👩🎓👨🎓 Learn about API testing (and server-side parameter pollution)! To solve this lab, we'll need to log in as the administrator and delete the user carlos.
If you're struggling with the concepts covered in this lab, please review portswigger.net/web-security/... 🧠
🔗 Portswigger challenge: portswigger.net/web-security/...
🧑💻 Sign up and start hacking right now - go.intigriti.com/register
👾 Join our Discord - go.intigriti.com/discord
🎙️ This show is hosted by / _cryptocat ( @_CryptoCat ) & / intigriti
👕 Do you want some Intigriti Swag? Check out swag.intigriti.com
Overview:
0:00 Intro
0:25 Testing for server-side parameter pollution in REST paths
2:09 Lab: Exploiting server-side parameter pollution in a REST URL
2:29 Explore site functionality
3:28 Probe password reset endpoint
4:32 Path traversal
5:41 Leak API routes
7:42 RESTful parameter pollution
8:23 Exploit older API version (v1)
9:46 Preventing server-side parameter pollution
10:16 Conclusion
Негізгі бет Exploiting Server-side Parameter Pollution in a REST URL
Пікірлер: 6