Категории

Exploiting server-side parameter pollution in a query string - Lab#04

Опубликовано: 27 Июль 2024
на канале: Mohd Badrudduja
286
13

In this video, I demonstrate how to exploit a server-side parameter pollution (SSPP) vulnerability in a query string to bypass access controls. By manipulating duplicate parameters, I gain access to the administrator account, and then proceed to delete the user carlos.

This lab shows how improperly handled query parameters on the server side can lead to privilege escalation and unauthorized actions.

🔹 Lab Type: Server-Side Parameter Pollution (SSPP)
🔹 Vulnerability: Insecure handling of duplicate query parameters
🔹 Attack Goal: Log in as administrator and delete carlos
🔹 Credentials for testing: wiener:peter

📌 Like & Subscribe for more web security lab walkthroughs and ethical hacking tutorials! 💻🛡️

#ServerSideParameterPollution #WebSecurity #BugBounty #EthicalHacking #PortSwigger #CyberSecurity #SSPP #AccessControlBypass

play_arrow
102,843
324

Idowest - Theresa (Music Video)

Idowest - Theresa (Music Video)
play_arrow
5,413
163

NIOS CLASS 12 COMPUTER SCIENCE IMPORTANT QUESTION || COMPLETE SYLLABUS MARATHON

NIOS CLASS 12 COMPUTER SCIENCE IMPORTANT QUESTION || COMPLETE SYLLABUS MARATHON
play_arrow
379
11

李克勤版本的《晚风心里吹》哀而不伤 内敛深情 [精选中文好歌] | 中国音乐电视Music TV

李克勤版本的《晚风心里吹》哀而不伤 内敛深情 [精选中文好歌] | 中国音乐电视Music TV
play_arrow
39
2

– 𝙣𝙚𝙬 𝙫𝙞𝙙𝙚𝙤. 18+

– 𝙣𝙚𝙬 𝙫𝙞𝙙𝙚𝙤. 18+

play_arrow
37
4

Thermite Ace | Rainbow Six Siege

Thermite Ace | Rainbow Six Siege
play_arrow
61
5

User Harley Wajib Nonton! Build Dan Emblem Harley Tersakit 2022 | Top Global Harley

User Harley Wajib Nonton! Build Dan Emblem Harley Tersakit 2022 | Top Global Harley
play_arrow
232
like

hot girl dance video 😍🍑🍑🍑🍑

hot girl dance video 😍🍑🍑🍑🍑
play_arrow
9
1

Обучение Python. Срезы списков. Лекция 13

Обучение Python. Срезы списков. Лекция 13
Похожие видео
play_arrow
CSRF where token validation depends on token being present - Lab#03

CSRF where token validation depends on token being present - Lab#03
play_arrow
CSRF where token validation depends on request method - Lab#02

CSRF where token validation depends on request method - Lab#02
play_arrow
CSRF vulnerability with no defenses - Lab#01

CSRF vulnerability with no defenses - Lab#01
play_arrow
What is Cross-site request forgery?

What is Cross-site request forgery?
play_arrow
Exploiting insecure output handling in LLMs - Lab#04

Exploiting insecure output handling in LLMs - Lab#04
play_arrow
Indirect prompt injection - Lab#03

Indirect prompt injection - Lab#03
play_arrow
LLM - Indirect prompt injection

LLM - Indirect prompt injection
play_arrow
Exploiting LLM APIs with excessive agency - Lab#01

Exploiting LLM APIs with excessive agency - Lab#01
play_arrow
Web LLM Attacks

Web LLM Attacks
play_arrow
Expert System and Machine Learning

Expert System and Machine Learning
play_arrow
Exploiting server-side parameter pollution in a REST URL - Lab#05

Exploiting server-side parameter pollution in a REST URL - Lab#05
play_arrow
Fuzzing parameter - Lab#04 - Part#02

Fuzzing parameter - Lab#04 - Part#02
play_arrow
Exploiting server-side parameter pollution in a query string - Lab#04

Exploiting server-side parameter pollution in a query string - Lab#04
play_arrow
Exploiting a mass assignment vulnerability - Lab#03

Exploiting a mass assignment vulnerability - Lab#03
play_arrow
Finding and exploiting an unused API endpoint - Lab#02

Finding and exploiting an unused API endpoint - Lab#02
play_arrow
Exploiting an API endpoint using documentation - Lab#01

Exploiting an API endpoint using documentation - Lab#01
play_arrow
API Endpoints and Documentation

API Endpoints and Documentation
play_arrow
SOAP vs REST API

SOAP vs REST API
play_arrow
What is an Application Programming Interface (API)?

What is an Application Programming Interface (API)?
play_arrow
Reflected XSS protected by CSP, with CSP bypass - Lab#30

Reflected XSS protected by CSP, with CSP bypass - Lab#30
play_arrow
Reflected XSS in a JavaScript URL with some characters blocked - Lab#28

Reflected XSS in a JavaScript URL with some characters blocked - Lab#28
play_arrow
Reflected XSS with event handlers and href attributes blocked - Lab#27

Reflected XSS with event handlers and href attributes blocked - Lab#27
play_arrow
Reflected XSS with AngularJS sandbox escape and CSP - Lab26

Reflected XSS with AngularJS sandbox escape and CSP - Lab26
play_arrow
Reflected XSS with AngularJS sandbox escape without strings - Lab#25

Reflected XSS with AngularJS sandbox escape without strings - Lab#25