Writeup: CSRF vulnerability with no defenses
PortSwigger Academy describes CSRF as “Cross-site request forgery (also known as CSRF) is a web security vulnerability that allows an attacker to induce users to perform actions that they do not intend to perform. It allows an attacker to partly circumvent the same origin policy, which is designed to preventContinue Reading
Writeup: Insecure direct object references
Insecure direct object references (IDOR) is a vulnerability that allows access to parts of the webapp a particular user doesn’t necessarily have permission to. An example of it can be having consecutive numbers enumerating user accounts or text files stored on a server. As a proof of concept “This labContinue Reading
Writeup: Stored XSS into HTML context with nothing encoded
The goal of this lab is to exploit a stored cross-site scripting vulnerability in the blog comments by calling an alert function when the blog post is viewed. First, let’s check how the website responds to the posted comment. Rather than just type in a regular comment, I decided toContinue Reading
Writeup: Reflected XSS into HTML context with nothing encoded
As per PortSwigger Academy: “This lab contains a simple reflected cross-site scripting vulnerability in the search functionality. To solve the lab, perform a cross-site scripting attack that calls the alert function.” This lab is a fantastic illustration of how important it is to know the basics of the language syntaxContinue Reading
Writeup: Host header authentication bypass
While conducting any WebApp pentest it is a good practice to get familiarized with the functionality of the application. To start throwing exploits at the target is not just bad practice, but might also lead to a lot of time-wasting and even degradation of performance and this is not whatContinue Reading
Coding for pentesters (and other cybersecurity professionals) part 1, beginner
A common question many beginners have is if knowing how to code is required for pentesters and if yes, which language. I am a huge proponent of doing actual projects and learning as I go. Theoretical learning is good only if you immediately apply it, otherwise, there is a highContinue Reading
Writeup: SQL injection vulnerability in WHERE clause allowing retrieval of hidden data
The Portswigger Academy defines SQL injection as following “SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. It generally allows an attacker to view data that they are not normally able to retrieve. This might includeContinue Reading