Labs

Introduction Hello, welcome back to my blog. In this writeup, I’ll walk you through how I was able to break the GraphQL Bookstore API developed by Ipsalmy, one of my mentors in this field. You can find the lab here: https://api.graphqlbook.org/ and the Github Repository too here: https://github.com/DghostNinja/graphql-bookstore-API. Don’t forget to star the GitHub repository to encourage him to create more awesome labs for the community. A special thanks also goes to HAWD for equipping me with practical API security skills through their intensive 12-week API program. That experience helped me approach this lab with the mindset of an attacker instead of just a tester. Now, enough with the warm-up. Let’s dive into the bookstore and start breaking things xD. ...

Server Side Request Forgery(SSRF) is a vulnerability that allows attackers to send requests on behalf of a server, During an SSRF, attackers forge the request signatures of the vulnerable server, allowing them to assume a privileged position on a network, bypass firewall controls, and gain access to internal services. In this writeup, we will exxplore how to find some basic SSRFs and also how to bypass some SSRF protections. LAB 1: Basic SSRF against the local server Objective: This lab has a stock check feature which fetches data from an internal system. To solve the lab, change the stock check URL to access the admin interface at http://localhost/admin. ...

Introduction Good day hackers, welcome to my blog again. In this writeup i will take you through how i was able to exploit an intentional Vulnerable Bank Application by Ghost St. Badmus, One of the best Application Security Engineers in the industry. You can find the Lab here: Vulnerable Bank Application 🏦 or vulnbank.org. Authentication & Authorization Vulnerabilities SQL Injection in login The first thing we will see when we access the application is the Login/Register page,we will try logging in with a simple SQLI payload to see if the application is vulnerable to SQLI. After using ‘or 1=1- - as the username and pass as password,we were logged in as the admin. ...