PortSwigger Academy - Authentication Bypass via Information Disclosure
This lab's administration interface has an authentication bypass vulnerability, but it is impractical to exploit without knowledge of a custom HTTP header used by the front-end.
Dive into the world of web security, where we explore cutting-edge techniques to protect online platforms and digital infrastructure. This blog covers essential topics like vulnerability management, secure web development, and defense strategies against the latest cyber threats. Stay ahead of evolving threats with actionable advice and best practices to ensure robust web security.
This lab's administration interface has an authentication bypass vulnerability, but it is impractical to exploit without knowledge of a custom HTTP header used by the front-end.
This lab leaks its source code via backup files in a hidden directory. To solve the lab, identify and submit the database password, which is hard-coded in the leaked source code.
This lab contains a debug page that discloses sensitive information about the application. To solve the lab, obtain and submit the SECRET_KEY environment variable.
This lab discloses sensitive information via its version control history. To solve the lab, obtain the password for the administrator user then log in and delete the user carlos.
This lab's verbose error messages reveal that it is using a vulnerable version of a third-party framework. To solve the lab, obtain and submit the version number of this framework.
Recommended steps for generating a modern, secure, and widely supported public/private key pair using ECDSA
Our first dive into docker, challenges and lessons learned, a full guide on infophreak's CTFd infrastructure. - Blog by SH3LL