All are welcome. One of the Directory Traversal labs from this portswigger will be performed in this tutorial. You will learn the fundamentals of OS command injection through this lab. How do we carry out commands and how will they work in the background? Consequently, the following is the home page for the lab that… Continue reading OS command injection, simple case
Welcome Everyone, In this tutorial we are going to perform One of the Directory Traversal labs from this portswigger Therefore, the first thing you must understand is that “directory traversal” is another name for “file path traversal”. Don’t be confused about that. Therefore, in this tutorial, we’ll run a simple lab to demonstrate how Directory… Continue reading File path traversal, simple case
Welcome Everyone, In this tutorial we are going to perform an authentication bypass lab from this portswigger The steps that will be taken to solve the lab are shown in the video that is provided below. Now that the video is here, it is assumed that you have seen it all. In the following step,… Continue reading Authentication bypass via encryption oracle
Authentication is the process of validating the identity of a registered user or process before enabling access to protected networks and systems. Now if you want learn more about Authentication refer to the Portswigger for more detail explanation about Authentication. So in this tutorial I am going to explain about vulnerability in the login page… Continue reading Username enumeration via different responses
The response we get back from our injection attempts is referred to as boolean-based SQL Injection and can be true or false, yes or no, on or off, 1/0, or any other response that can only ever have two outcomes. This result demonstrates to us whether or not our SQL Injection payload was successful. You… Continue reading Boolean-based Blind SQL Injection
The “UNION” keyword is used in SQL statements in a sort of SQL injection attack known as union-based SQL injection. By inserting malicious SQL code into an application’s input field, which is then processed by the application’s database, this attack aims to alter the behaviour of a SQL query. In SQL queries, the “UNION” term… Continue reading UNION-Based SQL Injection
This kind of SQL Injection happens whenever a website’s input fields, such as the search box, login page, comment forms, etc., are present. Below is the screenshot of the login page that I have made to demonstrate the Classical Login-based SQL injection Depending on the website or application, the Login Page SQL query will be… Continue reading Classic SQL Injection