In this blog post series, we will discover APIs’ vulnerabilities. Nowadays, APIs are used in all types of web applications and hence it is important to protect the data that can be accessed and modified by exploiting API vulnerabilities. Over here, we will understand Mass Assignment and how to identify and exploit its vulnerabilities.
PortSwigger- Exploiting a Mass Assignment Vulnerability Read More »
All web applications use an Application Programming Interface (API) which is also vulnerable if exploited by an attacker. So as a penetration tester, we should know how to identify and exploit these API-related vulnerabilities. In this blog, we will understand the complete process which starts from identifying API endpoints, supported HTTP methods, and content types.
PortSwigger- Finding And Exploiting An Unused API Endpoint Read More »
This blog will focus on API Testing where we will learn about APIs and their vulnerabilities using PortSwigger platform. All website consists of the API and it is very important to make them secure. We will explore the vulnerabilities using API documentation.
PortSwigger- Exploiting An API Endpoint Using Documentation Read More »
This lab focuses on the identification and exploitation of HTTP Host header vulnerability. We will understand this vulnerability and then see how we can perform password reset poisoning via middlewareLet’s open this lab on PortSwigger and read the lab description. This lab requires Burp Suite community edition.
PortSwigger- Password Reset Poisoning Via Middleware Read More »
Hello Folks, This blog focuses on HTTP Host Header vulnerability. We will cover the basics of the HTTP Host header and then we will see a practical implementation of identifying this vulnerability using the PortSwigger platform. In this blog, we will solve the “Basic password reset poisoning” lab under Password Reset Poisoning. So, let’s begin
PortSwigger- Basic Password Reset Poisoning Read More »
Hello Folks, In this blog, we are going to solve a challenge that will test our client-side exploitation skills. The name of this challenge is “Whats Your Name?” and it is available on the TryHackMe platform. This CTF is only available to TryHackMe subscribers. We will be exploring some web application vulnerabilities like Cross-site Scripting
TryHackMe- Whats Your Name? Read More »
Hello Folks, In this blog, we are going to discuss as well as solve another easy machine of the HackTheBox platform named “BoardLight”. This machine is based on the Linux operating system and will help us understand how important it is to update the applications running on servers. Let’s begin the penetration testing process. You
HackTheBox- BoardLight Read More »
Hello folks, In this blog post, we will explore some other techniques to identify and exploit SQL Injection vulnerabilities. We will use PortSwigger’s platform to understand it. We have covered Union-based SQL Injection and Blind-based SQL Injection in our previous blogs. You can explore them. Lab-1 SQL injection vulnerability in WHERE clause allowing retrieval of
PortSwigger- Exploiting Other Categories in SQL Injection Read More »
In this blog post, we’ll explore the Blind SQL Injection vulnerability by inducing time delays and utilizing out-of-band requests to gain a deeper understanding. Here, we will utilize the PortSwigger platform to explore this vulnerability.
PortSwigger- Blind SQL Injection-II Read More »
In this blog, we will understand one of the most identifiable and difficult types of SQL Injection vulnerability. It is Blind SQL Injection. We will learn about the same using PortSwigger platform. Let’s begin the blog and understand the meaning of blind SQL injection vulnerability. Blind SQL injection vulnerabilities are those where we send a malicious SQL query to the server but we don’t receive any direct output in the response.
PortSwigger- Blind-Based SQL Injection- I Read More »
