Skip to main content

How to Approach Web Application Vulnerability Assessment using Burp Community | Part - 1 | Audit Guidelines | High Impact Web Vulnerability

The blog basically covers how to check to web application vulnerability with Burp Community Edition. This blog will be very helpful while performing the web application security assessment manually. In this part of the blog, we will cover a few vulnerabilities with High impact severity. So here is the blog.

HTTP PUT method is enabled

Audit Guideline

1) Capture the base request in the burp community and send the request to the repeater.
2) Change the request method to PUT and set the path with a file name as /test/shell.php and send the request to the application server.
3) Observe the response if the server response with 201 Created response. Then the application is vulnerable.
4) Now upload the shellcode as shown below and BOOM. Happy RCEing.
Note- If the PUT method is not allowed on base URL/request trying uploading on a different directory in the application.

Proof of Concept

A web shell is uploaded using the PUT method

Server-side request forgery (SSRF) - Out-of-band resource load (HTTP)

Audit Guideline

1) Capture the base request in the burp community and send the request to the repeater.
2) Change the request path to any internal or external URL. For eg. change the request path to https://www.lucideus.com.
3) From Exhibit below, it can be observed that the application includes the response of https://www.lucideus.com. 

Proof of Concept

Application is fetching the pages of another website in response

HTTP response header injection 

Audit Guideline

1)Capture the request in the burp community and send the request to the repeater.
2) Try Injecting some value For e.g "abcd" in the URL before the parameters start. The injected value will be visible in the X-Cache-Key response header as seen in the Exhibit 3 below.
3) This can further be exploited to change the Content Type and execute malicious javascript payloads as seen in Exhibit 4 and Exhibit 5, thereby leading to Reflected Cross-Site Scripting.

Proof of Concept

Exhibit 3

Exhibit 4

Exhibit 5

Hope you like this blog. The next part is coming soon. Please give your valuable feedback on this blog. You can comment if you want details in-depth on the web vulnerabilities mentioned above or any web-related vulnerability.

Popular posts from this blog

Essential System Design Concepts for Application Security Professionals

Introduction System design concepts is paramount for safeguarding digital assets against ever-evolving threats. Understanding how to architect systems that are not only robust and scalable but also inherently secure is essential. By grasping core system design concepts tailored to the unique demands of security, these concepts can fortify their applications against potential vulnerabilities and protect sensitive data from malicious actors.   In this blog post, we will discuss 20 latest interview questions related to system design in application security. 1. Explain the concept of threat modeling. Threat modeling is a process used to identify and prioritize potential threats to a system. It involves analyzing the system's architecture, identifying potential vulnerabilities, and evaluating the impact of different threats. The goal of threat modeling is to proactively design security measures that mitigate these threats. 2. How would you design a secure authentication system? A s...
Read more