Introduction to Modern Web Exploitation Techniques

This module explores three advanced web exploitation techniques: DNS Rebinding, Second-Order vulnerabilities, and WebSocket attacks.

It is recommended to have a good understanding of basic web vulnerabilities such as Cross-Site Scripting (XSS), SQL Injection (SQLi), and Insecure Direct Object References (IDORs) before tackling this module. A good start is the Web Attacks module.

Modern Web Exploitation Techniques

DNS Rebinding

DNS Rebinding is an advanced attack technique that relies on changes in the Domain Name System (DNS); it allows an attacker to bypass insufficient SSRF filters as well as the Same-Origin policy.

Second-Order Attacks

A second-order vulnerability, sometimes referred to as a second-order injection or delayed vulnerability, arises when malicious input supplied by a user does not immediately exploit a weakness at the initial point of input. Instead, this input is stored by the web application and remains latent until it is later retrieved, processed, or utilized elsewhere within the application's codebase. During this subsequent interaction or processing, the vulnerability manifests and potentially leads to security breaches. By their nature, second-order vulnerabilities are much harder to identify because the initial "first-order" injection point might not be vulnerable, potentially leading an attacker to the assumption that the web application is not vulnerable at all.

WebSocket Attacks

WebSockets enable bidirectional communication between WebSocket clients and servers, providing an alternative means of transmitting data compared to the traditional HTTP protocol. Common web vulnerabilities such as Cross-Site Scripting, and SQL Injection may arise depending on how a website integrates WebSockets.

Let's get started by discussing the first technique in the next section.