Posts
SSRF - Applied Review
·9 mins
web
BSCP
What is Server Side Request Forgery? # SSRF is a vulnerability that allows attackers to cause the application to make requests to an unintended location from the server that the application is running on.
Codify - HTB
·6 mins
htb
We can start with a port scan as we always do:
╰─ nmap -sC -sV 10.
Race Conditions - Applied Review
·12 mins
web
BSCP
What Are Race Conditions? # Race conditions are relatively common and are closely related to business logic flaws.
File Upload - Applied Review
·10 mins
web
BSCP
What Are File Upload Vulnerabilities? # These vulnerabilities are often present when web applications contain file upload functionality that do not sufficiently validate things like the file’s name, type, contents, or size.
Appsanity - HTB
·13 mins
htb
dll-injection
As always, we begin with a port scan:
╰─ nmap -sC -sV 10.129.11.88 Starting Nmap 7.
Access Control - Applied Review
·5 mins
web
BSCP
What is Access Control? # Access control is how we describe the constraints that we place on an authorized user in the context of accessing resources and performing actions.
Manager - HTB
·9 mins
htb
As always, we will start off with a port scan:
╰─ nmap -sC -sV 10.
Business Logic Flaws - Applied Review
·7 mins
BSCP
web
What Are Business Logic Vulnerabilities # Business logic vulnerabilities are flaws in the design or implementation of an application that let attackers produce unintended behavior.
Drive - HTB
·7 mins
htb
To read this post, enter the root user’s password hash ("$6…k1").
We start off with a port scan:
Information Disclosure - Applied Review
·4 mins
web
BSCP
Information disclosures seem to be highly contextual depending on where you find them and what kinds of protections are in place.