aspx endpoints are not something that you’d see on a wordpress website. This was a bit strange because the website was running on Wordpress and pages with. Moving over to the robots.txt file, I saw a disallowed endpoint, namely /index.aspx. The target website itself was quite limited in functionality and therefore, I wasn’t able to find anything of use.
After spending a good amount of time I analyzed the sitemap that Burpsuite generated to inspect the endpoints manually. Always do it with Burpsuite Proxy in the background with passive scanning extensions enabled. Discoveryĭuring the content discovery phase, I was trying to gather as many endpoints as possible. I promise!įor the unknown, a WAF (Web Application Firewall) is a firewall which is used to protect web applications from common attacks such as SQL injection, Cross-Site Scripting (XSS), etc., by filtering out malicious traffic. If you’re into bugbounty, it will help you in creating a mindset to create payloads that can bypass WAFs. This time, I’ll be sharing how I bypassed Amazon WAF to get XSS on the target. Hey everyone, its been a while since I published anything.
0 kommentar(er)
