Broken Access Control - BreakTheFlask
Explaining and Exploiting Broken Access Control Vulnerability Using the vulnerable flask code from ==> https://github.com/DghostNinja/BreakTheFlask.git from flask import Flask, request, redire...
iPsalmy
Session Hijacking Vulnerability in Password Reset Flow Leading to Cross-Account Access
Hello guys! I’m here again with another vulnerability, last one for the year 2024. Let’s get started : ) Imagine trying to reset your password on one account, only to realize you’ve inadvertently ...
Exploiting CSRF and OTP Reuse: How Weak Token Management Enables Password Reset Attacks, Leading to ATO
Hello guy! I’m iPsalmy. It’s been a while I wrote anything here. Anyway, with no waste of time let’s talk about how I used a simple CSRF attack to exploit a weak token management which led to me...
How to set up Metasploitable Lab for WAPT
Hey there! been a minute. In this write-up, I’ll be showing you how to set up your own metalsploitable virtual lab for web application security and penetration testing. STEP 1 First of, head to o...
How the Web works
Ever wondered what happens when you visit a Website or enter a URL? Well, look no further. I’ll be breaking down what happens when you enter a URL into your browsers here. Extracting the Domain Na...