Backend_Technology_Tips

.NET

Information Gathering

  • Cookie (ASP.NET_SessionId, ASPXAUTH)

  • Server Headers

  • ViewState

  • Response Header (X-Powerded-By, X-AspNet-Version)

  • Error Messages

Vulnerabilities

  • Low Hanging Fruits

  • Server Information Disclosure

  • Lack of Security Headers

  • IIS Default Page Disclosure

  • Improper Error Handling

  • ASP.NET Debugging Enabled

  • Directory Listing

  • ASP.NET ViewState Vulnerabilities

Improper Error Handling - .NET

ASP.NET Debugging Enabled - .NET

Server Information Disclosure - .NET

IIS Default Page Disclosure - .NET

ASP.NET ViewState Vulnerabilities

  • MAC Disabled

  • MAC Enabled (encryption key via brute-force)

  • Web config file

Node.js

Information Gathering

  • Cookie (connect.sid)

  • Server Headers

  • Response Header (X-Powerded-By)

Vulnerabilities

SQL Injection - Node.js:

XSS - Node.js

Improper Authentication and Authorization – Node.js

IDOR - Node.js

Java

Information Gathering

  • Cookie (JSESSIONID)

  • Server Headers (Tomcat, WebLogic, JBoss)

  • Endpoints (JSP)

  • Response Header (X-Powerded-By:Servlet)

  • Error Messages

PreviousWeb_ReconNextXSS

Last updated