Skip to content
Home
HackTheBox Write-Ups
WifineticTwo: Write-Up
Headless: Write-Up
POV: Write-Up
Perfection: Write-Up
Flight: Write-Up
Broker: Write-Up
Love: Write-Up
Shoppy: Write-Up
Trick: Write-Up
TryHackMe Write-Ups
Cat Pictures 2: Write-Up
UltraTech: Write-Up
Anonymous: Write-Up
Thompson: Write-Up
Bolt: Write-Up
ColddBox: Write-Up
Gotta Catch’em All!: Write-Up
Brute It: Write-Up
Bounty Hacker: Write-Up
RootMe: Write-Up
Brooklyn Nine Nine: Write-Up
PortSwigger Labs
Access control
Unprotected admin functionality
Unprotected admin functionality with unpredictable URL
User role controlled by request parameter
User role can be modified in user profile
User ID controlled by request parameter
Cross-site scripting (XSS)
Reflected XSS into HTML context with nothing encoded
Stored XSS into HTML context with nothing encoded
DOM XSS in document.write sink using source location.search
DOM XSS in innerHTML sink using source location.search
Information disclosure
Information disclosure in error messages
Information disclosure on debug page
Path traversal
File path traversal, simple case
File path traversal, traversal sequences blocked with absolute path bypass
File path traversal, traversal sequences stripped non-recursively
SQL Injection
SQL injection vulnerability in WHERE clause allowing retrieval of hidden data
SQL injection vulnerability allowing login bypass
SQL injection attack, querying the database type and version on Oracle
SQL injection attack, querying the database type and version on MySQL and Microsoft
SQL injection attack, listing the database contents on non-Oracle databases
SQL injection attack, listing the database contents on Oracle
Mobile Pentesting
Configuring Android Emulator with Burp Suite
Configuring Android Emulator with Burp Suite for HTB Challenges
Android HackTheBox Challenge – Manager Write-Up
Android HackTheBox Challenge – Pinned Write-Up
Android HackTheBox Challenge – Don’t Overreact Write-Up
Miscellaneous Content
Falling Clyde (HTML5 Game)
Finding Vulnerabilities with Burp Suite Intruder and Repeater
Legend of Zelda Dungeon Tech Demo
Uncovering and Exploiting a Client-Side Template Injection in Vue.js
It seems we can’t find what you’re looking for. Perhaps searching can help.
Go
