HHacker2255inhackerc215.hashnode.dev·Apr 23, 2025 · 2 min readExploiting Business Logic Flaws: Lightweight I33t Jacket for FreeIntroduction Business logic vulnerabilities arise when an application fails to enforce rules properly. In this lab from PortSwigger, we explore how logic flaws in coupon validation can be abused to bypass payment rules and get a Lightweight I33t leat...00
HHacker2255inhackerc215.hashnode.dev·Apr 21, 2025 · 2 min readExploiting Inconsistent Security Controls - PortSwigger Lab WalkthroughIntroduction In this post, I’ll walk you through solving the Inconsistent Security Controls lab from PortSwigger’s Web Security Academy. This lab demonstrates how flawed logic can allow unauthorized access to admin functionalities. Step-by-Step Walkt...00
HHacker2255inhackerc215.hashnode.dev·Apr 19, 2025 · 2 min readInformation Disclosure in Error Messages - PortSwigger Lab WalkthroughIntroduction In this blog, I’ll walk you through how I solved the PortSwigger lab titled “Information Disclosure in Error Messages”. This lab teaches the importance of verbose error messages and how they can leak sensitive backend information. Step-b...00
HHacker2255inhackerc215.hashnode.dev·Apr 18, 2025 · 2 min readExploiting WebSocket Vulnerabilities to Trigger alert() - PortSwigger Lab WalkthroughIntroduction In this blog, I’ll walk you through the “Manipulating WebSocket messages to exploit vulnerabilities” lab from PortSwigger’s Web Security Academy. This lab demonstrates how insecure websocket implementations can be exploited to execute Ja...00
HHacker2255inhackerc215.hashnode.dev·Apr 17, 2025 · 2 min readHow I Exploited Username Enumeration via Different Responses (PortSwigger Lab)Introduction In this blog, I’ll walk you through the “Username Enumeration via Different Responses” lab from PortSwigger’s web security Academy. This lab demonstrates a classic vulnerability where an attacker can enumerate valid usernames based on di...00