Write-ups

Examining the database using Union based SQL injection on PortSwigger

PortSwigger- Examining the Database using Union-based SQL Injection

Hello folks, This blog will be based on Examining the Database using Union-based SQL Injection vulnerabilities. We will understand how we can get the database version and information related to tables and columns present in the database. We will explore the same on the PortSwigger platform. We have discussed the basics of Union-based SQL injection […]

PortSwigger- Examining the Database using Union-based SQL Injection Read More »

Union based SQL Injection on Portswigger

PortSwigger- Union-Based SQL Injection

Write-ups, PortSwigger

This blog delves into SQL Injection, a highly significant vulnerability. We’ll explore various types of SQL Injection and learn how to detect and leverage them through diverse methodologies. Specifically, we’ll focus on Union-based SQL injection utilizing the PortSwigger platform, renowned for its top-notch resources addressing web application vulnerabilities.

PortSwigger- Union-Based SQL Injection Read More »

TryHackMe- Clocky

Write-ups, TryHackMe

This blog offers a step-by-step guide for navigating through the recently introduced machine, “Clocky,” on TryHackMe. Classified as a Medium-level challenge, it aims to familiarize you with the process of detecting misconfigurations on Linux-based web servers using an array of penetration testing tools and methods. Let’s dive in promptly and commence the penetration procedure.

TryHackMe- Clocky Read More »

Broken Access Control advanced Portswigger

PortSwigger- Broken Access Control | Advanced

Write-ups, PortSwigger

This blog delves into the advanced realm of Broken Access Control vulnerability, emphasizing Insecure Direct Object References and Multi-step processes lacking access control in a single step. Both vulnerabilities will undergo comprehensive examination through practical labs.

PortSwigger- Broken Access Control | Advanced Read More »

PortSwigger- Broken Access Control | Horizontal Privilege Escalation

Write-ups, PortSwigger

This blog delves into the recognition and utilization of “Horizontal Privilege Escalation,” a form of Broken Access Control vulnerability. Horizontal access controls are systems designed to limit access to resources to particular users. Through horizontal access controls, diverse users gain access to a subset of resources of a similar kind. If you’re interested in learning more about Broken Access Control, including another type known as vertical privilege escalation, check out our previous blog post titled “Vertical Access Control.”

PortSwigger- Broken Access Control | Horizontal Privilege Escalation Read More »

PortSwigger- Broken Access Control | Vertical Privilege Escalation

Write-ups, PortSwigger

Hello folks, This blog focuses on the identification and exploitation of Broken Access Control vulnerability. We will be providing a detailed walkthrough of PortSwigger’s labs which you can access on the PortSwigger. We will be providing a detailed writeup covering this vulnerability in three categories. So in this blog, we will be covering the first

PortSwigger- Broken Access Control | Vertical Privilege Escalation Read More »

HackTheBox- Headless

Write-ups, HackTheBox

Explore the ‘Headless’ machine challenge on HackTheBox, ideal for beginners eager to hone Linux system penetration skills. Gain valuable experience and assessment in conducting penetration tests on Linux servers. Dive into this beginner-friendly challenge for a rewarding learning journey.

HackTheBox- Headless Read More »

PortSwigger- Advanced DOM-based XSS

Write-ups, PortSwigger

This blog explores how to detect and take advantage of DOM-based Cross-site Scripting (XSS) vulnerabilities found in websites that utilize third-party dependencies. It also analyzes these vulnerabilities in relation to reflected and stored XSS scenarios. Practical exercises will be carried out using the PortSwigger platform.

PortSwigger- Advanced DOM-based XSS Read More »

PortSwigger- DOM-Based XSS

Write-ups, PortSwigger

This blog centers on the identification and exploitation of DOM-based Cross-site Scripting (XSS) vulnerabilities present on websites. We’ll be honing our skills in detecting and leveraging these vulnerabilities using the PortSwigger platform.

PortSwigger- DOM-Based XSS Read More »

PortSwigger- Reflected & Stored Cross-site Scripting

Write-ups, PortSwigger

This blog emphasizes the identification and exploitation of Cross-site Scripting (XSS) vulnerabilities present on websites, specifically targeting two out of three types: Reflected XSS and Stored XSS. We will be actively practicing these vulnerabilities using the PortSwigger platform.

PortSwigger- Reflected & Stored Cross-site Scripting Read More »