Local File Inclusion (LFI) is a type of vulnerability commonly found in web applications. It allows an attacker to include a local file, usually through a script on the web server. This can lead to information disclosure and remote code execution (RCE). …

About XSS In Brief: Web Application receives data from the client from GET function, then displays it. if(isset($_GET['text'])) { $var = $_GET['text']; print $var; } // This code checks if the 'text' variable is set for the GET request. …

Introduction بسم الله الرحمن الرحيم Hello Awesome Hackers, this is my first Write-Ups in Real Target; I will explain how Fuzzing helped me get an XSS on Admin Page Just in 1 Minute! Approaching I am doing Bug Bounty Hunting On Open-Source Projects; As I like doing this and giving back support…

بسم الله الرحمن الرحيم (In The Name of Allah Most Gracious Most Merciful) In this section, we’ll introduce the concept of business logic vulnerabilities and explain how they can arise due to flawed assumptions about user behavior. What are business logic vulnerabilities? Business logic vulnerabilities are flaws in the design and implementation of an application…

Single sign-on (SSO) is a feature that allows users to access multiple services belonging to the same organization without logging in multiple times. Once you’ve logged into a website that uses SSO, you won’t have to enter your credentials again when accessing another service or resource belonging to the same…

Insecure deserialization vulnerabilities happen when applications deserialize program objects without proper precaution. An attacker can then manipulate serialized objects to change the program’s behavior. Mechanisms Serialization is the process by which some bit of data in a programming language gets converted into a format that allows it to be saved in…

IDORs happen when users can **access resources that do not belong to them** by directly reference the object ID, object number, or filename. Mechanisms For example, let’s say that example.com is a social media site that allows you to chat with others. …

In this section, we’ll explain what directory traversal is, describe how to carry out path traversal attacks and circumvent common obstacles and spell out how to prevent path traversal vulnerabilities. What is directory traversal? Directory traversal (also known as file path traversal) is a web security vulnerability that allows an attacker to read arbitrary…

Sites often use HTTP or URL parameters to redirect users to a specified URL without any user action. While this behavior can be useful, it can also cause open redirects, Mechanisms For example, when these users visit their account dashboards at https://example.com/dashboard, …