-
Pentesting Web Auth
Username Enumeration Username can be enumerated in various way. For Example: Test with valid/invalid username and observe error message, and also compare Content length for both request. Analyze the URL for different behaviors, such as valid user get https://redtm.com/valid?err=1 and wrong user get https://redtm.com/valid?err=0. Observe http error message, such as a valid user url https://ip/admin giving error 403 whereas https://ip/wrongUser error is 404. Analyze the Pages title. The page title could be a different for wrong/right username.
Read more → -
Server-Side input validation testing
The common technique to find input validation vulnerability: Fuzz All parameters for OS Command Injection Encode payload in different way to bypass filter! SQL Injection SQL injection is most of the popular web hacking technique. If the web app is vulnerable to SQL Injection, Attackers can read, write data in database, and in some case able execute system command. Union Based SQLi - We can retrieve data from different database table.
Read more →