Exploiting server side parameter pollution in a REST URL | PortSwigger Academy tutorial
ฝัง
- เผยแพร่เมื่อ 23 ธ.ค. 2023
- PortSwigger Academy Lab: portswigger.net/web-security/...
Free Burp Suite Professional trial: portswigger.net/burp/pro/trial
Server-side variable names list: github.com/antichown/burp-pay...
Common API definition filenames:
swagger.yaml
swagger.json
openapi.yaml
openapi.json
api.raml
api.yaml
api.json
service.wsdl
service.xml
service-definition.wsdl
schema.graphql
schema.json
collection.json
postman_collection.json
api.apib
api.md
api-blueprint.md
service.proto
api.proto
asyncapi.yaml
asyncapi.json
service.wadl
application.wadl
api.yaml
api.json
Remember that these are common conventions, and actual filenames may vary based on project preferences and requirements.
Love your content! Your are very efficient in explaining concepts quickly yet clearly. Some of your older videos had low volume but it appears you have fixed that! One tiny constructive criticism, adding the transcript option to your videos would be so very helpful 🙏🙏🙏. Keep up the great work!!!
thanks , you are great ❤❤❤