Thursday, 25 March 2021

VAPT

<meta http-equiv="Content-Security-Policy" content="default-src 'self' * 'unsafe-inline'; child-src *; object-src *; frame-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; font-src *">

 -----------

 void Application_PreSendRequestHeaders(object sender, EventArgs e)

    {

        HttpContext.Current.Response.Headers.Remove("Server");

        Response.Headers.Set("Server", "My httpd server");


        HttpContext.Current.Response.Headers.Remove("X-AspNet-Version");

        Response.Headers.Set("X-AspNet-Version", "XXX");


        HttpContext.Current.Response.Headers.Remove("X-AspNetMvc-Version");

        Response.Headers.Set("X-AspNetMvc-Version", "XXX");


        HttpContext.Current.Response.Headers.Remove("X-Powered-By");

        Response.Headers.Set("X-Powered-By", "XXX");  

    }



https://portswigger.net/research/exploiting-cors-misconfigurations-for-bitcoins-and-bounties

https://portswigger.net/web-security/cors


Access-Control-Allow-Origin: https://www.drreddys.com/

Access-Control-Allow-Credentials: true

-------------

Cookies HttpOnly 

<add name="strict-transport-security" value="max-age=31536000" />: 

<compilation debug="false" targetFramework="4.7.1" numRecompilesBeforeAppRestart="2000">

--------

<system.webServer>

    <httpProtocol>

      <customHeaders>

        <add name="Cache-Control" value="no-cache, no-store, must-revalidate, pre-check=0, post-check=0, max-age=0, s-maxage=0" />

        <add name="Pragma" value="no-cache" />

        <add name="Expires" value="0" />

<add name="X-Frame-Options" value="deny" />

<add name="X-content-type-options" value="nosniff" />

<add name="strict-transport-security" value="max-age=31536000" />

      </customHeaders>

    </httpProtocol>

    </system.webServer>


1. XPath injection                                     –Pramod -- done

5. Input returned in response (reflected)               –Pramod -- Done

6. Suspicious input transformation (reflected)     –Pramod –Done

7. Cross-domain Referer leakage                               -- Sudha --WIP



$("input[type='checkbox'][name='checkhlprof']:checked").length

$("input[type='checkbox'][name='checkhltermcond']:checked").length



1. XPath injection

WIP


2. SSL certificate

Nitin : please check the SSL certificate


3. Content type incorrectly stated

<add name="X-content-type-options" value="nosniff" />


4. Strict transport security not enforced

I have redirect from http to https 

  <rewrite>

   <rules>

      <rule name="HTTPS Rule behind AWS Elastic Load Balancer Rule" stopProcessing="true">

         <match url="^(.*)$" ignoreCase="false" />

         <conditions>

            <add input="{HTTP_X_FORWARDED_PROTO}" pattern="^http$" ignoreCase="false" />

         </conditions>

         <action type="Redirect" url="https://{SERVER_NAME}{URL}" redirectType="Found" />

      </rule>

   </rules>

</rewrite>



5. Input returned in response (reflected)

WIP



6. Suspicious input transformation (reflected)

Error page Default redirect ot error page thus response is showing "error page" by Umbraco CMS


9. Frameable response (potential Clickjacking)

<add name="X-Frame-Options" value="deny" />sameorigin


10. Cacheable HTTPS response

 <add name="Cache-Control" value="no-cache, no-store, must-revalidate, pre-check=0, post-check=0, max-age=0, s-maxage=0" />

        <add name="Pragma" value="no-cache" />

        <add name="Expires" value="0" />



7. Cross-domain Referer leakage

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css

https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js


8. Cross-domain script include

https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js


Posted by at No comments:

Thursday, 21 January 2021

RSS feed API read and show on your website

 private string ParseRssFile()

{
    XmlDocument rssXmlDoc = new XmlDocument();

    // Load the RSS file from the RSS URL
    rssXmlDoc.Load("http://feeds.feedburner.com/techulator/articles");

    // Parse the Items in the RSS file
    XmlNodeList rssNodes = rssXmlDoc.SelectNodes("rss/channel/item");

    StringBuilder rssContent = new StringBuilder();

    // Iterate through the items in the RSS file
    foreach (XmlNode rssNode in rssNodes)
    {
        XmlNode rssSubNode = rssNode.SelectSingleNode("title");
        string title = rssSubNode != null ? rssSubNode.InnerText : "";
                
        rssSubNode = rssNode.SelectSingleNode("link");
        string link = rssSubNode != null ? rssSubNode.InnerText : "";
                
        rssSubNode = rssNode.SelectSingleNode("description");
        string description = rssSubNode != null ? rssSubNode.InnerText : "";

        rssContent.Append("<a href='" + link + "'>" + title + "</a><br>" + description);
    }

    // Return the string that contain the RSS items
    return rssContent.ToString();
}
Posted by at No comments:
Subscribe to: Comments (Atom)