How to Find Web-Based Vulnerabilities (Manually and with Tools)

August 12, 2015 | Views: 15731

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Hello and welcome to another one of my contributions. This time, we’re going to focus on how to discover web application vulnerabilities.

If you haven’t read my last contribution into how to manually perform SQL Injection, I recommend you to do that after reading this. It’s easy to have a tool actually do stuff for you, but you also have to learn how to do it manually – Link: Manually SQL Injection

Let’s start…

 

First, I want to introduce you to some well-known web application vulnerabilities:

  • SQL Injection
  • XSS Cross site scripting
  • RFI which is remote file inclusion
  • LFI which is local file inclusion

 

In addition to these, you can attack a login panel using brute force to try out passwords, usernames etc. And, if you don’t know what these are, I recommend you to search this and PM me with any questions you may come up with.

To discover vulnerabilities can be quite a challenge when it comes to doing it all manually. I will give you insight into how you can do it with a short overview, but not take you to the actual performance.

 

 

Website Lookie Lookie – It’s just a name I came up with, but it actually has a point here…
Let’s say that we’re going to our website https://target.com (not the retailer called Target, but our target) – we’re seeing a bunch of stuff and want to take a look around. We’re are going to an example “news” section and in our URL bar and it will say something like this “http://target.com/news/”

Arrh damn…we have to look even more, so let’s check if there’s anything in one of their articles. We’re clicking on one of them. It’s saying something we might work with in the bar “https://target.com/news/article.php?id=10” for example. Let’s try to work with it.

https://target.com/news/article.php?id=10′ (We added ‘ to it to see if an error is actually there. If you don’t know the errors and how they look, check out my contribution for manually performing SQL Injection.

Maybe our vuln was there and an error came up or maybe not. We can keep searching around for this until we actually find what we’re looking for.

 

 

Google Dorking – Is one of many favorites and super easy to use.

I have my own private dorks for this and am not going to share these, but I will upload free public information for your use and give you an understanding into “how to.”

So, let’s go to our friend https://google.com. We really want to find our vuln since we could maybe not find it manually. We’re going to try to search for it using Google. We saw our target using PHP when we were searching manually, but we want to make sure that there are no other types like ASPX or ASP. We could do like this.

site:target.com ext:asp ext:php

Let’s say it seems that our target is also using ASP. We want to work with that first, since it wasn’t what we could see directly on the website when searching around to get an overview of our target. When we Google dorked it, we saw one of the links might have said something on the end like asp?id= so we’re going to search that:

site:target.com inurl:asp?id=

Now, we simply check each one of them to see if we find anything good here. Like I said, I have some methods that I simply don’t share. So, I would do it differently, but when you get good at this, you might find hidden tricks around. Here’s a link for a Google hacking database: https://www.exploit-db.com/google-hacking-database/ You can always just search on Google for google dorks, which are shared on pastebin and social networks.

 

 

Scanners – there is a lot of scanners out there, and if you have taken courses, you will know the names and how to use them.

One that’s a really advanced scanner and on my favorites is acunetix. It has many features for your use: https://www.acunetix.com

Another to look at is: Qualys.com/ It’s very good, super easy to use and will give you what you search for.

Finish your courses on Cybrary so you’ll also know tools like Nikto and all that.

 

 

Thanks!

If you have any questions, you can always PM me. I’ll be available all the time, whether it might be about this, my other contributions or anything else.

Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
24 Comments
  1. Glad that you all like this share. Hope that everyone can use this and hopefully also perfectly execute. Else pm me in advance if any problems.

    Best regards, Kevin Mark.

  2. Thanks for the writeup.

  3. @ Shadow…any tools that work for you is your best tools

  4. pls whats the best scanner on kali to use for finding sql errors

Page 3 of 3«123
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel