Websites all around the world are programmed using various programming languages. While there are specific vulnerabilities in each programming langage that the developer should be aware of, there are issues fundamental to the internet that can show up regardless of the chosen language or framework.
These vulnerabilities often show up in CTFs as web security challenges where the user needs to exploit a bug to gain some kind of higher level privelege.
Common vulnerabilities to see in CTF challenges:
- SQL Injection
1
' UNION SELECT username, password FROM users--
- Command Injection
1
whoami > /var/www/static/whoami.txt &
- Cross Site Scripting (XSS)
1
<script>alert(1)</script>
- Remote Code Execution (RCE)
1
<?php system($_GET['cmd']);?>
- Lokal File Inclusion (LFI)
1
../../etc/passwd
And here I have a little extra cheatsheet for you to study in a better learning process
<–> WEB ENUMERATION <–>
- Checking cookies content
- Modifying cookies
- Different HTTP methods
- Inspection of the website HTML/CSS/JS file
- The poor cookie admin authentication
- Inspect every page after every action
- Ctrl + F with the flag format
- Bruteforce with the normal admin:admin
- Checking out robots.txt/.htaccess/.DS_Store
- md5 checks
- JS obfuscation
- WebAssembly
- SQL Injection
- Blind SQL Injection
- SQL Injection filters bypass
- file trace by looking through static imports(html,css,js,imgs)
- Any sus long string can be base64(may need to respect its multi-line)
- HTTP Headers(User-Agent,Accept-Language,referer,Date,DNT,X-Forwarded-For,etc…)
- Command Injection(system command)(don’t forget to URL encode specializes)
- Command Injection(language command - php, node, python etc.. -)
- access middle redirect pages via open redirect vulnerability +
- Check out available paths via Gobuster
- Sometimes Burpsuite sucks
Hopefully useful for you and happy learning