Lab: Discovering vulnerabilities quickly with targeted scanning | Web Security Academy
Access the Lab, Turn on the Proxy, and Turn off your Intercept in Burpsuite
Now notice the Content list of HTTP history in the Proxy tab, you can see that there is a request /product/stockfrom that the Parameter ProductID is an endpoint to test.
Right-click on /product/stock→ Do Active Scan
Try to Change the Parameters to various values
The scanner found an Out-of-band resource load on /product/stock
It is possible to induce the application to retrieve the contents of an arbitrary external URL and return those contents in its own response.
<foo xmlns:xi="http://www.w3.org/2001/XInclude"><xi:include parse="text" href="file:///etc/passwd"/></foo>
Send the Request, Now you can able to view the /etc/passwd
Feel Free to Ask Queries via LinkedIn and to Buy me a Cofee : )
Thank you for Reading!!
Happy Hunting ~
Author: Karthikeyan Nagaraj ~ Cyberw1ng
Discovering vulnerabilities quickly with targeted scanning — Portswigger was originally published in InfoSec Write-ups on Medium, where people are continuing the conversation by highlighting and responding to this story.