Won't Fix!!!

Before you start reading this post, let me tell you all the tips are collected from twitter (few mine 😓) where awesome community folks share their knowledge and experience. I tried to mention every single twitter handle from where I refer the tips, in case your name missed out please reach out to me. 😉 Authentication # Access control vulnerabilities with blocked access can be bypassed by adding the X-Original-URL header. POST /admin/deleteUser HTTP/1.1 -> 403 POST / HTTP/1.1  X-Original-URL: /admin/deleteUser -> 200OK  Bypass Success! # Accessing the Admin Panel https://target.com/admin/ - 302 https://target.com/admin..;/ - 200 IDOR #Suppose you find endpoint  GET /api_v1/messages?user_id=Your_user_id Try "GET /api v1/messages?user_id=Another_user_id" "GET /api_v1/messages?user_id=Your_user_id&user_id=another_user_id" "GET /api_v1/messages?user_id=another_user_id&user_id=Your_user_id" CORS # CORS Protection RegEx Bypass If the target only a...

Checkpoints: 1. Older APIs versions tend to be more vulnerable and they lack security mechanisms. Leverage the predictable nature of REST APIs to find old versions. Saw a call to 'api/v3/login'? Check if 'api/v1/login' exists as well. It might be more vulnerable. 2. Never assume there’s only one way to authenticate to an API! Modern apps have many API endpoints for AuthN: `/api/mobile/login` | `/api/v3/login` | `/api/magic_link`; etc. Find and test all of them for AuthN problems. 3. Remember how SQL Injections used to be extremely common 5-10 years ago, and you could break into almost every company? BOLA (IDOR) is the new epidemic of API security. 4. Testing a Ruby on Rails App & noticed an HTTP parameter containing a URL? Developers sometimes use "Kernel#open" function to access URLs == Game Over. Just send a pipe as the first character and then a shell command (Command Injection by design) Reference Link: https://apidock.com/ruby/Kernel/open 5. Found SSR...