Категории

Exploiting Time-sensitive Vulnerabilities

Опубликовано: 29 Январь 2024
на канале: Intigriti
2,204
47

👩‍🎓👨‍🎓 Learn about Race Condition vulnerabilities and how to exploit them! This lab contains a password reset mechanism. Although it doesn't contain a race condition, we can exploit the mechanism's broken cryptography by sending carefully timed requests. To solve the lab, we need to identify the vulnerability in the way the website generates password reset tokens, obtain a valid password reset token for the user carlos, log in as carlos, access the admin panel and delete the user carlos.

Overview:
0:00 Intro
0:09 Exploiting time-sensitive vulnerabilities
0:43 Lab: Exploiting time-sensitive vulnerabilities
1:19 Explore password reset functionality
2:57 Bypass the per-session locking restriction
4:43 Exploit timing issue to reset password
6:44 How to prevent race condition vulnerabilities
8:09 Conclusion

If you're struggling with the concepts covered in this lab, please review https://portswigger.net/web-security/... 🧠

🔗 Portswigger challenge: https://portswigger.net/web-security/...

🧑💻 Sign up and start hacking right now - https://go.intigriti.com/register

👾 Join our Discord - https://go.intigriti.com/discord

🎙️ This show is hosted by   / _cryptocat   ( ‪@_CryptoCat‬ ) &   / intigriti  

👕 Do you want some Intigriti Swag? Check out https://swag.intigriti.com

play_arrow
8,352
63

Put A Finger Down | Drama Queen Edition

Put A Finger Down | Drama Queen Edition
play_arrow
3,171
36

Miss Universe 2018 Favorites - PageantLive with Natalie & Joyce

Miss Universe 2018 Favorites - PageantLive with Natalie & Joyce
play_arrow
54,700
479

Fastcuts Episode 05: Toda Max | Jeepney TV

Fastcuts Episode 05: Toda Max | Jeepney TV
play_arrow
3,203
279

FIVE NIGHTS AT FREDDYS x DEAD BY DAYLIGHT REACTION

FIVE NIGHTS AT FREDDYS x DEAD BY DAYLIGHT REACTION
play_arrow
9,773,892
281 тыс

Anime cosplay|Couples💨|

Anime cosplay|Couples💨|

play_arrow
159
7

MI ଛାଡ଼ିବେ କି Rohit Sharma ? 😲 ଆଗାମୀ IPL ରେ କିଛି ବଡ଼ ହେବାକୁ ଯାଉଛି କି? TRB

MI ଛାଡ଼ିବେ କି Rohit Sharma ? 😲 ଆଗାମୀ IPL ରେ କିଛି ବଡ଼ ହେବାକୁ ଯାଉଛି କି? TRB
play_arrow
3,650
66

Cоревнования по Flat Feeder. Водоем Кричевичи, 7й этап. №2

Cоревнования по Flat Feeder. Водоем Кричевичи, 7й этап. №2
play_arrow
842
17

Free Prostate Cancer Screenings in Philly

Free Prostate Cancer Screenings in Philly
Похожие видео
play_arrow
Decoding Spotify Barcodes - Defcon 32 Coin Challenge Solution [2024]

Decoding Spotify Barcodes - Defcon 32 Coin Challenge Solution [2024]
play_arrow
XSS via CSPT and Open Redirect - Solution to August '24 Challenge (Defcon)

XSS via CSPT and Open Redirect - Solution to August '24 Challenge (Defcon)
play_arrow
Intigriti Kick off 2024

Intigriti Kick off 2024
play_arrow
Exploiting Insecure Output Handling in LLMs

Exploiting Insecure Output Handling in LLMs
play_arrow
Indirect Prompt Injection

Indirect Prompt Injection
play_arrow
Exploiting Vulnerabilities in LLM APIs

Exploiting Vulnerabilities in LLM APIs
play_arrow
Exploiting LLM APIs with Excessive Agency

Exploiting LLM APIs with Excessive Agency
play_arrow
Intigriti Customer Story: Personio

Intigriti Customer Story: Personio
play_arrow
Performing CSRF Exploits Over GraphQL

Performing CSRF Exploits Over GraphQL
play_arrow
Misconfig Mapper - Hacker Tools

Misconfig Mapper - Hacker Tools
play_arrow
Bypassing GraphQL Brute Force Protections

Bypassing GraphQL Brute Force Protections
play_arrow
Finding a Hidden GraphQL Endpoint

Finding a Hidden GraphQL Endpoint
play_arrow
Accidental Exposure of Private GraphQL Fields

Accidental Exposure of Private GraphQL Fields
play_arrow
Accessing Private GraphQL Posts

Accessing Private GraphQL Posts
play_arrow
Prototype Poisoning and Unicode Case Mapping Collision - Solution to March '24 Challenge

Prototype Poisoning and Unicode Case Mapping Collision - Solution to March '24 Challenge
play_arrow
Introduction to GraphQL Attacks

Introduction to GraphQL Attacks
play_arrow
Aggressive Scanning in Bug Bounty (and how to avoid it)

Aggressive Scanning in Bug Bounty (and how to avoid it)
play_arrow
Exploiting Server-side Parameter Pollution in a REST URL

Exploiting Server-side Parameter Pollution in a REST URL
play_arrow
Common Scoping Mistakes

Common Scoping Mistakes
play_arrow
Exploiting Server-side Parameter Pollution in a Query String

Exploiting Server-side Parameter Pollution in a Query String
play_arrow
Understanding Scope, Ethics and Code of Conduct (CoC)

Understanding Scope, Ethics and Code of Conduct (CoC)
play_arrow
Exploiting a Mass Assignment Vulnerability

Exploiting a Mass Assignment Vulnerability
play_arrow
Unicode Normalization and Cookie Path Precedence - Solution to February (Valentines) '24 Challenge

Unicode Normalization and Cookie Path Precedence - Solution to February (Valentines) '24 Challenge
play_arrow
Finding and Exploiting an Unused API Endpoint

Finding and Exploiting an Unused API Endpoint