Posts

We run a port scan and see that something is running on port 80:

What is a JWT? # JSON web tokens (JWTs) are a standardized way to send some kind of cryptographically signed JSON data between systems.

What is the HTTP Host Header? # HTTP host headers are mandatory request headers that specify the domain name the client is trying to access.

What is OAuth? # If you’ve ever looked around the web and found a site that allows you to sign in with your social media account, chances are that the feature being used there was build on the OAuth 2.

What is HTTP Request Smuggling? # HTTP request smuggling is a technique that interferes with the way a web application will process sequences of HTTP requests received from one or more users.

What is Web Cache Poisoning? # This is a technique where we can get the target web server and its cache in order to serve a harmful HTTP response to other users.

What is SSTi? # Server-Side Template Injection (SSTi) is when an attacker is able to inject some native template syntax into a template, which is exceed as code by the server.

As always, we can begin with a port scan: ╰─ nmap -sC -sV 10.

What is GraphQL? # GraphQL is a query language designed to provide efficient communication between clients and servers by having the client specify exactly what data they want in the response.

What is Serialization? # As the name suggests, serialization is the process of converting complex data into a simpler format that can be send as a stream of bytes.