Exploiting Server-side Parameter Pollution in a REST URL
ฝัง
- เผยแพร่เมื่อ 11 ก.ค. 2024
- 👩🎓👨🎓 Learn about API testing (and server-side parameter pollution)! To solve this lab, we'll need to log in as the administrator and delete the user carlos.
If you're struggling with the concepts covered in this lab, please review portswigger.net/web-security/... 🧠
🔗 Portswigger challenge: portswigger.net/web-security/...
🧑💻 Sign up and start hacking right now - go.intigriti.com/register
👾 Join our Discord - go.intigriti.com/discord
🎙️ This show is hosted by / _cryptocat ( @_CryptoCat ) & / intigriti
👕 Do you want some Intigriti Swag? Check out swag.intigriti.com
Overview:
0:00 Intro
0:25 Testing for server-side parameter pollution in REST paths
2:09 Lab: Exploiting server-side parameter pollution in a REST URL
2:29 Explore site functionality
3:28 Probe password reset endpoint
4:32 Path traversal
5:41 Leak API routes
7:42 RESTful parameter pollution
8:23 Exploit older API version (v1)
9:46 Preventing server-side parameter pollution
10:16 Conclusion
good explanations, well done
Thank you! 👊
Hello, I need help, can you help me?
I want to open crypto conflict game with cheat engine.
But until the game is opened and connected to the cheat engine, the game closes.
And he gives me a message. Do you think this game can be cheated?
I don't know, sorry! Maybe check out GuidedHacking or the CheatEngine forums 🙂
If you can make a video of hacking this game, it will be great
😆