AppSec

Introduction I applied for the HackingAPIsWithDami challenge, and in the first week we were given some courses and the Vulnerable RESTaurant API Lab to test our hands on skills. The lab and installation guid can be found on here: Vulnerable RESTaurant API. NB: I hosted mine locally on ubuntu_server:8080, so the base URL in this write-up may differ from yours. In this write-up, I will be exploiting the API step by step and mapping each vulnerability to the OWASP API Top 10, including practical remediation strategies. ...

Introduction Good day hackers, welcome to my blog again. In this writeup i will take you through how i was able to exploit an intentional Vulnerable Bank Application by Ghost St. Badmus, One of the best Application Security Engineers in the industry. You can find the Lab here: Vulnerable Bank Application 🏦 or vulnbank.org. Authentication & Authorization Vulnerabilities SQL Injection in login The first thing we will see when we access the application is the Login/Register page,we will try logging in with a simple SQLI payload to see if the application is vulnerable to SQLI. After using ‘or 1=1- - as the username and pass as password,we were logged in as the admin. ...