Hello Folks, This blog will focus on an advanced vulnerability called Web Cache Poisoning and dive deep into its concepts using PortSwigger’s platform. All big company websites have a web cache mechanism, which is essential for security. So, let’s begin by understanding this mechanism in detail, and then we will move forward and begin the […]
PortSwigger- Web Cache Poisoning With An Unkeyed Header Read More »
In this blog post series, we will discover APIs’ vulnerabilities. Nowadays, APIs are used in all types of web applications and hence it is important to protect the data that can be accessed and modified by exploiting API vulnerabilities. Over here, we will understand Mass Assignment and how to identify and exploit its vulnerabilities.
PortSwigger- Exploiting a Mass Assignment Vulnerability Read More »
All web applications use an Application Programming Interface (API) which is also vulnerable if exploited by an attacker. So as a penetration tester, we should know how to identify and exploit these API-related vulnerabilities. In this blog, we will understand the complete process which starts from identifying API endpoints, supported HTTP methods, and content types.
PortSwigger- Finding And Exploiting An Unused API Endpoint Read More »
This blog will focus on API Testing where we will learn about APIs and their vulnerabilities using PortSwigger platform. All website consists of the API and it is very important to make them secure. We will explore the vulnerabilities using API documentation.
PortSwigger- Exploiting An API Endpoint Using Documentation Read More »
In today’s digital age, numerous fraudulent schemes have developed. Traffic violations, similar to various aspects of online services, have turned into a means for scammers. Unscrupulous individuals trick non-guilty users into falling for a contemporary type of trickery called phishing. They are informed about alleged traffic violations through alerts and, once they click a link or download an application, the scammers use this opportunity to rob their bank accounts and disappear without a trace.
E-Challan Scam Alert! Read More »
This lab focuses on the identification and exploitation of HTTP Host header vulnerability. We will understand this vulnerability and then see how we can perform password reset poisoning via middlewareLet’s open this lab on PortSwigger and read the lab description. This lab requires Burp Suite community edition.
PortSwigger- Password Reset Poisoning Via Middleware Read More »
Hello Folks, This blog focuses on HTTP Host Header vulnerability. We will cover the basics of the HTTP Host header and then we will see a practical implementation of identifying this vulnerability using the PortSwigger platform. In this blog, we will solve the “Basic password reset poisoning” lab under Password Reset Poisoning. So, let’s begin
PortSwigger- Basic Password Reset Poisoning Read More »
Hello Folks, In this blog, we are going to solve a challenge that will test our client-side exploitation skills. The name of this challenge is “Whats Your Name?” and it is available on the TryHackMe platform. This CTF is only available to TryHackMe subscribers. We will be exploring some web application vulnerabilities like Cross-site Scripting
TryHackMe- Whats Your Name? Read More »
Hello Folks, In this blog, we are going to discuss as well as solve another easy machine of the HackTheBox platform named “BoardLight”. This machine is based on the Linux operating system and will help us understand how important it is to update the applications running on servers. Let’s begin the penetration testing process. You
HackTheBox- BoardLight Read More »
Hello folks, In this blog post, we will explore some other techniques to identify and exploit SQL Injection vulnerabilities. We will use PortSwigger’s platform to understand it. We have covered Union-based SQL Injection and Blind-based SQL Injection in our previous blogs. You can explore them. Lab-1 SQL injection vulnerability in WHERE clause allowing retrieval of
PortSwigger- Exploiting Other Categories in SQL Injection Read More »
