Web penetration discussion

[tkboom]

Let's discuss a question.
The website uses a relay site (CDN) to connect to the main website (server) through an API.
What is its security level: low, medium, or high?
Can general SQL and other technologies have the effect of accessing the backend?
I would be grateful to get your feedback

 

[dunkel]

medium
1) you can find out real host ip behind cdn
2)there are many ways to bypass cdn via various encoders and tricks
example https://www.carblock.io/dist/..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd

Same with other payloads like db queries. Try using encoders and tampers

 

[n0_mad]

Let's discuss a question.
The website uses a relay site (CDN) to connect to the main website (server) through an API.
What is its security level: low, medium, or high?
Can general SQL and other technologies have the effect of accessing the backend?
I would be grateful to get your feedback

From my POV, it's fine if an API is secured right. SQL-injections can be used if the API doesn't validate incoming data, also cached old data is a vulnerability if the CDN holds it. There is quite a lot of issues I think of if the API is shit.

 

[tkboom]

medium
1) you can find out real host ip behind cdn
2)there are many ways to bypass cdn via various encoders and tricks
example https://www.carblock.io/dist/..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd
Посмотреть вложение 101412
Same with other payloads like db queries. Try using encoders and tampers

Thank you for your reply! I will try to verify it

 

[tkboom]

From my POV, it's fine if an API is secured right. SQL-injections can be used if the API doesn't validate incoming data, also cached old data is a vulnerability if the CDN holds it. There is quite a lot of issues I think of if the API is shit.

It is currently impossible to determine the quality of the API

 

[tkboom]

This topic is still ongoing, please reply if you are interested.