Категории

Finding and exploiting an unused API endpoint - Lab#02

Опубликовано: 24 Июль 2024
на канале: Mohd Badrudduja
173
9

In this video, I walkthrough solving a lab by discovering and exploiting an unused or hidden API endpoint to purchase a Lightweight l33t Leather Jacket. By inspecting the site's requests and exploring unlinked backend functionality, I uncover a hidden API route that allows me to trigger the purchase — bypassing the normal UI restrictions.

This lab showcases the importance of securing unused or undocumented endpoints that attackers can find and exploit.

🔹 Lab Type: API Endpoint Discovery & Exploitation.
🔹 Vulnerability: Hidden/unused API functionality.
🔹 Attack Goal: Buy the Lightweight l33t Leather Jacket via a hidden API.

📌 Like & Subscribe for more web security lab walkthroughs and ethical hacking content! 💻🕵️‍♂️

#APIExploitation #HiddenEndpoints #BugBounty #WebSecurity #EthicalHacking #CyberSecurity

play_arrow
102,843
324

Idowest - Theresa (Music Video)

Idowest - Theresa (Music Video)
play_arrow
5,413
163

NIOS CLASS 12 COMPUTER SCIENCE IMPORTANT QUESTION || COMPLETE SYLLABUS MARATHON

NIOS CLASS 12 COMPUTER SCIENCE IMPORTANT QUESTION || COMPLETE SYLLABUS MARATHON
play_arrow
379
11

李克勤版本的《晚风心里吹》哀而不伤 内敛深情 [精选中文好歌] | 中国音乐电视Music TV

李克勤版本的《晚风心里吹》哀而不伤 内敛深情 [精选中文好歌] | 中国音乐电视Music TV
play_arrow
39
2

– 𝙣𝙚𝙬 𝙫𝙞𝙙𝙚𝙤. 18+

– 𝙣𝙚𝙬 𝙫𝙞𝙙𝙚𝙤. 18+

play_arrow
37
4

Thermite Ace | Rainbow Six Siege

Thermite Ace | Rainbow Six Siege
play_arrow
61
5

User Harley Wajib Nonton! Build Dan Emblem Harley Tersakit 2022 | Top Global Harley

User Harley Wajib Nonton! Build Dan Emblem Harley Tersakit 2022 | Top Global Harley
play_arrow
232
like

hot girl dance video 😍🍑🍑🍑🍑

hot girl dance video 😍🍑🍑🍑🍑
play_arrow
9
1

Обучение Python. Срезы списков. Лекция 13

Обучение Python. Срезы списков. Лекция 13
Похожие видео
play_arrow
CSRF where token validation depends on token being present - Lab#03

CSRF where token validation depends on token being present - Lab#03
play_arrow
CSRF where token validation depends on request method - Lab#02

CSRF where token validation depends on request method - Lab#02
play_arrow
CSRF vulnerability with no defenses - Lab#01

CSRF vulnerability with no defenses - Lab#01
play_arrow
What is Cross-site request forgery?

What is Cross-site request forgery?
play_arrow
Exploiting insecure output handling in LLMs - Lab#04

Exploiting insecure output handling in LLMs - Lab#04
play_arrow
Indirect prompt injection - Lab#03

Indirect prompt injection - Lab#03
play_arrow
LLM - Indirect prompt injection

LLM - Indirect prompt injection
play_arrow
Exploiting LLM APIs with excessive agency - Lab#01

Exploiting LLM APIs with excessive agency - Lab#01
play_arrow
Web LLM Attacks

Web LLM Attacks
play_arrow
Expert System and Machine Learning

Expert System and Machine Learning
play_arrow
Exploiting server-side parameter pollution in a REST URL - Lab#05

Exploiting server-side parameter pollution in a REST URL - Lab#05
play_arrow
Fuzzing parameter - Lab#04 - Part#02

Fuzzing parameter - Lab#04 - Part#02
play_arrow
Exploiting server-side parameter pollution in a query string - Lab#04

Exploiting server-side parameter pollution in a query string - Lab#04
play_arrow
Exploiting a mass assignment vulnerability - Lab#03

Exploiting a mass assignment vulnerability - Lab#03
play_arrow
Finding and exploiting an unused API endpoint - Lab#02

Finding and exploiting an unused API endpoint - Lab#02
play_arrow
Exploiting an API endpoint using documentation - Lab#01

Exploiting an API endpoint using documentation - Lab#01
play_arrow
API Endpoints and Documentation

API Endpoints and Documentation
play_arrow
SOAP vs REST API

SOAP vs REST API
play_arrow
What is an Application Programming Interface (API)?

What is an Application Programming Interface (API)?
play_arrow
Reflected XSS protected by CSP, with CSP bypass - Lab#30

Reflected XSS protected by CSP, with CSP bypass - Lab#30
play_arrow
Reflected XSS in a JavaScript URL with some characters blocked - Lab#28

Reflected XSS in a JavaScript URL with some characters blocked - Lab#28
play_arrow
Reflected XSS with event handlers and href attributes blocked - Lab#27

Reflected XSS with event handlers and href attributes blocked - Lab#27
play_arrow
Reflected XSS with AngularJS sandbox escape and CSP - Lab26

Reflected XSS with AngularJS sandbox escape and CSP - Lab26
play_arrow
Reflected XSS with AngularJS sandbox escape without strings - Lab#25

Reflected XSS with AngularJS sandbox escape without strings - Lab#25