Skip to content
Home
HackTheBox Write-Ups
WifineticTwo: Write-Up
Headless: Write-Up
POV: Write-Up
Perfection: Write-Up
Flight: Write-Up
Broker: Write-Up
Love: Write-Up
Shoppy: Write-Up
Trick: Write-Up
TryHackMe Write-Ups
Cat Pictures 2: Write-Up
UltraTech: Write-Up
Anonymous: Write-Up
Thompson: Write-Up
Bolt: Write-Up
ColddBox: Write-Up
Gotta Catch’em All!: Write-Up
Brute It: Write-Up
Bounty Hacker: Write-Up
RootMe: Write-Up
Brooklyn Nine Nine: Write-Up
Web Pentesting
Web Application Pentesting Guides
Finding Vulnerabilities with Burp Suite Intruder and Repeater
Uncovering and Exploiting a Client-Side Template Injection in Vue.js
PortSwigger Labs
Access control
Unprotected admin functionality
Unprotected admin functionality with unpredictable URL
User role controlled by request parameter
User role can be modified in user profile
User ID controlled by request parameter
Cross-site scripting (XSS)
Reflected XSS into HTML context with nothing encoded
Stored XSS into HTML context with nothing encoded
DOM XSS in document.write sink using source location.search
Information disclosure
Information disclosure in error messages
Information disclosure on debug page
Path traversal
File path traversal, simple case
File path traversal, traversal sequences blocked with absolute path bypass
SQL Injection
SQL injection vulnerability in WHERE clause allowing retrieval of hidden data
SQL injection vulnerability allowing login bypass
SQL injection attack, querying the database type and version on Oracle
SQL injection attack, querying the database type and version on MySQL and Microsoft
SQL injection attack, listing the database contents on non-Oracle databases
SQL injection attack, listing the database contents on Oracle
Mobile Pentesting
Configuring Android Emulator with Burp Suite
Configuring Android Emulator with Burp Suite for HTB Challenges
Android HackTheBox Challenge – Manager Write-Up
Android HackTheBox Challenge – Pinned Write-Up
It seems we can’t find what you’re looking for. Perhaps searching can help.
Go
