WebApplicationTesting

From Rory.wiki

Jump to: navigation, search

Contents

General

Oracle iRecruitment Notes

Struts Notes

Web Vuln Notes

Microsoft Content Manager 2002 Notes

Siteminder notes

Oracle Application Server Notes

ASP.NET Notes

Ruby on Rails Notes

XSS

a Handy XSS Vector for places where no forward slashes are allowed 

<img src="" onerror="alert('XSS')">

Handy XSS Vector which bypasses .NET protection on sites (this example is in a web trends meta tag) 

<meta name="WT.oss" content="test" style="xx:exp/**/ression(alert('xss'));""/>

Links and Resources

Attribute based XSS discussion

Microsofts Anti-XSS page

Great list of XSS vectors

SQL Injection

Links

SQL Injection Cheat Sheet

SQL Injection Cheat Sheet

SQL Injection Cheat sheets for various database backends

Good SQL Injection preso from sumit

Advanced SQL Injection presentation - OWASP

Advanced SQL Injection - NGS

More Advanced SQL Injection - NGS

Looong list of SQL Injection resources

SQl Injection Recipes

Blind SQL Injection Good chat on blind SQL injection techniques for different DBMSs

blind SQL injection technique for Oracle

Burp Suite

Links

Main Burp Site

Burp intruder tips

SSL Testing

Aside from the obvious of Nessus scanning to determine Cipher suites installed on a web server there's a couple of scripts that can do the job Cryptonark or manyssl

XML Testing

point to note if uploading XML to get XSS into it use CDATA tags something like 

<name><![CDATA["><script>alert("XSS")</script>]]></name>

Hiding Web Service Descriptions

Probably redundant but it's possible to hide the handy web services descriptions pages that come with .ASMX files. From here 

<system.web.services>
    <protocols>
        <remove name="Documentation"/>
    </protocols>
</system.web.services><br/><br/>

Web Server Method Testing

Testing web server verbs can reveal interesting things, some basic syntax below for OPTIONS (lists what methods are supported) and PUT which can upload files. remove the space in HT TP (mediawiki/apache don't like this page otherwise! 

telnet <server_ip> 80
OPTIONS / HT TP/1.1
Host: <host_name>

Should reveal that verbs supported. if PUT is supported you can try it out by 

telnet <server_ip> 80
PUT /<my_test_file_name> HT TP/1.1
Host: <host_name>
Conent-Type: text/plain
Content-Length: 
 
Your text here

Mime Types

It can be important to determine MIME types processed by a web server or web browser

Some research on accepted MIME types on the browser side

an interesting XML XSS vector Full MIME-Type listing

General Links and Resources

HTTP Parameter Pollution Paper

Web Scraping with Nokogiri

User Agent Strings Handy resource with a load of User Agent Strings on it

ASP.NET security training

JBoss Hacking

excellent tools list

List of Web App Scanners

Good description of the ASP.NET authentication process

Web App Test Notes

Long list of tools and sites

Google Gruyere training site

Retrieved from "http://wiki.mccune.org.uk/index.php/WebApplicationTesting"
Personal tools