In this crash course, I will be teaching you the methods I use to find path normalization vulnerabilities. I will be discussing why you should invest time in this bug class, and the tools to use, here is what will be on the agenda.
- Why should you choose this bug class?
- How does path normalization work?
- What are some real-life vulnerabilities?
- Automated testing at scale.
- Manual testing observing the patterns.
- Summary
Prerequisites
In order to understand this course, It’s required you have some basic understanding:
- Of programming languages
- Reverse proxies
- Understanding of HTTP
- You will also need to be able to perform recon on your targets with open-source tools or your own.
Enjoy, I hope you learn a thing or two.
Why should you choose this bug class?
Firstly, we're dealing with internal services that backend engineers have developed, so, from a hacker's perspective these are perfect targets if the threat actor's intention is to gain unauthorized access to Personal Identifiable Information (PII)…