This section covers a broad range of common vulnerabilities found in web applications, how these flaws can be identified and then exploited. Topics range from injection vulnerabilities and insecure deserialization to cross-site scripting (XSS) and server-side template injection (SSTI).
- PHP Type ConfusionExploiting loose comparison operations.
- PHP DeserialisationTriggering code execution through object deserialisation.
- Command InjectionExploiting command injection vulnerabilities.
- Exploiting TomcatExploiting common Tomcat vulnerabilities.
- File Upload VulnerabilitiesExploiting file upload vulnerabilities to execute arbitrary code.
- SQL InjectionSQL Injection for MySQL databases.
- XML External Entity Injection (XXE)Exploiting XML parsers.
- Web Content DiscoveryIdentifying web content to launch further attacks.
- Cross Site Scripting (XSS)Injecting malicious code into web applications.
- Hack The Box Certified Bug Bounty Hunter (HTB CBBH)A review of the CBBH course and exam.
- Local File Inclusion (LFI) AttacksExploiting LFI vulnerabilities in web applications.
- Flask Session CookiesDecoding Flask signed session cookies.
- Server Side Template Injection (SSTI)SSTI attacks against Python Flask applications.