Frank LeitnerinInfoSec Write-upsWrite-up: Information disclosure in version control history @ PortSwigger AcademyThis write-up for the lab Information disclosure in version control history is part of my walkthrough series for PortSwigger’s Web Security…Feb 6, 2023Feb 6, 2023
Frank LeitnerinInfoSec Write-upsWrite-up: Authentication bypass via encryption oracle @ PortSwigger AcademyThis write-up for the lab Authentication bypass via encryption oracle is part of my walk-through series for PortSwigger’s Web Security…Dec 20, 2022Dec 20, 2022
Frank LeitnerinInfoSec Write-upsWrite-up: SQL injection with filter bypass via XML encoding @ PortSwigger AcademyThis write-up for the lab SQL injection with filter bypass via XML encoding is part of my walk-through series for PortSwigger’s Web…Dec 12, 2022Dec 12, 2022
Frank LeitnerinInfoSec Write-upsWrite-up: Basic server-side template injection (code context) @ PortSwigger AcademyThis write-up for the lab Basic server-side template injection (code context) is part of my walk-through series for PortSwigger’s Web…Nov 28, 2022Nov 28, 2022
Frank LeitnerinInfoSec Write-upsWrite-up: Basic server-side template injection @ PortSwigger AcademyThis write-up for the lab Basic server-side template injection is part of my walk-through series for PortSwigger’s Web Security Academy.Nov 21, 2022Nov 21, 2022
Frank LeitnerinInfoSec Write-upsWrite-up: Forced OAuth profile linking @ PortSwigger AcademyThis write-up for the lab Forced OAuth profile linking is part of my walk-through series for PortSwigger’s Web Security Academy.Oct 31, 2022Oct 31, 2022
Frank LeitnerinSystem WeaknessWrite-up: Weak isolation on dual-use endpoint @ PortSwigger AcademyThis write-up for the lab Weak isolation on dual-use endpoint is part of my walkthrough series for PortSwigger’s Web Security Academy.Aug 21, 2022Aug 21, 2022
Frank LeitnerinSystem WeaknessWrite-up: Inconsistent handling of exceptional input @ PortSwigger AcademyThis write-up for the lab Inconsistent handling of exceptional input is part of my walkthrough series for PortSwigger’s Web Security…Aug 20, 20221Aug 20, 20221
Frank LeitnerinInfoSec Write-upsWrite-up: HTTP request smuggling, basic CL.TE vulnerability @ PortSwigger AcademyThis write-up for the lab HTTP request smuggling, basic CL.TE vulnerability is part of my walk-through series for PortSwigger’s Web…Oct 23, 2022Oct 23, 2022
Frank LeitnerinInfoSec Write-upsWrite-up: Infinite money logic flaw @ PortSwigger AcademyThis write-up for the lab Infinite money logic flaw is part of my walkthrough series for PortSwigger’s Web Security Academy.Oct 15, 2022Oct 15, 2022
Frank LeitnerinInfoSec Write-upsWrite-up: Authentication bypass via flawed state machine @ PortSwigger AcademyThis write-up for the lab Authentication bypass via flawed state machine is part of my walkthrough series for PortSwigger’s Web Security…Sep 28, 2022Sep 28, 2022
Frank LeitnerinInfoSec Write-upsWrite-up: JWT authentication bypass via jwk header injection @ PortSwigger AcademyThis write-up for the lab JWT authentication bypass via jwk header injection is part of my walk-through series for PortSwigger’s Web…Sep 22, 2022Sep 22, 2022
Frank LeitnerinInfoSec Write-upsWrite-up: File path traversal, validation of file extension with null byte bypass @ PortSwigger…This write-up for the lab File path traversal, validation of file extension with null byte bypass is part of my walkthrough series for…Sep 21, 2022Sep 21, 2022
Frank LeitnerWrite-up: DOM XSS using web messages @ PortSwigger AcademyThis write-up for the lab DOM XSS using web messages is part of my walk-through series for PortSwigger’s Web Security Academy.Jun 13, 2022Jun 13, 2022
Frank LeitnerWrite-up: Blind SQL injection with out-of-band data exfiltration @ PortSwigger AcademyThis write-up for the lab Blind SQL injection with out-of-band data exfiltration is part of my walkthrough series for PortSwigger’s Web…Jun 10, 2022Jun 10, 2022
Frank LeitnerWrite-up: Blind SQL injection with out-of-band interaction @ PortSwigger AcademyThis write-up for the lab Blind SQL injection with out-of-band interaction is part of my walkthrough series for PortSwigger’s Web Security…Jun 10, 20221Jun 10, 20221
Frank LeitnerinSystem WeaknessWrite-up: Blind SQL injection with time delays and information retrieval @ PortSwigger AcademyThis write-up for the lab Blind SQL injection with time delays and information retrieval @ PortSwigger Academy is part of my walkthrough…Jun 9, 2022Jun 9, 2022
Frank LeitnerinSystem WeaknessWrite-up: Blind SQL injection with time delays @ PortSwigger AcademyThis write-up for the lab Blind SQL injection with time delays is part of my walkthrough series for PortSwigger’s Web Security Academy.Jun 7, 2022Jun 7, 2022
Frank LeitnerWrite-up: Blind SQL injection with conditional responses @ PortSwigger AcademyThis write-up for the lab Blind SQL injection with conditional responses is part of my walkthrough series for PortSwigger’s Web Security…Jun 6, 2022Jun 6, 2022
Frank LeitnerWrite-up: SQL injection attack, listing the database contents on Oracle @ PortSwigger AcademyThis write-up for the lab SQL injection attack, listing the database contents on Oracle is part of my walkthrough series for PortSwigger’s…Jun 6, 2022Jun 6, 2022