This blog delves into SQL Injection, a highly significant vulnerability. We’ll explore various types of SQL Injection and learn how to detect and leverage them through diverse methodologies. Specifically, we’ll focus on Union-based SQL injection utilizing the PortSwigger platform, renowned for its top-notch resources addressing web application vulnerabilities.
PortSwigger- Union-Based SQL Injection Read More »
This blog offers a step-by-step guide for navigating through the recently introduced machine, “Clocky,” on TryHackMe. Classified as a Medium-level challenge, it aims to familiarize you with the process of detecting misconfigurations on Linux-based web servers using an array of penetration testing tools and methods. Let’s dive in promptly and commence the penetration procedure.
This blog delves into the advanced realm of Broken Access Control vulnerability, emphasizing Insecure Direct Object References and Multi-step processes lacking access control in a single step. Both vulnerabilities will undergo comprehensive examination through practical labs.
PortSwigger- Broken Access Control | Advanced Read More »
This blog delves into the recognition and utilization of “Horizontal Privilege Escalation,” a form of Broken Access Control vulnerability. Horizontal access controls are systems designed to limit access to resources to particular users. Through horizontal access controls, diverse users gain access to a subset of resources of a similar kind. If you’re interested in learning more about Broken Access Control, including another type known as vertical privilege escalation, check out our previous blog post titled “Vertical Access Control.”
PortSwigger- Broken Access Control | Horizontal Privilege Escalation Read More »
Hello folks, This blog focuses on the identification and exploitation of Broken Access Control vulnerability. We will be providing a detailed walkthrough of PortSwigger’s labs which you can access on the PortSwigger. We will be providing a detailed writeup covering this vulnerability in three categories. So in this blog, we will be covering the first
PortSwigger- Broken Access Control | Vertical Privilege Escalation Read More »
Explore the ‘Headless’ machine challenge on HackTheBox, ideal for beginners eager to hone Linux system penetration skills. Gain valuable experience and assessment in conducting penetration tests on Linux servers. Dive into this beginner-friendly challenge for a rewarding learning journey.
HackTheBox- Headless Read More »
This blog explores how to detect and take advantage of DOM-based Cross-site Scripting (XSS) vulnerabilities found in websites that utilize third-party dependencies. It also analyzes these vulnerabilities in relation to reflected and stored XSS scenarios. Practical exercises will be carried out using the PortSwigger platform.
PortSwigger- Advanced DOM-based XSS Read More »
This blog centers on the identification and exploitation of DOM-based Cross-site Scripting (XSS) vulnerabilities present on websites. We’ll be honing our skills in detecting and leveraging these vulnerabilities using the PortSwigger platform.
PortSwigger- DOM-Based XSS Read More »
This blog emphasizes the identification and exploitation of Cross-site Scripting (XSS) vulnerabilities present on websites, specifically targeting two out of three types: Reflected XSS and Stored XSS. We will be actively practicing these vulnerabilities using the PortSwigger platform.
PortSwigger- Reflected & Stored Cross-site Scripting Read More »
In this blog, we’re focusing on the ‘Bizness’ machine, an entry-level challenge featured on the ‘HackTheBox’ platform. It’s designed to provide a great learning opportunity for those interested in Linux system infiltration. This challenge serves as a starting point to assess your proficiency in Linux server penetration testing.
HackTheBox- Bizness Read More »
