03:55
Finding & Exploiting an Unused API Endpoint | Web Security Academy | PortSwigger Labs | Owasp
06:31
Exploiting Server Side Parameter Pollution in a Query String | Web Security Academy | PortSwigger
02:19
Explopiting an API Endpoint Using Documentation | Web Security Academy | PortSwigger Labs | Owasp
11:43
Exploiting NoSQL Injection to Extract Data | Web Security Academy | PortSwigger Labs | Owasp
06:47
Exploiting NoSQL Operator Injection to Bypass Authentication | Web Security Academy | PortSwigger
03:01
Detecting NoSQL Injection | Web Security Academy | PortSwigger Labs | Owasp
02:02
Exploiting XXE to Retrieve Data By Repurposing A Local DTD | Web Security Academy | PortSwigger Lab
03:45
Exploiting XXE Via Image File Upload | Web Security Academy | PortSwigger Labs | Owasp
01:33
Exploiting XInclude to Retrieve Files | Web Security Academy | PortSwigger Labs | Owasp
02:36
Exploiting Blind XXE to Retrieve Data Via Error Messages | Web Security Academy | PortSwigger Labs
02:54
Exploiting Bling XXE to Exfiltrate Data Using A Malicious External DTD | Web Security Academy
02:26
Blind XXE With Out-Of-Band Interaction Via XML Parameter Entities | Web Security Academy
02:06
Blind XXE With Out-Of-Band Interaction | Web Security Academy | PortSwigger Labs | Owasp
03:02
Exploiting XXE to Perform SSRF | Web Security Academy | PortSwigger Labs | Owasp
02:04
Exploiting XXE Using External Entities to Retrieve Files | Web Security Academy | PortSwigger Labs
03:05
SSRF with Whitelist Based Input Filters | Web Security Academy | PortSwigger Labs | Owasp
02:21
Blind SSRF with ShellShock Exploitation | Web Security Academy | PortSwigger Labs | Owasp
03:31
SSRF with Filter Bypass Via Open Redirection Vulnerability | Web Security Academy | PortSwigger Labs
03:41
SSRF with Blacklist Based Input Filters | Web Security Academy | PortSwigger Labs | Owasp
01:13
Blind SSRF with Out-Of-Band Detection | Web Security Academy | Port Swigger Labs | Owasp
03:15
Basic SSRF Against Another Back-End System | Web Security Academy | PortSwigger Labs | Owasp
02:34
Basic SSRF Against Local Server | Web Security Academy | PortSwigger Labs | Owasp
06:06
Exploiting Time-Sensitive Vulnerabilities | Web Security Academy | PortSwigger Labs | Owasp
06:00
Single Endpoint Race Condition | Web Security Academy | PortSwigger Labs | Owasp
06:00
Multi Endpoint Race Condition | Web Security Academy | PortSwigger Labs | Owasp
06:35
Bypassing Rate Limit Via Race Condition | Web Security Academy | PortSwigger Labs | Owasp
06:02
Limit Overrun Race Condition | Web Security Academy | PortSwigger Labs | Owasp
04:54
Web Shell Upload Via Race Condition | Web Security Academy | PortSwigger Labs | Owasp
05:45
Remote Code Execution via Polyglot Web Shell Upload | Web Security Academy | PortSwigger Labs
04:00
Web Shell Upload via Obfuscated File extention | Web Security Academy | PortSwigger Labs | Owasp
03:59
Web Shell Upload via Blacklist Extension Bypass | Web Security Academy | PortSwigger Labs | Owasp
03:43
Web Shell Upload Via Path Traversal | Web Security Academy | PortSwigger Labs | Owasp
03:19
Web Shell Upload via Content-Type Restriction Bypass | Web Security Academy | PortSwigger Labs
03:23
Remote Code Execution via Web Shell Upload | Web Security Academy | PortSwigger Labs | Owasp
02:36
Referer Based Access Controlled | Web Security Academy | PortSwigger Labs | Owasp
02:48
Multi Step Process with No Access Control on One Step | Web Security Academy | PortSwigger Labs
05:02
Method Based Access Control can be Circumvented | Web Security Academy | PortSwigger Labs | Owasp
02:45
URL Based Access Control can be Circumvented | Web Security Academy | PortSwigger Labs | Owasp
06:02
Limit Overrun Race Condition | Web Security Academy | PortSwigger Labs | Owasp
02:16
Insecure Direct Object Reference | Web Security Academy | PortSwigger Labs | Owasp
02:21
User ID Controlled by Request Parameter with Password Disclosure | Web Security Academy
02:33
User ID Controlled By Request Parameter With Data Leakage in Redirect | Web Security Academy
03:32
User ID Controlled By Request Parameter, With Unpredictable User IDs
02:27
User ID Controlled By Request Parameter | Web Security Academy | PortSwigger Labs | Owasp
02:35
User Role Can Be Modified in User Profile | Web Security Academy | PortSwigger Labs | Owasp
03:02
User Role Controlled By Request Parameter | Web Security Academy | PortSwigger Labs | Owasp
01:12
Unprotected Admin Functionality With Unpredictable URL | Web Security Academy | PortSwigger Labs
01:10
Unprotected Admin Functionality | Web Security Academy | PortSwigger Labs | Owasp
04:18
Information Disclosure in Version Control History | Web Security Academy | PortSwigger Labs | Owasp
04:35
Authentication Bypass Via Information Disclosure | Web Security Academy | PortSwigger Labs | Owasp
01:52
Source Code Disclosure Via Backup Files | Web Security Academy | PortSwigger Labs | Owasp
02:11
Information Disclosure on Debug Pages | Web Security Academy | PortSwigger Labs | Owasp
01:46
Information Disclosure in Error Message | Web Security Academy | PortSwigger Labs | Owasp
15:52
Authentication Bypass via Encryption Oracle | Web Security Academy | PortSwigger Labs | Owasp
10:40
Infinite Money Logic Flaw | Web Security Academy | PortSwigger Labs | Owasp
03:37
Authentication Bypass via Flawed State Machine | Web Security Academy | PortSwigger Labs | Owasp
01:58
Insufficient Workflow Validation | Web Security Academy | PortSwigger Labs | Owasp
04:15
Weak Isolation on Dual-Use Endpoint | Web Security Academy | PortSwigger Labs | Owasp
09:24
Inconsistent Handling of Exceptional Input | Web Security Academy | PortSwigger Labs | Owasp
06:16
Low Level Logic Flaw | Web Security Academy | PortSwigger Labs | Owasp
X
About
Hacking everything without a guff
Tags