nordazepam
@omar8050
Followers
3
Following
50
Media
3
Statuses
50
Joined November 2024
I completed the Web Security Academy lab:.CSRF where token is not tied to user session.this lab have a god ida : thank you @WebSecAcademy .@WebSecAcademy.
portswigger.net
This lab's email change functionality is vulnerable to CSRF. It uses tokens to try to prevent CSRF attacks, but they aren't integrated into the site's ...
0
0
0
I completed the Web Security Academy lab:.CSRF where token validation depends on token being present.This lab easy to solve it : .just chnge email and intersept the request .then click right and genirate CSRF-POC .set in exploit server don.@WebSecAcademy.
portswigger.net
This lab's email change functionality is vulnerable to CSRF. To solve the lab, use your exploit server to host an HTML page that uses a CSRF attack to ...
0
0
1
I completed the Web Security Academy lab:.Web cache poisoning via an unkeyed query string. @WebSecAcademy.
portswigger.net
This lab is vulnerable to web cache poisoning because the query string is unkeyed. A user regularly visits this site's home page using Chrome. To solve the ...
1
0
0
I completed the Web Security Academy lab:.Web cache poisoning with an unkeyed cookie. @WebSecAcademy. .set the payload in the fehost= : "-alert-".
portswigger.net
This lab is vulnerable to web cache poisoning because cookies aren't included in the cache key. An unsuspecting user regularly visits the site's home page. ...
1
0
0
I completed the Web Security Academy lab:.Web cache poisoning with an unkeyed header. @WebSecAcademy. . 1️⃣go to expoit server .2️⃣ set this payload : alert(document.cookie).3️⃣ reload page and intersept the request in burp .down etc. .
portswigger.net
This lab is vulnerable to web cache poisoning because it handles input from an unkeyed header in an unsafe way. An unsuspecting user regularly visits the ...
1
0
0
1️⃣ go to page login and send request burp.2️⃣ interspet the request and Modfay JWT tokne to admin ans Path "/admin".
0
0
0
I completed the Web Security Academy lab:.JWT authentication bypass via unverified signature. @WebSecAcademy.
portswigger.net
This lab uses a JWT-based mechanism for handling sessions. Due to implementation flaws, the server doesn't verify the signature of any JWTs that it ...
1
0
2
who am i : my name is omar and i'm bug bounty trainer .Lab: Excessive trust in client-side controls .How to found vuln : .Step 1 : click in the product <Lightweight "l33t" Leather Jacket >.Step 2 : Step 2 intercept the requests in burp .Step 3 : change the price in number 1.
0
0
1
I completed the Web Security Academy lab:.Excessive trust in client-side controls. @WebSecAcademy.
portswigger.net
This lab doesn't adequately validate user input. You can exploit a logic flaw in its purchasing workflow to buy items for an unintended price. To solve the ...
1
0
0
step 1 : click a product.step 2 : click "Check stock" and intercept the request burp .step 3 : change the url "StockAPI" in the payload :. http:%2f%2flocalhost/admin/delete?username=carlos.
0
0
0
I completed the Web Security Academy lab:.Basic SSRF against the local server. @WebSecAcademy.
portswigger.net
This lab has a stock check feature which fetches data from an internal system. To solve the lab, change the stock check URL to access the admin interface at ...
1
0
2
I completed the Web Security Academy lab:.DOM XSS in innerHTML sink using source @WebSecAcademy.
portswigger.net
This lab contains a DOM-based cross-site scripting vulnerability in the search blog functionality. It uses an innerHTML assignment, which changes the HTML ...
0
0
0
I completed the Web Security Academy lab:.CSRF vulnerability with no defenses. @WebSecAcademy.
portswigger.net
This lab's email change functionality is vulnerable to CSRF. To solve the lab, craft some HTML that uses a CSRF attack to change the viewer's email address ...
0
0
0
I completed the Web Security Academy lab:.CSRF where token validation depends on request method. @WebSecAcademy.
portswigger.net
This lab's email change functionality is vulnerable to CSRF. It attempts to block CSRF attacks, but only applies defenses to certain types of requests. To ...
0
0
0
I completed the Web Security Academy lab:.SQL injection vulnerability allowing login bypass. @WebSecAcademy. . username = admin .password = ' or 1=1--.
portswigger.net
This lab contains a SQL injection vulnerability in the login function. To solve the lab, perform a SQL injection attack that logs in to the application as ...
0
0
2
I completed the Web Security Academy lab:.Reflected XSS protected by CSP, with CSP bypass. @WebSecAcademy. .Don is the Expert Lab 🥶.
portswigger.net
This lab uses CSP and contains a reflected XSS vulnerability. To solve the lab, perform a cross-site scripting attack that bypasses the CSP and calls the ...
0
0
3