Blind SQL Injection With Python | OverTheWire Natas Level 15
We covered a scenario of blind SQL Injection where the web application accepts user input without sanitization or filtering….
OWASP
SQL Injection | Bypassing Double Quotes | OverTheWire Natas Level 14
We covered a scenario of a login form vulnerable to SQL injection vulnerability. The source code allowed us to…
Command Injection & SQL Injection | HackTheBox Looking glass & Sanitize | OWASP TOP 10
We covered Command Injection & SQL Injection which are in the OWASP TOP 10 list of vulnerabilities. This was…
Broken Authentication | HTB OWASP TOP 10 – P2
We covered broken authentication, session hijacking and information disclosure as part of HTB OWASP TOP 10 track both HackTheBox…
XML External Entity Injection | HackTheBox baby WAFfles order
We covered a simple demonstration of XML External Entity Injection vulnerability which is part of OWASP Top 10. This…
Fuzzing Web Applications with Wfuzz | HackTheBox baby todo or not todo
We covered Fuzzing Web Applications with Wfuzz specifically fuzzing API endpoints. This was part of HackTheBox OWASP TOP 10…
Python Pickle Exploitation | HackTheBox OWASP Top 10 Baby Website Rick
We covered python pickle where we demonstrated the serialization and deserialization of python pickle objects. This was part of…
PHP Static-Eval Exploitation | HackTheBox Baby Breaking Grad
We covered basic white box penetration test by inspecting, analyzing and exploiting a web application source code that contains…
Demonstrating XSS,RCE and PostgreSQL Exploitation | HackTheBox Red Cross
RedCross From HackTheBox was like a maze, with several different paths to achieve shell and root. We’ll start by…
File Upload Vulnerabilities P12 | OverTheWire Natas 13
We covered another file upload vulnerability where the vulnerable code contained a PHP function exif_imagetype to check on the…