What is Exif meta data ? A photo’s EXIF data contains a ton of information about your camera, and potentially where the picture was taken (GPS coordinates). That means, if you’re sharing images, there’s a lot of details others can glean…
Case Study As always let’s assume the company name as example.com. This company offers you to have private notes For the free version it offers 5 pages, to upgrade from 5 pages to unlimited pages you need to pay some…
Before we start we have to understand working of Frida What is Frida? It’s a dynamic code instrumentation toolkit. It lets you inject snippets of JavaScript or your own library into native apps on Windows, macOS, GNU/Linux, iOS, Android, and…
What is race condition? Multiple resources trying to access same resource. For example, you are booking a train ticket online and only a single seat ( assume seat no:5 ) is there. now you book a ticket for that seat…
BUG: BUSINESS LOGIC Case Study As this was a private program all illustrations of vulnerabilities will be represented with the host as example.com The application is built to play Quiz and win reward points that can be used as money…
Whats is API? An application programming interface key is a unique identifier used to authenticate a user, developer, or calling program to an API. However, they are typically used to authenticate a project with the API rather than a human…
What is IDOR? when a reference to an internal implementation object, such as a file or database key, is exposed to users without any other access control. In such cases, the attacker can manipulate those references to get access to…
What is Sensitive Data Exposure? Sensitive Data Exposure occurs when an application does not adequately protect sensitive information. The data can vary and anything from passwords, Email-id, session tokens, credit card data to private health data and more can be…
Case Study As this was a private program all illustrations of vulnerabilities will be represented with the host as example.com The application had a Registration page where a user could register a new Email-id and password which allowed him to…
What is CSRF? Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated. CSRF attacks specifically target state-changing requests, not theft of data, since the…