Page 10 - Hands-On Bug Hunting for Penetration Testers
P. 10
Table of Contents
SQLi and Other Code Injection Attacks – Accepting Unvalidated
Data 75
A Simple SQLi Example 75
Testing for SQLi With Sqlmap – Where to Find It and How to Verify It 76
Google Dorks for SQLi 79
Validating a Dork 79
Scanning for SQLi With Arachni 81
Going Beyond Defaults 82
Writing a Wrapper Script 84
NoSQL Injection – Injecting Malformed MongoDB Queries 84
SQLi – An End-to-End Example 85
Gathering Report Information 88
Category 88
Timestamps 88
URL 89
Payload 89
Methodology 89
Instructions to Reproduce 89
Attack Scenario 89
Final Report 89
Summary 90
Questions 90
Further Reading 91
Chapter 6: CSRF and Insecure Session Authentication 92
Technical Requirements 93
Building and Using CSRF PoCs 93
Creating a CSRF PoC Code Snippet 93
Validating Your CSRF PoC 97
Creating Your CSRF PoC Programmatically 99
CSRF – An End-to-End Example 105
Gathering Report Information 112
Category 112
Timestamps 112
URL 112
Payload 112
Methodology 112
Instructions to Reproduce 112
Attack Scenario 113
Final Report 113
Summary 114
Questions 114
Further Reading 114
Chapter 7: Detecting XML External Entities 115
Technical requirements 116
[ iii ]
