Karthikeyan Nagaraj21.4 Lab: OAuth account hijacking via redirect_uri | 2024This lab uses an OAuth service to allow users to log in with their social media account. A misconfiguration by the OAuth provider makes it…3 min read·20 hours ago----
Karthikeyan Nagaraj21.3 Lab: SSRF via OpenID dynamic client registration | 2024This lab allows client applications to dynamically register themselves with the OAuth service via a registration endpoint. Some…3 min read·1 day ago----
Karthikeyan Nagaraj21.2 Lab: Forced OAuth profile linking | 2024This lab gives you the option to attach a social media profile to your account so that you can log in via OAuth instead of using the normal…3 min read·2 days ago----
Karthikeyan Nagaraj24.15 Lab: HTTP request smuggling, obfuscating the TE header | 2024This lab involves a front-end and back-end server, and the two servers handle duplicate HTTP request headers in different ways. The…2 min read·3 days ago--1--1
Karthikeyan Nagaraj24.14 Lab: HTTP request smuggling, basic TE.CL vulnerability | 2024This lab involves a front-end and back-end server, and the back-end server doesn’t support chunked encoding. The front-end server rejects…2 min read·5 days ago----
Karthikeyan Nagaraj24.13 Lab: HTTP request smuggling, basic CL.TE vulnerability | 2024This lab involves a front-end and back-end server, and the front-end server doesn’t support chunked encoding. The front-end server rejects…2 min read·5 days ago----
Karthikeyan Nagaraj24.12 Lab: CL.0 request smuggling | 2024This lab is vulnerable to CL.0 request smuggling attacks. The back-end server ignores the Content-Length header on requests to some…3 min read·6 days ago----
Karthikeyan Nagaraj24.11 Lab: HTTP/2 request splitting via CRLF injection |2024This lab is vulnerable to request smuggling because the front-end server downgrades HTTP/2 requests and fails to adequately sanitize…3 min read·May 8, 2024----
Karthikeyan Nagaraj24.10 Lab: HTTP/2 request smuggling via CRLF injection | 2024This lab is vulnerable to request smuggling because the front-end server downgrades HTTP/2 requests and fails to adequately sanitize…3 min read·May 7, 2024----
Karthikeyan NagarajCyber Security Awareness by Sanjay Kumar (ADGP), Cyber Crime WingCyber security awareness refers to the knowledge and understanding of potential threats in the online realm and adopting measures to…4 min read·May 6, 2024----