BPB E Learning

Introduction to Information Disclosure Vulnerabilities

Information Disclosure slides

Discovering Database Login Credentials

Discovering Endpoints & Sensitive Data

Introduction to HTTP Status Codes

Bug Hunter Mentality to Discover Admin Login Information

Manipulating Application Behaviour Through the HTTP GET Method

Manipulating Application Behaviour Through the HTTP POST Method

Intercepting Requests With Brup Proxy

Introduction to Broken Access Control Vulnerabilities

Broken Access Control slides

Cookie Manipulation

Accessing Private User Data

Accessing Private User Data

Discovering IDOR Vulnerabilities

Privilege Escalation with Burp Repeater

Debugging Flows with HTTP TRACE & Gaining Admin Access!

Introduction to Path Traversal Vulnerabilities & Basic Discovery

Path Traversal slides

Bypassing Absolute Path Restriction

Bypassing Hard-coded Extensions

Bypassing Filtering

Bypassing Hard-coded Paths

Bypassing Advanced Filtering

Bypassing Extreme Filtering

Discovering & Exploiting CSRF Vulnerabilities

CSRF slides

Introduction to OAUTH 2.0

OAUTH 2.0 slides

OAUTH 2.0 Basic Exploitation

Exploiting a Linking OAUTH 2.0 Flow Through CSRF

Exploiting a Login OAUTH 2.0 Flow Through CSRF

Introduction to Injection Vulnerabilities

Discovering a Basic Command Injection Vulnerability

Discovering Blind Command Injection Vulnerabilities

Discovering Asynchronous Blind Command Injection Vulnerabilities

Using Burp Collaborator to Exploit Asynchronous Blind Command Injection

Introduction to XSS Vulnerabilities & Its Types

XSS slides

Discovering a HTML Injection Vulnerability

Discovering Reflected & Stored XSS Vulnerabilities

Introduction to DOM XSS Vulnerabilities

Discovering a Reflected DOM XSS in a Link

Discovering a Reflected XSS in an Image Tag!

Injecting Javascript Directly in a Page Script

Discovering XSS in a Drop-down Menu

Discovering XSS in AngularJS Application

Bypassing Basic Filtering

Bypassing Single-Quotes Filtering

Bypassing Advanced Filtering

Bypassing Server-Side Filtering

Bypassing Extreme Filtering with Burp Intruder

Analysing the Target Application

Discovering an XSS in a CSP Enabled Application

Introduction to SQL Injection Vulnerabilities

SQLi slides

Discovering SQL Injections

Bypassing Admin Login Using Logical Operators

Selecting Data From the Database

Accessing The Database Admin Records

Discovering Blind SQL Injections

Enumerating Table & Column Names

Recovering Administrator Password With Burp Intruder

Using the Cluster-Bomb Attack to Recover Passwords

Discovering Time-Based Blind SQLi

Extracting Data From the Database Using a Time-Based Blind SQLi

Getting The Admin Password Using a Time-Based Blind SQLi

SSRF Introduction

Theory Behind SSRF Vulnerabilities & Their Impact

Discovering a Basic SSRF Vulnerability

Accessing Private (Admin) Resources Using an SSRF Vulnerability

Advanced SSRF Discovery

Scanning & Mapping Internal Network & Services

Bypassing Blacklists

Bypassing Whitelists

Chaining Open Redirection with SSRF to Bypass Restrictive Filters

Introduction to Blind SSRF Vulnerabilities

Discovering Blind SSRF Vulnerabilities

Exploiting Blind SSRF Vulnerabilities

Escalating Blind SSRF to a Remote Code Execution (RCE)

Introduction to XXE Injection Vulnerabilities

XXE slides

What is XML?

Exploiting a Basic XXE Injection

Discovering an SSRF Through a Blind XXE

Introduction

Live bug hunting slides

Overview of the Target

Discovering an Open Redirect Vulnerability

Discovering a an XSS in the Response

Discovering an XSS in a HTML Comment

Discovering an XSS in a Date Picker

Broken Access Control in Booking Page

Analysing Application Files & Finding Sensitive Data

Discovering Endpoints Hidden In Code

Discovering an IDOR - Insecure Direct Object Reference

Discovering Hidden Endpoints Using Regex

Discovering a Complex Stored XSS

Discovering Bugs in Hidden Elements

Discovering Bugs in Hidden Parameters

Hacker 1 Overview

Bug-Bounty Overview

Submitting a Bug Report