Tactics, Techniques, and Procedures
Personal BlogTwitterGitHubContact
  • Tactics, Techniques, and Procedures
  • ☠️Pentesting
    • Fortress
      • Automation
      • Cisco
        • Cisco Adaptive Security Appliance
        • Cisco Smart Install
      • CMS
        • Drupal
        • Wordpress
      • Exchange
      • Office365
      • Okta
      • Outlook Web Access (OWA)
      • SSH
      • Subdomain Takeover
    • Infrastructure
      • Active Directory
        • AD CS
        • Coercing Authentication
        • Credential Dumping
          • Cached Domain Credentials
          • Data Protection API (DPAPI)
          • Group Policy Preferences
          • LSA Secrets
          • LSASS Memory
          • NTDS
          • Security Account Manager (SAM)
          • Kerberos Tickets
          • Unsecured Credentials
          • WDigest
          • WiFi Profiles
        • Delegation Abuse
          • Constrained Delegation
          • Unconstrained Delegation
        • Domain Enumeration
        • Domain Dominance
          • Forge Golden Ticket
          • Forge Silver Ticket
          • Forge Trust Ticket
          • Skeleton Key
        • Group Policy Preferences
        • Kerberos
          • AS-REP Roasting
          • Kerberoasting
          • Kerberos Relaying
        • Lateral Movement
          • PowerShell
          • Windows Remote Management (WinRM)
        • Local Administrator Password Solution (LAPS)
        • NoPac
        • NTLMv1
        • Password Cracking
        • Password Policy
        • Password Spraying
        • Reconnaissance
        • Relaying
          • LDAP Relaying
          • SMB Relaying
        • Shadow Credentials
        • Zerologon
      • Database Management System (DBMS)
        • Microsoft SQL Server
      • Defense Evasion
        • Disable or Modify Tools
        • Disable Windows Event Logging
        • Impair Command History Logging
        • Timestomping
      • Low-Hanging Fruit
      • Networks
        • IPv6
        • LLMNR/NBT-NS Poisoning
        • Network Scanning
        • Network Sniffing
        • Segmentation Testing
        • Simple Network Management Protocol (SNMP)
        • Subnet Enumeration
        • Identifying Domain Information
      • Persistence
        • Create Account
        • Remote Desktop
        • Services
          • Service Privilege Escalation / Persistence
          • Systemd Service Persistence
        • Web Shell
        • DLL Hijacking
      • Pivoting
      • Privilege Escalation
        • Linux
          • Setuid and Setgid
        • Windows
          • Privilege Abuse
            • SeImpersonatePrivilege
            • SeLoadDriverPrivilege
          • Service Exploitation
    • Initial Access
      • Phishing
        • Creating Templates
          • Leveraging AI During Template Creation
        • Payloads
          • Non-malicious Callback
          • Macros
    • OSINT
      • Identifying Users
      • Network Information
      • Search Engines
    • Web Applications
      • Access Control
      • APIs
        • Swagger API
      • Authentication
        • Account Takeover
      • Clickjacking
      • Cross Origin Resource Sharing (CORS)
      • Cross Site Request Forgery (CSRF)
      • Document Object Model (DOM)
      • File Upload
      • Google Dorking
      • GraphQL
      • HTTP Request Smuggling
      • Information Disclosure
      • Insecure Direct Object Reference (IDOR)
      • Injection Vulnerabilities
        • Cross-Site Scripting (XSS)
          • Blind Cross-Site Scripting
          • Finding Cross-Site Scripting
          • Stealing Cookies
          • XSS Payloads
        • CSV Injection
        • XML External Entity Injection (XXE)
        • LDAP Injection
        • NoSQL Injection
        • Server-Side Template Injection
        • SQL Injection
      • JSON Web Tokens (JWT)
      • Local File Inclusion (LFI)
      • OAuth
      • Open Redirection
      • Password Reset Poisoning
      • Prototype Pollution
      • Race Condition
      • Rate Limit Bypass
      • Remote Code Execution (RCE)
      • Remote File Inclusion (RFI)
      • Suspicious Parameters
      • Tooling
        • Burp Suite
          • Authentication / Proxy Issues
          • Intruder Attack Types
          • Match and Replace
          • Quality of Life
        • Misc Tooling
      • WAF Bypasses
      • WebSockets
      • Web Cache Deception
      • Web Cache Poisoning
    • Wireless
      • WPA / WPA2
        • Alfa Troubleshooting
        • Enterprise
        • Personal
    • Cloud
      • Amazon Web Services (AWS)
      • Microsoft Azure
  • 🧨Red Teaming
    • C2
      • Cobalt Strike
      • Empire
      • Metasploit
        • Metasploit Datatabase
      • Mythic
      • Sliver
    • Malware Dev
    • Offensive Infrastructure
      • Cloud Fronting
      • Redirectors
      • OpSec
      • Phishing Infrastructure
      • Creating a Dropbox
    • Offensive Tactics
    • Philosophy
  • 🦋Bug Bounty
    • Bug Bounty Tips & Tricks
  • 📖Resources
    • Blog Posts and Goodies
    • Checklists
    • Offensive Security Notes
    • Tooling Repository
    • Active Directory Toolkit
Powered by GitBook
On this page
  • Cross Site Scripting
  • Server-Side Template Injection
  • Server-Side Request Forgery
  • SQL Injection
  • Open Redirect
  • IDOR
  • File Inclusion
  • Debug
  • Command Injection
  • Resources
  1. Pentesting
  2. Web Applications

