Demoblaze Data
Demoblaze Data
com/
Steps:
1. Run SSL Scan of the target.
2. Assess the results of the scan to identify potential vulnerabilities.
Other Vulnerabilities:
- Clickjacking
Steps:
1. Write a HTML code to load the target website in iframe.
2. SAve the code as .html and open the file.
3. The target website will be opened in an iframe.
- User Enumeration
1. On the target website, click on login.
2. Enter correct username and incorrect password, Message will be displayed as Wrong
Password.
3. Enter Incorrect Username and any password, Message will be displayed as User does
not exist.
- Brute Force Possible on Login
1. On the target website, click on login.
2. Enter the correct username and any password.
3. Click on login and capture request in Intruder
4. Provide 10 payloads and run the attack
5. Notice, No prevention is implemented and users can execute multiple login requests.
6. It can also be assessed manually if usage of tool is prohibited or can affect the target
environment.
- Missing Strict Transport Security
1. Assess the Target Website headers using securityheaders.com OR Manually using the
Network tab under Inspect Element.