Skip to main content


Showing posts with the label Web Security using Burp Community

How to Approach Web Application Vulnerability Assessment using Burp Community | Part - 1 | Audit Guidelines | High Impact Web Vulnerability

The blog basically covers how to check to web application vulnerability with Burp Community Edition. This blog will be very helpful while performing the web application security assessment manually. In this part of the blog, we will cover a few vulnerabilities with High impact severity. So here is the blog. HTTP PUT method is enabled Audit Guideline 1) Capture the base request in the burp community and send the request to the repeater. 2) Change the request method to PUT and set the path with a file name as /test/shell.php and send the request to the application server. 3) Observe the response if the server response with 201 Created response. Then the application is vulnerable. 4) Now upload the shellcode as shown below and BOOM. Happy RCEing. Note- If the PUT method is not allowed on base URL/request trying uploading on a different directory in the application.
Proof of Concept