OWASP Top 10
This page will be a dedicated one to the OWASP Top 10 to act like a writeup of the TryHackMe room (link of the room below)
Last updated
This page will be a dedicated one to the OWASP Top 10 to act like a writeup of the TryHackMe room (link of the room below)
Last updated
Broken Access Control
Cryptographic Failures
Injection
Insecure Design
Security Misconfiguration
Vulnerable and Outdated Components
Identification and Authentication Failures
Software and Data Integrity Failures
Security Logging & Monitoring Failures
Server-Side Request Forgery (SSRF)
Broken Access Control allows attackers to bypass authorisation, allowing them to view sensitive data or perform tasks they aren't supposed to. Access control is a security mechanism used to control which users or systems are allowed to access a particular resource or system.
IDOR or Insecure Direct Object Reference refers to an access control vulnerability where you can access resources you wouldn't ordinarily be able to see.
Access to the DB file
Get the hash of the admin
Crack the hash (Weak Encoding for Password)
Login as the admin !
Command Injection is a vulnerability that occurs when an attacker manipulates input fields to inject malicious commands into a vulnerable application. This can lead to unauthorised execution of arbitrary commands on the targeted server, potentially resulting in data breaches, system compromise, or unintended operations.
Use the "inline commands" to execute OS Command Injection inside a PHP script vulnerable
$(....)
Use the "Insecure Design" of the password reset system to login as joseph user (remember of the Instragram vulnerability about password resseting)
Use a debugging interface to execute Python command and access to credentials inside the app.py file.
Simply, it's when a system use a well-known vulnerability
Authentication and session management constitute core components of modern web applications. Authentication allows users to gain access to web applications by verifying their identities.
Brute force attacks
Weak credentials
Weak session cookies
Use a developer's mistake (re-registration of an existing user) to login as darren by addind a blank space before the username -> " darren"
When a system don't use any kind of integrity checks (hash for example)
Explain how to use a system which can check integrity of a resource the client need to download when he visit your website. For example, for the jquery third-party libraries, instead of using:
Will be around JWT and the None Algorithm
Everything about logging
Read a log to find some information
SSRF vulnerabilities often arise from implementations where our web application needs to use third-party services (external API for example to perform an action).
Use our own server to get the API key
3 examples of CWE for this category: , ,
3 examples of CWE for this category: , ,
3 examples of CWE for this category: , ,
Use an exploit to obtain a RCE on the server ()
You can use this to generate hashes for any library:
