วีดีโอ

ما هو xml ؟ ما هو DTD؟ ما هي ثغرات XXE ؟ #bugbounty #ethicalhacking #vulnerability #redteaming #cybersecurity snyk.io/blog/find-and-fix-xml-entity-vulnerabilities/ aws.amazon.com/what-is/xml/

لو الطريقه نجحت معاك من فضلك متستخدمش الطريقه في شي ليس اخلاقي #ethicalhacking #penetrationtesting #redteaming #hacking github.com/mody-morkos/cookies_to_me/tree/main

Basic SSRF against the local server Basic SSRF against another back-end system SSRF with blacklist-based input filter SSRF with whitelist-based input filter SSRF with filter bypass via open redirection vulnerability #bugbounty #ethicalhacking #vulnerability #portswigger #ssrf

Remote code execution via polyglot web shell upload Web shell upload via race condition #bugbounty #ethicalhacking #vulnerability #portswigger #fileupload #cybersecurity

Remote code execution via web shell upload Web shell upload via Content-Type restriction bypass Web shell upload via path traversal Web shell upload via extension blacklist bypass Web shell upload via obfuscated file extension #bugbounty #ethicalhacking #vulnerability #fileupload #portswigger #cybersecurity

في الفيديو دا شرحتا ثغره file upload وازاي نعمل bypass وكمان عرفنا اننا ممكن inject webshell داخل image والفيديو دا عباره عن into to file upload vuln مصادر book.hacktricks.xyz/pentesting-web/file-upload rcenetsec.com/hide-malicious-shell-in-image-file #bugbounty #vulnerability #ethicalhacking #portswigger #fileupload #bughunter

حلينا اللابات دي User ID controlled by request parameter User ID controlled by request parameter, with unpredictable user IDs User ID controlled by request parameter with data leakage in redirect User ID controlled by request parameter with password disclosure Insecure direct object references #bugbounty #ethicalhacking #vulnerability #portswigger #accesscontrol #labs

ابه الاستفاده من مراحل قبل الاستغلال زي information gathering و Scanning و Vulnerabilities assessment في مرحله Exploitation وايه الفريم وريك اللي بنستخدمها في المرحله دي وكمان كملنا شرح مراحل Maintaining access و Covering tracks وايه الادوات اللي بنسحدمها فيها #penetrationtesting #ethicalhacking #killchain #exploitation #cybersecurity #redteaming

في الفيديو دا حلينا الابات دي Unprotected admin functionality Unprotected admin functionality with unpredictable URL User role controlled by request parameter User role can be modified in user profile URL-based access control can be circumvented #bugbounty #ethicalhacking #vulnerability #portswigger #accesscontrol #labs

01-Access control vulnerabilities and privilege escalation | نظري | bug bounty

01-bug bounty |information disclosure | portswigger labs

00-bug bounty |information disclosure | introduction

|اداه تشفير وفك التشفير لملفات الtxt | والتعديل عليها للحصول علي شفرتك الخاصه

04-bug bounty | مش عارف اطبق لوحدي وناسي كل حاجه :(

02-Penetration testing | Kill chain attack | Scanning & vulnerability assessment |Tools

02-Business logic vulnerabilities | practical | portswigger labs

01-Business logic vulnerabilities | introduction

02-Penetration testing | Kill chain attack | information gathering |Most of the tools you need

01-Penetration testing life cycle | Kill chain attack | introduction

01-command injection | portswigger labs |

00-command injection introduction

01-Directory traversal | local file inclusion | 6 Labs

05-Authentication vulnerabilities | Vulnerabilities in other authentication mechanisms|labs

01-Bug Hunting | تصنيف خطوره الثغراث وثمن مكافئتها | والتعلم من hackerone hacktivity

04-Authentication vulnerabilities | Vulnerabilities in other authentication mechanisms|labs

03-Authentication vulnerabilities | Vulnerabilities in multi-factor authentication| Labs

02-Authentication vulnerabilities| Vulnerabilities in password-based login |2 LABS

01-Authentication vulnerabilities| Vulnerabilities in password-based login |4 LABS

00-Authentication vulnerabilities | introduction