The point of privilege escalation is to get a higher level of access. In Linux that would be to get a code execution as a root user. Here is the privilege escalation example in Linux using sudo. We get initial access by using obtained login and password of a regularContinue Reading

Business Logic Vulnerability. Simple Case. Business logic vulnerability is an error in the application logic that can be exploited by the user and it can be hard to detect because generally, those have to be found manually. The simple case would be finding a logic flaw in a chatbot andContinue Reading

Insecure deserialization can be a very critical vulnerability for a website. In this lab, we need to use credentials we already have to exploit insecure deserialization vulnerability, escalate privileges and delete Carlos’s account. First, we log into our account and use BurpSuite to see what we have going on. WeContinue Reading

This lab covers basic server-side template injection. “This lab is vulnerable to server-side template injection due to the unsafe construction of an ERB template. To solve the lab, review the ERB documentation to find out how to execute arbitrary code, then delete the `morale.txt` file from Carlos’s home directory.” AsContinue Reading

PortSwigger Academy defines CORS vulnerability as follows: “Cross-origin resource sharing (CORS) is a browser mechanism which enables controlled access to resources located outside of a given domain. It extends and adds flexibility to the same-origin policy. However, it also provides potential for cross-domain attacks, if a website’s CORS policy isContinue Reading