Brief introduction Authentication is the process of verifying a user. There are 3 main types of authentication: Something you know: password, security question, … (for example: login func...

Brief introduction Server-side request forgery (SSRF) is a web security vulnerability that allows attacker to cause the server-side application to make a request to an unintended location. In a ty...

Are you admin? (Level 2) The challenge provides us a python file, which is the source code of a website. In this write-up post, I will show each part of the source code and explain how it works, t...

Cookie Monster Secret Recipe (Easy) Description: Cookie Monster has hidden his top-secret cookie recipe somewhere on his website. As an aspiring cookie detective, your mission is to uncover thi...

Brief introduction Server-side template injection is when an attacker is able to use native template syntax to inject a malicious payload into a template, which is then executed server-side. Serv...

In the Cross-site scripting (XSS) module note, we will discuss about the definition of XSS vulnerability and some basic concepts of XSS. Brief Introduction What is Cross-site scripting (XSS)? Th...

In this section, we will go into detail on other types of SQL injection attacks. Examining the database in SQL injection attacks To exploit SQL injection vulnerabilities, it’s often necessary to ...

What is SQL injection? SQL injection (SQLi) is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to it database. This can allow an attac...

What is OS command injection? OS command injection (a.k.a Shell injection) is a vulnerability that allows attackers to execute operating system (OS) commands on the server that is running an appli...

Definition Path traversal (a.k.a Directory traversal) is a vulnerability that enable an attacker to read arbitrary files on the server that is running an application. In some cases, an attacker m...