Hydra is a very good brute force tool in Kali Linux. It is very effective but requires some understanding to make sure it works as intended. In this case, I will use it to brute force the admin account in the web app, but hydra can be used for muchContinue Reading
The following vulnerability allows the execution of malicious code on the web app. The testing was run through the search bar to see if certain javascript payloads could be executed. There is a lot of blacklisting going on that does prevent a lot of standard payloads, but there are aContinue Reading
Business Logic Vulnerability. Simple Case. Business logic vulnerability is an error in the application logic that can be exploited by the user and it can be hard to detect because generally, those have to be found manually. The simple case would be finding a logic flaw in a chatbot andContinue Reading
Having an efficient methodology of pentesting can be the most important part of effective work. Simple case, log into the admin account. I could have launched BurpSuite or started brute-forcing my way into the account. Or in my case, just look at the source code. In just 30 seconds, IContinue Reading
This lab has a “Check stock” feature that parses XML input and returns any unexpected values in the response. To solve the lab, inject an XML external entity to retrieve the contents of the `/etc/passwd` file. First, let’s collect some information on the webapp. Let’s click around the store andContinue Reading
Insecure deserialization can be a very critical vulnerability for a website. In this lab, we need to use credentials we already have to exploit insecure deserialization vulnerability, escalate privileges and delete Carlos’s account. First, we log into our account and use BurpSuite to see what we have going on. WeContinue Reading
This lab covers basic server-side template injection. “This lab is vulnerable to server-side template injection due to the unsafe construction of an ERB template. To solve the lab, review the ERB documentation to find out how to execute arbitrary code, then delete the `morale.txt` file from Carlos’s home directory.” AsContinue Reading
PortSwigger Academy defines CORS vulnerability as follows: “Cross-origin resource sharing (CORS) is a browser mechanism which enables controlled access to resources located outside of a given domain. It extends and adds flexibility to the same-origin policy. However, it also provides potential for cross-domain attacks, if a website’s CORS policy isContinue Reading
PortSwigger Academy describes CSRF as “Cross-site request forgery (also known as CSRF) is a web security vulnerability that allows an attacker to induce users to perform actions that they do not intend to perform. It allows an attacker to partly circumvent the same origin policy, which is designed to preventContinue Reading
Insecure direct object references (IDOR) is a vulnerability that allows access to parts of the webapp a particular user doesn’t necessarily have permission to. An example of it can be having consecutive numbers enumerating user accounts or text files stored on a server. As a proof of concept “This labContinue Reading