Introduction This is our 5th article on Blind SSRF. In this lab, we will be solving the Blind SSRF with out-of-band detection lab. It is provided by PortSwigger Web Security for practice. Lab Description Lab … Read more
Introduction In this article, we are going to solve the Blind SSRF with Shell Shock Exploitation lab. This is our 7th lab or 6th article on server-side request forgery. Lab Description This lab contains analytics … Read more
Introduction In this article, we are going to solve the SSRF with whitelist-based input filter lab. This is part 6 of the SSRF series and the labs we are practicing on are from PortSwigger Web … Read more
In this article, we are exploring file upload vulnerabilities from basic to advanced levels, including theoretical concepts and practical examples of seven PortSwigger labs. File upload vulnerabilities are vulnerabilities found in web applications. Attackers can … Read more
Lab Description Today, we will solve a lab that is about basic SSRF against another back-end system. The lab has a stock check feature that fetches data from the internal system. This lab is vulnerable … Read more
Lab Description So, today we will be solving the 4th lab of SSRF filter bypass via open redirection vulnerability. This lab has a stock check feature that fetches data from the internal system. To solve … Read more
Introduction The article covers SSRF with blacklist-based input filter. In this lab, we will use various techniques to solve it. The developer has set up security defenses in the lab that we will bypass. Lab … Read more
Introduction Server-side request forgery (SSRF) is a vulnerability found in websites and web applications. This vulnerability allows an attacker to trick a website into sending requests to another server on the internet. Due to SSRF, … Read more
Do you want to learn about Hacking Websites? Although you may not know how and where to learn about it, we will explore various ways to hack a website in-depth in this article. Disclaimer For … Read more
What is Red Teaming Red teaming is a methodology we have for conducting cyber security assessments in which an organization conducts a simulated cyber attack on its own systems, processes, or personal networks. The purpose … Read more
Password reset poisoning via middleware is a part of our authentication vulnerability where an attacker uses the password reset feature. The attacker captures the password reset request and modifies it by inserting their own link. … Read more
Introduction to the 2-Factor Authentication broken logic We have server-side vulnerabilities in our possession, which are essentially a part of authentication vulnerabilities. Due to the 2-Factor Authentication broken logic vulnerability, an attacker or hacker can … Read more
Username Enumeration via Response Timing is a technique in which an attacker attempts to find the username of a web application or system. An attacker can perform a bruteforce attack on any web application by … Read more
Hello dear friends, Assalom O Lakum, Masaud here. How are you all? Today, I will teach you how to automate XSS using a technique that will help you automate cross-site scripting vulnerability and hunt XSS … Read more
Introduction Hey there, my name is Masaud Ahmad and today we are going to automate bug bounty hunting and web application pentesting from basics to advanced. This process requires the need for several tools and … Read more
Password reset broken logic is a web vulnerability that is primarily categorized as an authentication vulnerability. If a website or application has a password reset broken logic vulnerability, then an attacker or hacker can exploit … Read more