PortSwigger Academy describes CSRF as “Cross-site request forgery (also known as CSRF) is a web security vulnerability that allows an attacker to induce users to perform actions that they do not intend to perform. It allows an attacker to partly circumvent the same origin policy, which is designed to preventContinue Reading

Insecure direct object references (IDOR) is a vulnerability that allows access to parts of the webapp a particular user doesn’t necessarily have permission to. An example of it can be having consecutive numbers enumerating user accounts or text files stored on a server. As a proof of concept “This labContinue Reading

The goal of this lab is to exploit a stored cross-site scripting vulnerability in the blog comments by calling an alert function when the blog post is viewed. First, let’s check how the website responds to the posted comment. Rather than just type in a regular comment, I decided toContinue Reading

As per PortSwigger Academy: “This lab contains a simple reflected cross-site scripting vulnerability in the search functionality. To solve the lab, perform a cross-site scripting attack that calls the alert function.” This lab is a fantastic illustration of how important it is to know the basics of the language syntaxContinue Reading

While conducting any WebApp pentest it is a good practice to get familiarized with the functionality of the application. To start throwing exploits at the target is not just bad practice, but might also lead to a lot of time-wasting and even degradation of performance and this is not whatContinue Reading