Exploiting Server-side Parameter Pollution in a Query String
👩🎓👨🎓 Learn about API testing (and server-side parameter pollution)! To solve this lab, we'll need to log in as the administrator and delete the user carlos.
If you're struggling with the concepts covered in this lab, please review https://portswigger.net/web-security/api-testing 🧠
🔗 Portswigger challenge: https://portswigger.net/web-security/api-testing/server-side-parameter-pollution/lab-exploiting-server-side-parameter-pollution-in-query-string
🧑💻 Sign up and start hacking right now - https://go.intigriti.com/register
👾 Join our Discord - https://go.intigriti.com/discord
🎙️ This show is hosted by https://twitter.com/_CryptoCat ( @_CryptoCat ) & https://twitter.com/intigriti
👕 Do you want some Intigriti Swag? Check out https://swag.intigriti.com
Overview:
0:00 Intro
0:26 Server-side parameter pollution
1:21 Testing for server-side parameter pollution in the query string
1:57 Truncating query strings
3:03 Injecting invalid parameters
3:42 Injecting valid parameters
4:20 Overriding existing parameters
5:24 Lab: Exploiting server-side parameter pollution in a query string
5:37 Explore site functionality
6:18 Analyse javascript
7:03 Probe password reset for parameter pollution
9:19 Brute-force parameter with burp intruder
10:25 Reset administrator password with leaked token
10:53 Conclusion
Видео Exploiting Server-side Parameter Pollution in a Query String канала Intigriti
If you're struggling with the concepts covered in this lab, please review https://portswigger.net/web-security/api-testing 🧠
🔗 Portswigger challenge: https://portswigger.net/web-security/api-testing/server-side-parameter-pollution/lab-exploiting-server-side-parameter-pollution-in-query-string
🧑💻 Sign up and start hacking right now - https://go.intigriti.com/register
👾 Join our Discord - https://go.intigriti.com/discord
🎙️ This show is hosted by https://twitter.com/_CryptoCat ( @_CryptoCat ) & https://twitter.com/intigriti
👕 Do you want some Intigriti Swag? Check out https://swag.intigriti.com
Overview:
0:00 Intro
0:26 Server-side parameter pollution
1:21 Testing for server-side parameter pollution in the query string
1:57 Truncating query strings
3:03 Injecting invalid parameters
3:42 Injecting valid parameters
4:20 Overriding existing parameters
5:24 Lab: Exploiting server-side parameter pollution in a query string
5:37 Explore site functionality
6:18 Analyse javascript
7:03 Probe password reset for parameter pollution
9:19 Brute-force parameter with burp intruder
10:25 Reset administrator password with leaked token
10:53 Conclusion
Видео Exploiting Server-side Parameter Pollution in a Query String канала Intigriti
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
h4rmony - Hacker InterviewMulti-endpoint Race ConditionsHacker Heroes #1 - @samengmg (Interview)Hacker Tools - CyberChefkuromatae - Hacker InterviewWhy Every Company Should Run a Live Hacking Event (#1337up0622 Aftermovie)Announcement: Intigriti secures more than €21M in Series B fundingIntigriti Customer Story: CM.comJWT Authentication Bypass via jwk Header InjectionBypassing Rate Limits via Race ConditionsXXE to SSH access?! - Mustacchio by @RealTryHackMeSecond order NoSQL injection? - Solution to January '23 ChallengeCan You Spot The Vulnerability?FFUF by @joohoi (Behind The Tool #1)Intigriti Customer Story: Brussels Airlines discovers critical vulnerability via ethical hackersEthernaut - 2 - FalloutMeet Stijn Jans, Intigriti's FounderCheat Engine: Shared Code (tutorial 9, part 1) - Game Hacking SeriesSingle-endpoint Race ConditionsCan You Spot The Vulnerability?Exploiting Server-side Parameter Pollution in a REST URL