771 подписчиков
152 видео
Exploiting DOM clobbering to enable XSS (Video Solution) | 2020 -2021
Unprotected admin functionality with unpredictable URL (Video Solution) | 2021
Reflected XSS into a JavaScript string with angle brackets HTML encoded (Video Solution) | 2020-2021
SSRF with blacklist based input filter (Video Solution) | 2020 -2021
Basic server-side template injection (Video Solution) | 2021
Stored XSS into HTML context with nothing encoded (Video Solution) | 2020 -2021
SQL injection attack, listing the database contents on non Oracle databases (Video Solution) | 2020
Blind OS command injection with out of band interaction (Video Solution) | 2020 -2021
Server-side template injection in an unknown language with a documented... (Video Solution) | 2021
SQL injection attack, listing the database contents on Oracle (Video Solution) | 2020 -2021
Blind SSRF with Shellshock exploitation (Video Solution) | 2020 -2021
Blind OS command injection with output redirection (Video Solution) | 2020 -2021
Reflected XSS into HTML context with nothing encoded (Video Solution) | 2020 -2021
Basic SSRF against the local server (Video Solution) | 2020 -2021
SSRF with whitelist based input filter (Video Solution) | 2020 -2021
Exploiting blind XXE to retrieve data via error messages (Video Solution) | 2020
SQL injection vulnerability allowing login bypass (Video Solution) | 2020-2021 -2021
Multi-step process with no access control on one step (Video Solution) | 2021
Method-based access control can be circumvented (Video Solution) | 2021
File path traversal, validation of start of path (Video Solution) | 2021
Insecure direct object references (Video Solution) | 2021
File path traversal, traversal sequences stripped non-recursively (Video Solution) | 2021
User role can be modified in user profile (Video Solution) | 2021
Reflected XSS into HTML context with most tags and attributes blocked (Video Solution) | 2020 -2021
User ID controlled by request parameter, with unpredictable user IDs (Video Solution) | 2021
Basic server-side template injection (code context) | (Video Solution) 2020-2021
User role controlled by request parameter (Video Solution) | 2021
File path traversal, simple case (Video Solution) | 2021
User ID controlled by request parameter with password disclosure (Video Solution) | 2021
User ID controlled by request parameter with data leakage in redirect (Video Solution) | 2021
URL-based access control can be circumvented (Video Solution) | 2021
User ID controlled by request parameter (Video Solution) | 2021
Source code disclosure via backup files (Video Solution) | 2020 -2021
Clobbering DOM attributes to bypass HTML filters (Video Solution) | 2020 -2021
OS command injection, simple case (Video Solution) | 2020 -2021
Referer-based access control (Video Solution) | 2021
HTTP request smuggling, confirming a TE CL vulnerability via differential .. (Video Solution) | 2020
Blind OS command injection with out of band data exfiltration (Video Solution) 2020-2021
Unprotected admin functionality (Video Solution) | 2021
File path traversal, traversal sequences blocked with absolute path bypass (Video Solution) | 2021
SQL injection attack, querying the database type and version on MySQL and... (Video Solution) | 2020
Server-side template injection with information disclosure via user... (Video Solution) | 2021
Server-side template injection in a sandboxed environment (Video Solution) | 2021
Reflected XSS into a JavaScript string with angle brackets and... (Video Solution) | 2020-2021
Server side template injection using documentation (Video Solution) | 2021
File path traversal, validation of file extension with null byte bypass (Video Solution) | 2021
File path traversal, traversal sequences stripped with superfluous URL... (Video Solution) | 2021
DOM XSS using web messages and a JavaScript URL (Video Solution) | 2020 -2021
Blind SQL injection with out of band interaction (Video Solution) | 2020 -2021
Exploiting HTTP request smuggling to bypass front end security controls, CL. (Video Solution) | 2020
