Ashlesh singh chouhanunlockingadminaccess.hashnode.dev·Oct 17, 2024The Power of SQL Injection: From Product Filters to Admin AccessIn this post, we'll explore how to exploit a SQL injection vulnerability in a non-Oracle database. SQL injection is one of the most dangerous security risks and can lead to unauthorized access to sensitive data. By following this lab, you'll learn ho...admin access
Aditya Uniyaladityauniyal.hashnode.dev·Oct 4, 2024Lab: Web shell upload via Content-Type restriction bypassSolved: Method 1: set filter to see image files in burp proxy upload an image file and retrive the POST request and sent it to repeater. now from the browser click to go back to “My Account”. now retrive the GET request and send it to repeater. ...file-upload-vulnerabilites
Ohekpeje Joel Odeyjoelodey.hashnode.dev·Apr 29, 2024Lab: Exploiting XXE using external entities to retrieve filesLab Scenario: Our mission is to exploit XXE through a web application's "Check stock" feature, specifically using external entities to retrieve files. By intercepting and manipulating a POST request, we intend to use XXE to trigger the retrieval of s...8 likes·36 readsPortSwigger XML external entity (XXE) injectionxxe
Haneunhanlee.hashnode.dev·Apr 12, 2023Understanding the Key Features of Burp SuiteBurp Suite Definition Burp Suite is a web proxy program (packet manipulation program) that sits between the client and the server. It allows interception of data being sent between the two and provides various tools such as vulnerability scanners and...ProgrammingWeb Security