WebApp Pentesting 101

<Insert inspiring quote here>

Guy who couldn’t come up with anything

Recent Posts

WebApps 101: Server-Side Request Forgery (SSRF) and PortSwigger Academy Lab Examples

Note: Majority of the content here was ripped directly from PortSwigger.net. Table of Contents: What is Server-Side Request Forgery? What is the impact of these attacks? SSRF attacks against the server itself SSRF attacks against other back-end systems Finding Attack Surface for SSRF What do we look for? Where do we look? Commonly chained exploits […]

WebApps 101: Information Disclosure Vulnerabilities and PortSwigger Lab Examples

Note: Majority of the content here was ripped directly from PortSwigger.net. Table of Contents: What is information disclosure? What are some examples of information disclosure? How to prevent information disclosure vulnerabilities Practical Lab Examples Example A: Information disclosure in error messages Example B: Information disclosure on debug page (using comments) Example C: Source code disclosure […]

WebApps 101: HTTP Host Header Attacks and PortSwigger Academy Lab Examples

Note: Majority of the content here was ripped directly from PortSwigger.net. Table of Contents: What is an HTTP Host Header? What Are Host Header Injection Attacks? How Do We Test for Attacks? Checking for flawed validation Insert the payload within the port field Provide arbitrary domain name containing the whitelisted domain name Sending ambiguous requests […]

Business Logic Flaws/Vulnerabilities and PortSwigger Lab Examples

The term “Business Logic” can be misleading, but in the context of web application security and bug bounties, a Business Logic Vulnerability is when an attacker is able to make a website or application perform an action that was never intended by the developers. For example, a eCommerce website may allow you to perform a […]

WebApps 101: Directory Traversal

Anytime that you notice the URL is calling on a file name, you should test to see if there is a directory traversal vulnerability. Testing for Directory Traversal An easy way to test is to simply try and place ./ in front of the filename in the URL. If the page reloads and looks the […]

WebApps 101: Broken Authorization Controls

This post intends to serve as a guide for some easy wins to look for when pentesting a web application for weak authorization controls. Note that this differs from Broken Authentication Controls, as Authentication takes place before Authorization comes in. This post will be updated as I learn more about broken controls to look for. […]

WebApps 101: Broken Authentication Controls

Note: Majority of the content here was ripped directly from PortSwigger.net. This post intends to serve as a guide for some easy wins to look for when pentesting a web application for weak authentication controls. Note that this differs from Broken Authorization Controls, as Authentication takes place first. This post will be updated as I […]

Using Cross Site Scripting (XSS) to Steal Cookies

We can leverage the following website so that we do not need our own webserver. https://webhook.site/ With a webhook in hand, we’re ready to craft our payload. Our payload should look like this. We’ll want to make sure we replace the URL with our generated webhook address. Once the browser renders the JavaScript the <img […]

Basic Cross Site Scripting (XSS) Bypass Techniques

In some cases, a bit of filtering is involved. The web developer may have added some regular expressions, to prevent simple XSS payloads from working. This post intends to serve as a list of simple bypass techniques to try when attempting to inject XSS payloads. Tweaking the case of your script tags. Some filters are […]

Command Injection Tips

While working through TheCyberMentor’s Linux Privesc course, I learned something new and wanted to place this here so I can refer to it later. There’s a box on TryHackMe called ConvertMyVideo. This post does not intend to serve as a walk-through or write-up of that box, but rather is a using it as an example […]

File Upload Bypass Techniques

In this guide, I’m going to show you one method to consider when you come across a file upload that only accepts PNG files. This method could theoretically be used for other file-types as well, but I’ll demonstrate uploading a PHP file on a file upload feature that “should” only allow PNG files on Popcorn […]

Bypassing XSS Defenses Part 1: Finding Allowed Tags and Attributes

This post intends to serve as a guide for a common bypass technique when you’re up against a web application firewall (WAF). In the event that the WAF limits what tags and attributes are allowed to be passed, we can use BurpSuite’s Intruder functionality to learn which tags are allowed. Table of Contents: Setting the […]

Exploiting Cross Site Request Forgery (CSRF) & Bypassing Defenses

Wondering what Cross Site Request Forgery is? Go check out my previous post on this topic at Let’s Talk Basics About Cross Site Request Forgery (CSRF). Ready to learn more about how to exploit it? You’re in the right place. The concepts and examples shown in this post were taken from PortSwigger’s WebSecurity Academy. Table […]

Using PHP Wrappers within LFI to Obtain PHP Script Source Code

You find a Local File Inclusion (LFI) running PHP, you’re able to leverage a PHP wrapper to convert the file to Base64, which you can then decode on your own machine to view the source-code of the page. In this example, we’ll be using FRIENDZONE on HackTheBox. Confirming LFI on our example At the following […]


Stay Involved

Get new content delivered directly to your inbox.