search
LinkedinTwitterMediumGithubHTB
githubEdit

Backend_Technology_Tricks

hashtag
.NET

hashtag
Information Gathering

  • Cookie (ASP.NET_SessionId, ASPXAUTH)

  • Server Headers

  • ViewState

  • Response Header (X-Powerded-By, X-AspNet-Version)

  • Error Messages

hashtag
Vulnerabilities

  • Low Hanging Fruits

  • Server Information Disclosure

  • Lack of Security Headers

  • IIS Default Page Disclosure

  • Improper Error Handling

  • ASP.NET Debugging Enabled

  • Directory Listing

  • ASP.NET ViewState Vulnerabilities

hashtag
Improper Error Handling - .NET

hashtag
ASP.NET Debugging Enabled - .NET

hashtag
Server Information Disclosure - .NET

hashtag
IIS Default Page Disclosure - .NET

hashtag
ASP.NET ViewState Vulnerabilities

  • MAC Disabled

  • MAC Enabled (encryption key via brute-force)

  • Web config file

hashtag
Node.js

hashtag
Information Gathering

  • Cookie (connect.sid)

  • Server Headers

  • Response Header (X-Powerded-By)

hashtag
Vulnerabilities

hashtag
SQL Injection - Node.js:

hashtag
XSS - Node.js

hashtag
Improper Authentication and Authorization – Node.js

hashtag
IDOR - Node.js

hashtag
Java

hashtag
Information Gathering

  • Cookie (JSESSIONID)

  • Server Headers (Tomcat, WebLogic, JBoss)

  • Endpoints (JSP)

  • Response Header (X-Powerded-By:Servlet)

  • Error Messages

PreviousATONextXSS

Last updated