OFFSEC Wiki

Exploits related to Web

Method

HTTP Rate Limit Bypass
Virtual Hosts (VHOSTS) Enumeration
WAF (Web Application Firewall) Detection
Web Basic Pentesting
Web Content Discovery
Web Login Bypass
Web Registration Attack
Web Server Security Misconfiguration

Security Risk

Blind XXE
Broken Access Control
Business Logic Attack
CORS (Cross-Origin Resource Sharing) Attack
CRLF (Carriage Return Line Feed) Injection
CSRF (Cross-Site Request Forgery)
Client-Side JavaScript Validation Bypass
DOM Cloberring
Directory (Path) Traversal
File Inclusion (LFI/RFI)
File Upload Attack
File Upload Attack on Exiftool
File Upload Attack on ImageMagick
HTTP Request Smuggling
Host Header Attack
IDOR (Insecure Direct Object References) Attack
Insecure Deserialization
JSON.NET Deserialization
LaTeX Injection
NoSQL Injection
Node.js Deserialization Attack
OAuth Attack
OS Command Injection
Open Redirect
PHP Filters Chain
PHP Object Injection
Prototype Pollution in Client-Side
Prototype Pollution in Server-Side
Redis SSRF
SQL Injection
SQL Injection Cheat Sheet
SQL Injection with Sqlmap
SSRF (Server-Side Request Forgery)
SSTI (Server-Side Template Injection)
Web Cache Poisoning
Web Race Condition Attack
XSS (Cross-Site Scripting)
XSS with Dynamic PDF
XST (Cross-Site Tracing)
XXE (XML External Entity)
wkhtmltopdf SSRF

Cookie

Cookie Hijacking
Session Fixation

CMS

Bolt CMS Pentesting
CMS (Content Management System) Pentesting
Cockpit CMS Pentesting
Concrete CMS Pentesting
FUEL CMS Pentesting
Joomla CMS Pentesting
Mara CMS Pentesting
Subrion CMS Pentesting
TYPO3 Pentesting
WordPress Pentesting

Framework

AJP (Apache JServ Protocol) Pentesting
Angular Pentesting
Apache Struts Pentesting
Django Pentesting
Flask Jinja2 Pentesting
Python Pickle RCE
Ruby on Rails Pentesting
Spring Cloud Function RCE
Spring Pentesting
Tornado Pentesting
Werkzeug Pentesting

Template Engine

JsRender Template Injection
Pug Pentesting

API

API Pentesting
GraphQL Pentesting

Cloud

AWS (Amazon Web Services) Pentesting
Spring Cloud Function RCE

Microsoft

Microsoft Exchange Server Pentesting

Tool

Add Custom HTTP Headers in Burp Suite
Automate Sequence Requests with Burp Intruder
File Upload Attack on Exiftool
How to Use OWASP ZAP
Integrate Burp Request and SQLmap
SOCKS Proxy in Burp Suite
Turbo Intruder in Burp Suite

Others

Apache ActiveMQ Pentesting
Apache Tomcat Pentesting
Apache Zeppelin Pentesting
Atlassian Confluence Pentesting
Bookmarklet Attack
Broken Link Hijacking
Browser in the Browser (BITB) Attack
CGI Pentesting
Cacti Pentesting
ClipBucket Pentesting
Code Deobfuscation
Codiad Pentesting
Dompdf RCE
Dump Git Repository from Website
Extract Web Browser Passwords
GhostScript Pentesting
Grafana Pentesting
HTML Smuggling
HashiCorp Consul Pentesting
Icinga Web Pentesting
JBOSS Pentesting
JWT (Json Web Token) Pentesting
Java RMI Pentesting
Jenkins Pentesting
LimeSurvey Pentesting
Log4j Pentesting
OOB (Out of Band) Attack
OpenCATS Pentesting
PHP Srand Time Abusing
PHP hash_hmac Bypass
Restaurant Management System (RMS) Pentesting
TeamCity Pentesting
Tiny File Manager Pentesting
Web Browser Settings for Pentesting
Web PHP Pentesting
WebAnno Pentesting
WebDAV Pentesting
WebSocket Pentesting
Webmin Pentesting

LimeSurvey Pentesting

Last modified: 2023-03-30

Web

LimeSurvey is a statistical servey web app written in PHP based on MySQL, SQLite, PostgreSQL or MSSQL database.

Default Credentials

admin:password

Remote Code Execution (RCE) version < 3.16

Reference: https://www.exploit-db.com/exploits/46634

Tools by Muhammd

RedTeam Repos

Automatic PenTest Scripts

AutoRecon

Auto reconnaissance CLI.

PenTest Tools

PenTest Tools

Disclaimer Privacy Policy
GitHub Twitter