![]() aspx endpoints are not something that you’d see on a wordpress website. This was a bit strange because the website was running on Wordpress and pages with. Moving over to the robots.txt file, I saw a disallowed endpoint, namely /index.aspx. The target website itself was quite limited in functionality and therefore, I wasn’t able to find anything of use. ![]() After spending a good amount of time I analyzed the sitemap that Burpsuite generated to inspect the endpoints manually. Always do it with Burpsuite Proxy in the background with passive scanning extensions enabled. Discoveryĭuring the content discovery phase, I was trying to gather as many endpoints as possible. I promise!įor the unknown, a WAF (Web Application Firewall) is a firewall which is used to protect web applications from common attacks such as SQL injection, Cross-Site Scripting (XSS), etc., by filtering out malicious traffic. ![]() If you’re into bugbounty, it will help you in creating a mindset to create payloads that can bypass WAFs. ![]() This time, I’ll be sharing how I bypassed Amazon WAF to get XSS on the target. Hey everyone, its been a while since I published anything. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |