My Personal Common WASA Attack Type Checklist
In an SSRF attack, the attacker can deceive the server into accessing internal services (e.g. 127.0.0.1, localhost, ) that should be restricted within the organization. Notes | PAT
Chainable vulnerability / Requirement:
- Open Redirect
- LFI/RFI
CORS (Cross-Origin Resource Sharing) Injection is a security issue that happens when a web application wrongly sets its CORS rules, allowing attackers to misuse it. Notes | PAT
Requirement:
- Request > Origin: https://evil.com
- Response > Access-Control-Allow-Credential: true
- Response > Access-Control-Allow-Origin: https://evil.com OR Access-Control-Allow-Origin: null
Exploit a range of vulnerabilities, such as weak password reset tokens, 2FA (two-factor authentication) weaknesses, and inadequate input validation. Through methods like manipulating referrers, utilizing cross-site scripting, or leveraging flaws in password reset processes, attackers maneuver their way into unauthorized account access. PAT
Via:
- Misconfigured/weak password reset module
- XXS (Leaked cookie)
- HTTP Request Smuggling
- CSRF
- JWT
- 2FA Bypasses
APIs are the keys to an organization’s databases, so it’s essential to control who has access to them. Finding Hidden API Keys & How to Use Them. PAT