GitBook: [master] one page modified

pentesting/pentesting-web/README.md

@@ -332,27 +332,6 @@ TODO: Complete the list of vulnerabilities and techniques with [https://six2dez.
 
 ## User input related vulnerabilities special mention
 
-### **Bypass regular login \(POST or GET method\)**
-
-If you find a login page, here you can find some techniques to try to bypass it:
-
-* Check for **comments** inside the page \(scroll down and to the right?\)
-* Check if you can **directly access the restricted pages**
-* Check to **not send the parameters** \(do not send any or only 1\)
-* Test manually [very common passwords](./#2-2-5-list-of-common-password-to-test-manually).
-* Check for **default credentials** 
-* Check for **common combinations** \(root, admin, password, name of the tech, default user with one of these passwords\)
-* Check the **PHP comparisons error:** _user\[\]=a&pwd=b_ , _user=a&pwd\[\]=b_ , _user\[\]=a&pwd\[\]=b_
-* Create a dictionary using **Cewl**, **add** the **default** username and password \(if there is\) and try to brute-force it using all the words as **usernames and password**
-* Try to **brute-force** using a bigger **dictionary \(**[**Brute force**](../../brute-force.md#http-post-form)**\)**
-
-You should also check for:
-
-* [**SQL Injection authentication bypass**](../../pentesting-web/sql-injection/#authentication-bypass)
-* [**NoSQL Injection**](../../pentesting-web/nosql-injection.md)
-* [**XPath Injection**](../../pentesting-web/xpath-injection.md)
-* [**LDAP Injection**](../../pentesting-web/ldap-injection.md)
-
 ### Insert into/Create Object
 
 Check for [SQL INSERT INTO Injections](../../pentesting-web/sql-injection/#insert-statement)