Writeups of All Apprentice Labs in Portswigger — All Lab’s Solution| Karthikeyan Nagaraj

11 months ago 76

BOOK THIS SPACE FOR AD

ARTICLE AD

18. Insecure Deserialization

What is Insecure deserialization?

In this section, we’ll cover what insecure deserialization is and describe how it can potentially expose websites to…

cyberw1ng.medium.com

18.1 Lab: Modifying serialized objects | 2023

This lab uses a serialization-based session mechanism and is vulnerable to privilege escalation as a result. To solve…

cyberw1ng.medium.com

19. GrapQL Vulnerabilities

GraphQL API Vulnerabilities in Web App Penetration Testing | 2023

In this section, we’ll explain what GraphQL is, describe some types, explain how to find and exploit various kinds of…

cyberw1ng.medium.com

19.1 Lab: Accessing private GraphQL posts | 2023

The blog page for this lab contains a hidden blog post that has a secret password. Find the hidden blog post and enter…

cyberw1ng.medium.com

20. HTTP Host Header Attacks

HTTP Host Header Attacks in Web App Penetration Testing | 2023

In this section, we’ll explain what Host Header Attack is, describe some types, explain how to find and exploit Host…

cyberw1ng.medium.com

Host HTTP Header Attacks: Safeguarding Against Vulnerabilities | 2023

Unveiling and Defending Against Host HTTP Header Vulnerabilities | Karthikeyan Nagaraj

cyberw1ng.medium.com

20.1 Lab: Basic password reset poisoning | 2023

This lab is vulnerable to password reset poisoning. The user Carlos will carelessly click on any links in emails that…

cyberw1ng.medium.com

20.2 Lab: Host header authentication bypass | 2023

This lab makes an assumption about the privilege level of the user based on the HTTP Host header. To solve the lab…

cyberw1ng.medium.com

21. OAuth Vulnerabilities

OAuth 2.0 Authentication Vulnerabilities in Web App Penetration Testing | 2023

In this section, we’ll explain what an OAuth Attack is, describe some types, explain how to find and exploit OAuth, and…

cyberw1ng.medium.com

21.1 Lab: Authentication bypass via OAuth implicit flow | 2023

This lab uses an OAuth service to allow users to log in with their social media accounts. Flawed validation by the…

cyberw1ng.medium.com

22. JWT Attacks

JWT attack vulnerabilities in Web App Penetration Testing | 2023

In this section, we’ll explain what an JWT Attack is, describe some types, explain how to find and exploit JWT, and…

cyberw1ng.medium.com

22.1 Lab: JWT authentication bypass via unverified signature | 2023

This lab uses a JWT-based mechanism for handling sessions. Due to implementation flaws, the server doesn’t verify the…

cyberw1ng.medium.com

22.2 Lab: JWT authentication bypass via flawed signature verification | 2023

This lab uses a JWT-based mechanism for handling sessions. The server is insecurely configured to accept unsigned JWTs…

cyberw1ng.medium.com

23.1 Lab: CORS vulnerability with trusted null origin | 2023

This website has an insecure CORS configuration in that it trusts the “null” origin.To solve the lab, craft some…

cyberw1ng.medium.com

23. CORS and Access Control

23.1 Lab: CORS vulnerability with trusted null origin | 2023

This website has an insecure CORS configuration in that it trusts the “null” origin.To solve the lab, craft some…

cyberw1ng.medium.com

23.2 Lab: User ID controlled by request parameter | 2023

This lab has a horizontal privilege escalation vulnerability on the user account page. To solve the lab, obtain the API…

cyberw1ng.medium.com

23.3 Lab: User ID controlled by request parameter, with unpredictable user IDs | 2023

This lab has a horizontal privilege escalation vulnerability on the user account page, but identifies users with GUIDs…

cyberw1ng.medium.com

Read Entire Article