robre's blog
  • Welcome
  • References
  • Disclosure
    • Untitled
  • Writeups
    • CTF
  • Tools
    • radare2 personal cheatsheet
    • gdb personal cheatsheet
    • Useful Linux text utilities
    • GDB tutorial
    • Replacing Kali
  • CTF Wiki
    • PWN
    • WEB
    • RE
    • MOBILE
    • CRYPTO
    • STEGO
    • MISC
    • NET
Powered by GitBook
On this page
  • XSS
  • SQLi
  • IDOR
  • File Upload
  • PHP
  • SSRF/LFI/RFI/XXE

Was this helpful?

  1. CTF Wiki

WEB

a web of poor design decisions

XSS

  • xss challs /usually) either simply require a popped alert, or have a user(cronjob) that visits a website whose cookies should get stolen

  • '"<>;{}-=`#/* are all interesting chars. See if you can construct a javascript context with them in the dom

  • Consider CSP and CSP bypasses

SQLi

  • Try inserting ' and SLEEP payloads, basically every dbms can be injected.

  • dont rely too much on sqlmap

IDOR

  • try different values for parameters such as id=3 -> try 0,1,2,4,-1,100,10000,...

File Upload

  • Any File upload is suspicious, try changing mime, magic bytes, filename, content-type,... some combination might work

  • try uploading weird files for weird error messages

PHP

  • Php alone is a vulnerability ;) so many gotchas, read the reference for every function, be aware of types and strong/weak comparisons etc.

SSRF/LFI/RFI/XXE

  • many more possible vulnerability types that may be more or less streightforward to exploit

PreviousPWNNextRE

Last updated 5 years ago

Was this helpful?