Methodoloy
Try Identifying extension used
Extension | Tests |
---|---|
jsf | [[Web Applications testing/Attacks/Expression Language Injection]] |
jsp | [[Web Applications testing/Attacks/Expression Language Injection]] |
shtml | [[Web Applications testing/Attacks/Server Side Include]] |
shtml | [[Web Applications testing/Attacks/Server Side Include]] |
stm | [[Web Applications testing/Attacks/Server Side Include]] |
Reflected Value?
Try [[Web Applications testing/Attacks/SSTI]] [[Web Applications testing/Attacks/XSLT Engines]] [[Web Applications testing/Attacks/Expression Language Injection]] [[Web Applications testing/Attacks/XSS]] [[Web Applications testing/Attacks/Server Side Include]] OS Command Injection