Skip to main content

Posts

Showing posts from November, 2019

How to Approach Web Application Vulnerability Assessment using Burp Community | Part - 1 | Audit Guidelines | High Impact Web Vulnerability

The blog basically covers how to check to web application vulnerability with Burp Community Edition. This blog will be very helpful while performing the web application security assessment manually. In this part of the blog, we will cover a few vulnerabilities with High impact severity. So here is the blog. HTTP PUT method is enabled Audit Guideline 1) Capture the base request in the burp community and send the request to the repeater. 2) Change the request method to PUT and set the path with a file name as /test/shell.php and send the request to the application server. 3) Observe the response if the server response with 201 Created response. Then the application is vulnerable. 4) Now upload the shellcode as shown below and BOOM. Happy RCEing. Note- If the PUT method is not allowed on base URL/request trying uploading on a different directory in the application.
Proof of Concept