web

Introduction # We’ve already learned a decent amount about of introductory information about OS command injection when we were studying for the Burp Suite Certified Practitioner Exam.

In this challenge we are greeted with a web page: Let’s go ahead and make an account and very quickly we can observe that we are able to make and post threads with markdown content.

Introduction # To preface this post, I want to briefly describe my level of experience to help others who might take this exam better benchmark how long it might take them to study.

What is Prototype Pollution? # This type of vulnerability allows attackers to add arbitrary properties to global object prototypes that can be inherited by user-defined objects.

What is a JWT? # JSON web tokens (JWTs) are a standardized way to send some kind of cryptographically signed JSON data between systems.

What is the HTTP Host Header? # HTTP host headers are mandatory request headers that specify the domain name the client is trying to access.

What is OAuth? # If you’ve ever looked around the web and found a site that allows you to sign in with your social media account, chances are that the feature being used there was build on the OAuth 2.

What is HTTP Request Smuggling? # HTTP request smuggling is a technique that interferes with the way a web application will process sequences of HTTP requests received from one or more users.

What is Web Cache Poisoning? # This is a technique where we can get the target web server and its cache in order to serve a harmful HTTP response to other users.

What is SSTi? # Server-Side Template Injection (SSTi) is when an attacker is able to inject some native template syntax into a template, which is exceed as code by the server.