mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-25 22:20:43 +00:00
GitBook: [master] 3 pages modified
This commit is contained in:
parent
32662e9981
commit
899a6ab514
3 changed files with 12 additions and 1 deletions
|
@ -519,6 +519,8 @@ requests.get(TARGET_URL)
|
|||
* [https://portswigger.net/web-security/cross-site-scripting/cheat-sheet\#prototype-pollution](https://portswigger.net/web-security/cross-site-scripting/cheat-sheet#prototype-pollution)
|
||||
* [https://github.com/BlackFan/client-side-prototype-pollution](https://github.com/BlackFan/client-side-prototype-pollution)
|
||||
|
||||
You can also use the tool [**https://github.com/dwisiswant0/ppfuzz**](https://github.com/dwisiswant0/ppfuzz?tag=v1.0.0) to try to find this kind of vulnerabilities.
|
||||
|
||||
## What can I do to prevent?
|
||||
|
||||
* Freeze properties with Object.freeze \(Object.prototype\)
|
||||
|
|
|
@ -6,9 +6,13 @@ If you are attacking the `/api/v3/sign-up` endpoint try to perform bruteforce to
|
|||
|
||||
Also try appending to the original endpoint bytes like `%00, %0d%0a, %0d, %0a, %09, %0C, %20`
|
||||
|
||||
### Blank chars in code/params
|
||||
|
||||
Try adding some blank byte like `%00, %0d%0a, %0d, %0a, %09, %0C, %20` to the code and/or params. For example `code=1234%0a` or if you are requesting a code for an email and you only have 5 tries, use the 5 tries for `example@email.com`, then for `example@email.com%0a`, then for `example@email.com%0a%0a`, and continue...
|
||||
|
||||
### Changing IP origin using headers
|
||||
|
||||
```text
|
||||
```bash
|
||||
X-Originating-IP: 127.0.0.1
|
||||
X-Forwarded-For: 127.0.0.1
|
||||
X-Remote-IP: 127.0.0.1
|
||||
|
@ -29,3 +33,7 @@ If they are limiting to 10 tries per IP, every 10 tries change the IP inside the
|
|||
|
||||
Try changing the user-agent, the cookies... anything that could be able to identify you.
|
||||
|
||||
### Adding extra params to the path
|
||||
|
||||
If the limit in in the path `/resetpwd`, try BFing that path, and once the rate limit is reached try `/resetpwd?someparam=1`
|
||||
|
||||
|
|
|
@ -33,6 +33,7 @@ If the introduced data may somehow being reflected in the response, the page mig
|
|||
* [ ] \*\*\*\*[**Dangling Markup**](dangling-markup-html-scriptless-injection.md)\*\*\*\*
|
||||
* [ ] [**File Inclusion/Path Traversal**](file-inclusion/)\*\*\*\*
|
||||
* [ ] [**Open Redirect**](open-redirect.md)\*\*\*\*
|
||||
* [ ] \*\*\*\*[**Prototype Pollution to XSS**](deserialization/nodejs-proto-prototype-pollution.md#client-side-prototype-pollution-to-xss)\*\*\*\*
|
||||
* [ ] [**Server Side Inclusion/Edge Side Inclusion**](server-side-inclusion-edge-side-inclusion-injection.md)\*\*\*\*
|
||||
* [ ] [**Server Side Request Forgery**](ssrf-server-side-request-forgery.md)\*\*\*\*
|
||||
* [ ] [**Server Side Template Injection**](ssti-server-side-template-injection/)\*\*\*\*
|
||||
|
|
Loading…
Reference in a new issue