Git-Mirrors/sec-pentesting-toolkit
1
0
Fork 0
mirror of https://github.com/autistic-symposium/sec-pentesting-toolkit.git synced 2025-05-02 06:46:07 -04:00
Code Issues Projects Releases Packages Wiki Activity

readme

Browse source
This commit is contained in:
Mari Wahl 2014-12-30 18:56:44 -05:00
parent c5796321ce
commit 623c013018
2 changed files with 31 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

16
Web_Security/README.md
View file

@ -220,7 +220,7 @@ http://!$^&*()_+`-={}|[]:;@www.google.com
* The first line of a request is modified to include protocol version information and it's followed by zero or more name:value pairs (headers):
- User-Agent: browser version information
- Host: URL hostanme
- Host: URL hostname
- Accept: supported MIME documents( such as text/plain or audio/MPEG)
- Accept-Language: supported language codes
- Referer: originating page for the request
@ -298,19 +298,19 @@ Set-Cookie: SID=472ndsw;expires=DATE;path=/;domain=SITE,HttpOnly
* IE doesn't always observer port number.
* Wildcard * policies is ill-advised: explose content on your domain to script access from any/all origins.
* Wildcard * policies is ill-advised: explore content on your domain to script access from any/all origins.
### Cross-Domain Policies
* Extend SOP beyond a document's origin.
* Permit applets originating from another domain access to resources.
* Permit issuing arbritary HTTP requests with whitelisted headers.
* Permit issuing arbitrary HTTP requests with whitelisted headers.
### CORS - Cross Origin Resource Sharing
* Browser allows XMLHttpRequest's to acess response data return from cross-origin requests when:
- Response contains Acess-Control-Allow -Origin header
- Requst's Origin value is defined in set
* Browser allows XMLHttpRequest's to access response data return from cross-origin requests when:
- Response contains Access-Control-Allow -Origin header
- Request's Origin value is defined in set
----
@ -623,7 +623,7 @@ Authorization: Basic YWRtaW46YWRtaW4=
* Parameter manipulation: insecure direct object reference (DB record id's exposed to user).
* Failure to restrict URL access:
- protect sensitive functionality by disabling the display of links, buttons, URL, and hiddel URL or parameters.
- protect sensitive functionality by disabling the display of links, buttons, URL, and hidden URL or parameters.
- forceful browsing is a common attack technique: typically results in vertical escalation, administrative interfaces.
@ -673,7 +673,7 @@ Authorization: Basic YWRtaW46YWRtaW4=
1. Define an XML entity in the DTD
2. Reference defined entity in XML body.
3. Parser will read /etc/passwd contents into e1:
3. Parser will read /etc/passwd contents:
```
<!DOCTYPE test [<!ENTITY x3 System "/etc/passwrd">]>