed files with 12 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
pentesting-web/deserialization/nodejs-proto-prototype-pollution.md
View file

@ -519,6 +519,8 @@ requests.get(TARGET_URL)
* [https://portswigger.net/web-security/cross-site-scripting/cheat-sheet\#prototype-pollution](https://portswigger.net/web-security/cross-site-scripting/cheat-sheet#prototype-pollution)
* [https://github.com/BlackFan/client-side-prototype-pollution](https://github.com/BlackFan/client-side-prototype-pollution)
You can also use the tool [**https://github.com/dwisiswant0/ppfuzz**](https://github.com/dwisiswant0/ppfuzz?tag=v1.0.0) to try to find this kind of vulnerabilities.
## What can I do to prevent?
* Freeze properties with Object.freeze \(Object.prototype\)

10
pentesting-web/rate-limit-bypass.md
View file

@ -6,9 +6,13 @@ If you are attacking the `/api/v3/sign-up` endpoint try to perform bruteforce to
Also try appending to the original endpoint bytes like `%00, %0d%0a, %0d, %0a, %09, %0C, %20`
### Blank chars in code/params
Try adding some blank byte like `%00, %0d%0a, %0d, %0a, %09, %0C, %20` to the code and/or params. For example `code=1234%0a` or if you are requesting a code for an email and you only have 5 tries, use the 5 tries for `example@email.com`, then for `example@email.com%0a`, then for `example@email.com%0a%0a`, and continue...
### Changing IP origin using headers
```text
```bash
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
@ -29,3 +33,7 @@ If they are limiting to 10 tries per IP, every 10 tries change the IP inside the
Try changing the user-agent, the cookies... anything that could be able to identify you.
### Adding extra params to the path
If the limit in in the path `/resetpwd`, try BFing that path, and once the rate limit is reached try `/resetpwd?someparam=1`

1
pentesting-web/web-vulnerabilities-methodology.md
View file

@ -33,6 +33,7 @@ If the introduced data may somehow being reflected in the response, the page mig
* [ ] \*\*\*\*[**Dangling Markup**](dangling-markup-html-scriptless-injection.md)\*\*\*\*
* [ ] [**File Inclusion/Path Traversal**](file-inclusion/)\*\*\*\*
* [ ] [**Open Redirect**](open-redirect.md)\*\*\*\*
* [ ] \*\*\*\*[**Prototype Pollution to XSS**](deserialization/nodejs-proto-prototype-pollution.md#client-side-prototype-pollution-to-xss)\*\*\*\*
* [ ] [**Server Side Inclusion/Edge Side Inclusion**](server-side-inclusion-edge-side-inclusion-injection.md)\*\*\*\*
* [ ] [**Server Side Request Forgery**](ssrf-server-side-request-forgery.md)\*\*\*\*
* [ ] [**Server Side Template Injection**](ssti-server-side-template-injection/)\*\*\*\*