Explaining and Insecure Design Hello Hacker! Welcome to another BreakTheFlask Session. This should be the last vulnerable code for this specific session. Today, we will be exploiting and explainin...

Disclaimer!: This blog was made for educational and research purposes ONLY. No harm intended towards the original product or user. Install at your own risk!. Installing Burpsuite pro — Cracked Edi...

HACKING A BANK API Ghost St Badmus, a cracked Snr. Application Security Engineer developed a vulnerable Web Application, API and Mobile Application for Pentesters, Bug Bounty Hunters and Security ...

Injection Vulnerability Hey there, fellow hacker! This write-up walks you through exploiting real-world injection flaws in a purposefully vulnerable Flask app. We’re going deep into SQLi, XSS, Com...

Cryptographic Failure Vulnerability Welcome to the Crypto Failures Lab — a playground intentionally riddled with practical, real-world cryptographic vulnerabilities. If you’re a seasoned security ...

Explaining and Exploiting Broken Access Control Vulnerability Using the vulnerable flask code from ==> https://github.com/DghostNinja/BreakTheFlask.git from flask import Flask, request, redire...

Hello guys! I’m here again with another vulnerability, last one for the year 2024. Let’s get started : ) Imagine trying to reset your password on one account, only to realize you’ve inadvertently ...

Hello guy! I’m iPsalmy. It’s been a while I wrote anything here. Anyway, with no waste of time let’s talk about how I used a simple CSRF attack to exploit a weak token management which led to me...

Hey there! been a minute. In this write-up, I’ll be showing you how to set up your own metalsploitable virtual lab for web application security and penetration testing. STEP 1 First of, head to o...

Ever wondered what happens when you visit a Website or enter a URL? Well, look no further. I’ll be breaking down what happens when you enter a URL into your browsers here. Extracting the Domain Na...