What is Vertical Privilege escalation? If a user can gain access to functionality that they are not permitted to access then this is vertical privilege escalation. For example, if a non-administrative user can in fact gain access to an admin page…
What is Frida? It’s a dynamic code instrumentation toolkit. It lets you inject snippets of JavaScript or your own library into native apps on Windows, macOS, GNU/Linux, iOS, Android, and QNX. Frida also provides you with some simple tools built…
Case Study As always let’s assume the company name as example.com. This company offers you to have private notes For the free version it offers 5 pages, to upgrade from 5 pages to unlimited pages you need to pay some amount of money.…
What is race condition ? Multiple resources trying to access the same resource. For example: you are booking a train ticket online and only a single seat ( assume seat no:5 ) is there. now you book a ticket for…
Case Study As this was a private program all illustrations of vulnerabilities will be represented with the host as example.com The application is built to play Quiz and win reward points that can be used as money to play Quiz…
What is CSRF? Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated. CSRF attacks specifically target state-changing requests, not theft of data, since the…
Case Study As this was a private program all illustrations of vulnerabilities will be represented with the host as example.com The application had a Registration page where a user could register a new Email-id and password which allowed him to log in…
What is Sensitive Data Exposure? Sensitive Data Exposure occurs when an application does not adequately protect sensitive information. The data can vary and anything from passwords, Email-id, session tokens, credit card data to private health data and more can be…
What is API? An application programming interface key is a unique identifier used to authenticate a user, developer, or calling program to an API. However, they are typically used to authenticate a project with the API rather than a human…
About Oauth OAuth is an open standard for access delegation, commonly used as a way for Internet users to grant websites or applications access to their information on other websites but without giving them the passwords. This mechanism is used by companies such…