Vulnerability discovery - API interface service vulnerability probe type utilization and repair

Test ideas

 Information collection and information utilization 
 First step ： First, identify whether the website has cdn,waf Products such as , If there is, it will be bypassed .
 The second step ： Scan the port information collected from the website , real ip Address ,ip Bound other domain names .
 The third step ： Website sensitive path scanning 
 Step four ： domain name + Port sensitive information scanning 
 Step five ：ip+ Port sensitive directory scanning 

 remarks ： Dictionaries should not be just sensitive paths , There should also be backup files  zip rar tar tar.gz Etc 

 Port service class security test 
 According to the previous information collected for the target port service class probe after the security test , It's mainly about attack methods ： password security ,WEB
 Class vulnerability , Version vulnerability, etc , The harm can be great or small . Belongs to port service / Third party service security testing surface . Generally in 
 The security test scheme selected in the case of known applications without ideas .

API  Interface -WebServiceRESTful API
https://xz.aliyun.com/t/2412
 According to the functional direction of the application itself , The safety test objectives need to have  API  Interface calls can be used for such tests , Mainly involved in safety 
 The whole question ： Self safety , coordination  WEB, Business logic, etc , The harm can be great or small , Belongs to the application  API  Interface network service 
 Service test surface , Generally, it is also a test scheme in the case of interface call .


WSDL（ Network service description language ,Web Services Description Language） It's based on  XML  Language , Used to describe 
Web Services  And how to access them .

 Vulnerability keywords ：
 coordination  shodan,fofa,zoomeye  Search is also good ~
inurl:jws?wsdl
inurl:asmx?wsdl
inurl:aspx?wsdl
inurl:ascx?wsdl
inurl:ashx?wsdl
inurl:dll?wsdl
inurl:exe?wsdl
inurl:php?wsdl
inurl:pl?wsdl
inurl:?wsdl
filetype:wsdl wsdl
http://testaspnet.vulnweb.com/acuservice/service.asmx?WSDL

Domain information collection

1. Subdomain collection
2. Search the other party's domain name through the domain name registration platform , View the registered domain name related to the target domain name （ These domain names have different suffixes , But usually the same person registers ）
3. Search the keyword of the target website through the browser

4. Domain name access and IP visit , The directory may be different ：
When collecting, you should not only scan the directory under the domain name , You have to scan ip Under address .

Goby Port scanning （ give an example ）

Find out 4848 port . It can also be used. Nmap.

Baidu's corresponding service vulnerabilities

Super weak password detection tool

https://github.com/shack2/SNETCracker/releases

WSDL

WSDL（ Network service description language ,Web Services Description Language） It's based on XML Language , Used to describe Web Services And how to access them .（ Mainly used for interface ）

API The interface test
https://xz.aliyun.com/t/2412

AWVS scanning

The scanned results exist SQL Inject holes

Copy the packet , stay sqlmap The installation directory , Create a new document
Copy the packet into .
But pay attention to awvs The test statement of is deleted .
Write any parameter here , Add after *, tell sqlmap To test here

sqlmap To test

Inject success