By: Kevin Mark
August 12, 2015
How to Find Web-Based Vulnerabilities (Manually and with Tools)
By: Kevin Mark
August 12, 2015
If you haven't read my last contribution into how to manually perform SQL Injection, I recommend you to do that after reading this. It's easy to have a tool actually do stuff for you, but you also have to learn how to do it manually - Link: Manually SQL InjectionLet's start... First, I want to introduce you to some well-known web application vulnerabilities:
- SQL Injection
- XSS Cross site scripting
- RFI which is remote file inclusion
- LFI which is local file inclusion
https://target.com/news/article.php?id=10' (We added ' to it to see if an error is actually there. If you don't know the errors and how they look, check out my contribution for manually performing SQL Injection.Maybe our vuln was there and an error came up or maybe not. We can keep searching around for this until we actually find what we're looking for. Google Dorking - Is one of many favorites and super easy to use.I have my own private dorks for this and am not going to share these, but I will upload free public information for your use and give you an understanding into "how to."So, let's go to our friend https://google.com. We really want to find our vuln since we could maybe not find it manually. We're going to try to search for it using Google. We saw our target using PHP when we were searching manually, but we want to make sure that there are no other types like ASPX or ASP. We could do like this.
site:target.com ext:asp ext:phpLet's say it seems that our target is also using ASP. We want to work with that first, since it wasn't what we could see directly on the website when searching around to get an overview of our target. When we Google dorked it, we saw one of the links might have said something on the end like asp?id= so we're going to search that:
site:target.com inurl:asp?id=Now, we simply check each one of them to see if we find anything good here. Like I said, I have some methods that I simply don't share. So, I would do it differently, but when you get good at this, you might find hidden tricks around. Here's a link for a Google hacking database: https://www.exploit-db.com/google-hacking-database/ You can always just search on Google for google dorks, which are shared on pastebin and social networks. Scanners - there is a lot of scanners out there, and if you have taken courses, you will know the names and how to use them.One that's a really advanced scanner and on my favorites is acunetix. It has many features for your use: https://www.acunetix.comAnother to look at is: Qualys.com/ It's very good, super easy to use and will give you what you search for.Finish your courses on Cybrary so you'll also know tools like Nikto and all that. Thanks!If you have any questions, you can always PM me. I'll be available all the time, whether it might be about this, my other contributions or anything else.