Understanding the Concept of SSRF in Web Application Penetration Testing for Bug Bounty | Karthikeyan Nagaraj — What is SSRF? Server-side request forgery is a web security vulnerability that allows an attacker to cause the server-side application to make requests to an unintended location. In a typical SSRF attack, the attacker might cause the server to make a connection to internal-only services within the organization’s infrastructure. In other cases, they…

This lab’s purchasing flow contains a race condition that enables you to purchase items for an unintended price. To solve the lab, successfully purchase a Lightweight L33t Leather Jacket — Description This lab’s purchasing flow contains a race condition that enables you to purchase items for an unintended price. To solve the lab, successfully purchase a Lightweight L33t Leather Jacket. You can log in to your account with the following credentials: wiener:peter.

The most well-known type of race condition enables you to exceed some kind of limit imposed by the business logic of the application | Karthikeyan Nagaraj — Limit overrun race conditions The most well-known type of race condition enables you to exceed some kind of limit imposed by the business logic of the application. For example, consider an online store that lets you enter a promotional code during checkout to get a one-time discount on your order. …

Navigating the Complex World of Race Conditions | Karthikeyan Nagaraj — n the ever-evolving landscape of cybersecurity, staying one step ahead of potential threats is paramount. Among the multitude of vulnerabilities that web applications can face, Race Conditions stand as a formidable challenge. In this comprehensive guide, we will explore the intricate world of Race Conditions, shedding light on their nature…

This lab contains a vulnerable image upload function. It attempts to prevent users from uploading unexpected file types, but relies on checking user-controllable input to verify, To solve the lab, upload a basic PHP web shell and use it to exfiltrate the contents of the file /home/carlos/secret | Karthikeyan Nagaraj — Description This lab contains a vulnerable image upload function. It attempts to prevent users from uploading unexpected file types, but relies on checking user-controllable input to verify this.

This Lab contains a vulnerable image upload function. It doesn’t perform any validation on the files upload before storing on the server, To solve the lab, upload a basic PHP web shell to exfiltrate the contents of /home/carlos/secret | Karthikeyan Nagaraj — Description This lab contains a vulnerable image upload function. It doesn’t perform any validation on the files users upload before storing them on the server’s filesystem.

Unraveling the Intricacies of File Upload Vulnerabilities in Bug Bounty Hunting | Karthikeyan Nagaraj — What are file upload vulnerabilities? File upload vulnerabilities are when a web server allows users to upload files to its filesystem without sufficiently validating things like their name, type, contents, or size. Failing to properly enforce restrictions on these could mean that even a basic image upload function can be used to upload arbitrary and…

This Lab has an admin panel at /admin. It’s only accessible to logged-in users with a roleid of 2, Solve the lab by accessing the admin panel and using it to delete the user Carlos | Karthikeyan Nagaraj — Description This lab has an admin panel at /admin. It's only accessible to logged-in users with a roleid of 2. Solve the lab by accessing the admin panel and using it to delete the user carlos. You can log in to your own account using the following credentials: wiener:peter

This Lab has an admin panel at /admin, which is using a forgeable cookie. Solve the lab by accessing the admin panel and using it to delete the user carlos | Karthikeyan Nagaraj — Description This lab has an admin panel at /admin, which identifies administrators using a forgeable cookie. Solve the lab by accessing the admin panel and using it to delete the user carlos. You can log in to your own account using the following credentials: wiener:peter