Suspicious Parameters

At DEFCON 31, JHaddix and Gunnar presented a talk titled SusParams which uncovered research on parameters which are often vulnerable to common vulnerabilities such as SQLi, SSRF, LFI, etc. This page simply breaks down the parameters observed for reference.

Cross Site Scripting

path
admin
class
atb
redirect_uri
other
utm_source
host
currency
dir
title
endpoint
return_url
users
cookie
state
callback
militarybranch
href
e
referer
password
author
body
status
utm_campaign
value
text
search
x-forwarded-host
a
flaw
vote
pathname
user
t
utm_medium
q
onclick
email
what
file
onignoretag
__proto__
data-original
description
subject
action
u
nickname
color
language_id
auth
samlresponse
return
onmouseover
readyfunction
where
tags
cvo_sid
target
format
back
term
r
id
url
view
username
sequel
type
city
src
p
label
ctx
style
html
ad_type
onerror
s
issues
query
c
shop
redirect

Server-Side Template Injection

preview
activity
id
name
content
view
template
redirect

Server-Side Request Forgery

start
path
domain
source
url
site
view
template
page
show
val
dest
metadata
out
feed
navigation
image_host
uri
next
continue
host
window
dir
reference
filename
html
to
return
open
port
stop
validate
resturl
callback
name
data
ip
redirect

SQL Injection

process
string
id
referer
password
pwd
field
view
sleep
column
log
token
sel
select
sort
from
search
update
pub_group_id
row
results
role
table
multi_layer_map_list
order
filter
user
fetch
limit
keyword
email
query
c
name
where
number
phone_number
delete
report

Open Redirect

u
redirect_uri
failed
r
referer
return_url
redirect_url
prejoin_data
x-forwarded-host
continue
redir
return_to
origin
redirect_to
next
host

IDOR

count
key
user
id
extended_data
uid2
group
team_id
data-id
no
username
email
account
doc
uuid
profile
number
user_id
edit
report
order

File Inclusion

root
directory
path
style
folder
default-language
url
platform
textdomain
document
template
pg
php_path
doc
type
lang
token
name
pdf
file
etc
api
app
resource-type

Debug

test
reset
config
shell
admin
exec
load
cfg
dbg
edit
root
create
access
disable
alter
make
grant
adm
toggle
execute
clone
delete
enable
rename
debug
modify

Command Injection

execute
dir
daemon
cli
log
cmd
download
ip
execute
dir
daemon
cli
log
cmd
download
ip
upload

Resources

PreviousRemote File Inclusion (RFI)NextTooling

Last updated 1 year ago

☠️
LogoSusParams: Hypercharge your web testing with DATA | AppSecVillage
LogoGitHub - g0ldencybersec/sus_paramsGitHub