Web Application Security Assessment using Burp Community Edition | Part - 2 | Audit Guidelines | High Impact Web Vulnerability

The blog [Part-2] basically covers how to check the web application vulnerability with Burp Community Edition. This blog will be very helpful while performing the web application security assessment( VAPT) manually. In this part of the blog, we will cover a few vulnerabilities with High impact severity. So here is the blog.

 

IP Spoofing (Bypass Whitelisting)

Audit Guideline

1. Try to access the application from any network except the whitelisted one.
2. Capture the base request in the burp community and send the request to the repeater.
3. Add X-Forwarded-For in the request and the IP that has whitelisted for application access.
4. Observe the application will response normally. Hence,bypassed the whitelisting to access the application.

Proof of Concept

Request without X-Forwarded-For Header

Request with X-Forwarded-For Header

 

Account Takeover via Forgot Password — A Practical Attack Scenario of Host Header Injection

Audit Guideline

1. Capture the change password request in the burp community and send the request to the repeater.
2. Add one more Host Header with custom domain as value in the request and send the request.
3. Observe the victim will get the password reset mail having link with custom domain and the token. Once the victim click on the link, the attacker will get the link token in his web logs.

Proof of Concept

Original Reset Password link mail

Modified reset link request

Reset password link mail with attacker provided domain