web app testing

vulnerabilities

ChargePlace Scotland IDOR

Having recently entered the world of EV cars, I needed to get

web app testing

File Upload to Remote Code Execution

In this post, I will walk you through a real life example

web app testing

Bugbounty Tips - Zseano Live Mentoring Series - XSS

Over the weekend I participated in @zseanos live stream bug bounty mentoring

web app testing

Reflected XSS on driver.grab.com

Thought I would do a quick write up of a small bug

OWASP

Web Application Vulnerabilities 101 - Directory Traversal

Directory traversal aims to access files and directories that are stored outside

File Inclusion

DVWA - File Inclusion

LFI & RFI are commonly found in poorly written PHP code, allows

OWASP

CSRF - Cross Site Request Forgery

CSRF refers to an attack against authenticated web applications using Cookies wherein

OWASP

XSS - Cross Site Scripting

XSS in an input validation weakness which allows an attacker to inject

OWASP

XXE - XML External Entity

The XML External Entity (XXE) attack is a type of attack against

OWASP

Unrestricted File Upload

Many web applications allow users to upload content.  The content may be

SSRF

SSRF - Server Side Request Forgery

Server Side Request Forgery (SSRF) is a vulnerability that describes the behaviour

web app testing

Basic CURL commands

List HTTP methods: curl -i -X OPTIONS http://10.10.10.57