WebApps Opportunities
Focus on Web Applications Vulnerabilities
Cross-origin resource sharing (CORS)
Cross-origin resource sharing (CORS) Cross-origin resource sharing (CORS) is a browser mechan...
Password Reset Vulnerability
Password reset poisoning is a technique whereby an attacker manipulates a vulnerable website into...
SNMP and HOST Header Injection
How to Test Initial testing is as simple as supplying another domain (i.e. attacker.com) i...
Clickjacking via IFRAME
Clickjacking is an attack that tricks a user into clicking a webpage element which is invisible o...
Access Controls and Parameter Tampering
Burp Proxy Histroy for endpoint discovery
Arjun for hidden end point discovery
CSRF Discovery/Detection
SSRF Parameter Detection/Discovery
XSS and SSTI Discovery/Detection
Rate Limits
Directory Brute-Force
HTTP Request Smuggling
Open Redirect via WaybackURLs
Social-SignOn Bypass
Possible DOS vial multiple Cookies injection
File Upload via CSRF, XSS, SSRF, RCE, LFI, XXE
HTB https://whitehatlab.eu/en/blog/writeup/hackthebox/machine/linux/doctor/