Exploiting Server-side Parameter Pollution in a REST URL
👩🎓👨🎓 Learn about API testing (and server-side parameter pollution)! To solve this lab, we'll need to log in as the administrator and delete the user carlos.
If you're struggling with the concepts covered in this lab, please review https://portswigger.net/web-security/... 🧠
🔗 Portswigger challenge: https://portswigger.net/web-security/...
🧑💻 Sign up and start hacking right now - https://go.intigriti.com/register
👾 Join our Discord - https://go.intigriti.com/discord
🎙️ This show is hosted by / _cryptocat ( @_CryptoCat ) & / intigriti
👕 Do you want some Intigriti Swag? Check out https://swag.intigriti.com
Overview:
0:00 Intro
0:25 Testing for server-side parameter pollution in REST paths
2:09 Lab: Exploiting server-side parameter pollution in a REST URL
2:29 Explore site functionality
3:28 Probe password reset endpoint
4:32 Path traversal
5:41 Leak API routes
7:42 RESTful parameter pollution
8:23 Exploit older API version (v1)
9:46 Preventing server-side parameter pollution
10:16 Conclusion
![Decoding Spotify Barcodes - Defcon 32 Coin Challenge Solution [2024]](https://images.mixrolikus.cc/video/RpXbtmUGyXs)
