Security Misconfigurations

Check:

Default credentials
- admin:admin, root:root
- Check documentation for defaults
Directory listing
- Check if /uploads/, /files/, /backup/ are browsable
Exposed sensitive files
- /.env, /config.php, /web.config
- /.git/ (download with git-dumper)
- /backup.zip, /db.sql
- /.aws/credentials
Debug mode enabled
- Stack traces exposed
- Verbose error messages
Missing security headers
- X-Frame-Options (Clickjacking)
- X-Content-Type-Options
- Strict-Transport-Security
- Content-Security-Policy
CORS misconfiguration
- Reflected Origin header
- Wildcard with credentials

Tools

# Security headers check
curl -I https://target.com

# CORS check
curl -H "Origin: https://evil.com" -I https://target.com/api/endpoint

# Git exposure
git-dumper https://target.com/.git/ ./git_dump

PreviousFIle Upload Vulnerabilities NextMobile Penetration Testing

Last updated 2 months ago

hashtagTools

Tools