Hello Folks, In this blog post series, we will discover APIs’ vulnerabilities. Nowadays, APIs are used in all types of web applications and hence it is important to protect the data that can be accessed and modified by exploiting API vulnerabilities. Over here, we will understand Mass Assignment and how to identify and exploit its […]
PortSwigger- Exploiting a mass assignment vulnerability Read More »
Hello Folks, All web applications use an Application Programming Interface (API) which is also vulnerable if exploited by an attacker. So as a penetration tester, we should know how to identify and exploit these API-related vulnerabilities. In this blog, we will understand the complete process which starts from identifying API endpoints, supported HTTP methods, and
PortSwigger- Finding and exploiting an unused API endpoint Read More »
Hello Folks, This blog will focus on API Testing where we will learn about APIs and their vulnerabilities using PortSwigger platform. All website consists of the API and it is very important to make them secure. In this blog post, we will explore the vulnerabilities using API documentation. Let’s understand about API in detail and then
PortSwigger- Exploiting an API endpoint using documentation Read More »
This lab focuses on the identification and exploitation of HTTP Host header vulnerability. We will understand this vulnerability and then see how we can perform password reset poisoning via middlewareLet’s open this lab on PortSwigger and read the lab description. This lab requires Burp Suite community edition.
PortSwigger- Password Reset Poisoning Via Middleware Read More »
Hello Folks, This blog focuses on HTTP Host Header vulnerability. We will cover the basics of the HTTP Host header and then we will see a practical implementation of identifying this vulnerability using the PortSwigger platform. In this blog, we will solve the “Basic password reset poisoning” lab under Password Reset Poisoning. So, let’s begin
PortSwigger- Basic Password Reset Poisoning Read More »
Hello folks, In this blog post, we will explore some other techniques to identify and exploit SQL Injection vulnerabilities. We will use PortSwigger’s platform to understand it. We have covered Union-based SQL Injection and Blind-based SQL Injection in our previous blogs. You can explore them. Lab-1 SQL injection vulnerability in WHERE clause allowing retrieval of
PortSwigger- Exploiting Other Categories in SQL Injection Read More »
In this blog post, we’ll explore the Blind SQL Injection vulnerability by inducing time delays and utilizing out-of-band requests to gain a deeper understanding. Here, we will utilize the PortSwigger platform to explore this vulnerability.
PortSwigger- Blind SQL Injection-II Read More »
In this blog, we will understand one of the most identifiable and difficult types of SQL Injection vulnerability. It is Blind SQL Injection. We will learn about the same using PortSwigger platform. Let’s begin the blog and understand the meaning of blind SQL injection vulnerability. Blind SQL injection vulnerabilities are those where we send a malicious SQL query to the server but we don’t receive any direct output in the response.
PortSwigger- Blind-Based SQL Injection- I Read More »
Hello folks, This blog will be based on Examining the Database using Union-based SQL Injection vulnerabilities. We will understand how we can get the database version and information related to tables and columns present in the database. We will explore the same on the PortSwigger platform. We have discussed the basics of Union-based SQL injection
PortSwigger- Examining the Database using Union-based SQL Injection Read More »
This blog delves into SQL Injection, a highly significant vulnerability. We’ll explore various types of SQL Injection and learn how to detect and leverage them through diverse methodologies. Specifically, we’ll focus on Union-based SQL injection utilizing the PortSwigger platform, renowned for its top-notch resources addressing web application vulnerabilities.
PortSwigger- Union-Based SQL Injection Read More »
