YouTube Twitter LinkedIn

YouTube Twitter LinkedIn

La Biblia del Hacking en Web
SQL Injection
Cross Site Scripting
ClickJacking
- ¿Clickjacking?
- Lab 1: Basic clickjacking with CSRF token protection
Access control vulnerabilities
Path traversal
XML external entity (XXE) injection
JWT
Server-side request forgery (SSRF)
- ¿SSRF?
- Lab 1: Basic SSRF against the local server
OS command injection
- ¿OS Command Injection?
- Lab 1: OS command injection, simple case
Authentication
- ¿Authentication?
- Lab 1: Username enumeration via different responses
HTTP request smuggling
- ¿HTTP request smuggling?
- Lab 1: HTTP request smuggling, confirming a CL.TE vulnerability via differential responses
Server-side template injection
- ¿Server-side template injection?
- Lab 1: Basic server-side template injection
DOM-based vulnerabilities
- Lab 1: DOM XSS using web messages
- Lab 2: DOM XSS using web messages and a JavaScript URL
WebSockets
- Lab #1: Manipulating WebSocket messages to exploit vulnerabilities
Prototype pollution
GraphQL
- Lab 1: Accessing private GraphQL posts
Web cache poisoning
- Lab 1: Web cache poisoning with an unkeyed header
CORS
- Lab #2 - CORS vulnerability with trusted null origin
- Lab 3: CORS vulnerability with trusted insecure protocols
API testing

Con tecnología de GitBook

En esta página

¿Te fue útil?

SQL Injection

Lab 2: SQL injection vulnerability allowing login bypass

https://portswigger.net/web-security/sql-injection/lab-login-bypass

AnteriorLab 1: SQL injection vulnerability in WHERE clause allowing retrieval of hidden data SiguienteLab 3: SQL injection attack, querying the database type and version on Oracle

Última actualización hace 9 meses

¿Te fue útil?