code

Blog

Burp Extension: Authentication Token Obtain and Replace (ATOR)

Author: Snir Aviv

/ 3 minutes read


Performing a Burp Suite scan towards an API will usually require authentication using a valid token during the entire scan process. As the scan is a continuous process, the authorization… read more

How We Bypassed File Upload Restrictions

Author: Snir Aviv

/ 5 minutes read


During a penetration test conducted on a web application, a critical finding was discovered, which permitted uploading malicious files into the application’s server, leading to the execution of arbitrary operating… read more

Privilege Escalation: Unauthenticated User to Admin

Author: Snir Aviv

/ 5 minutes read


During a penetration test conducted on a web application, a critical finding was discovered, allowing the creation of an administrator account while being unauthenticated.The application’s frontend interacts with the backend… read more

How We Were Able to Access User Personal Data

Author: Snir Aviv

/ 5 minutes read


During a penetration test conducted on a web application, a critical finding was discovered, allowing complete access to users’ private information through the leverage of Insecure Direct Object Reference (IDOR)… read more

How We Were Able to Fetch Internal Server Resources

Author: Snir Aviv

/ 5 minutes read


During a penetration test conducted on a web application, a critical finding was discovered, allowing access to private Git repositories which led to further data exposure of highly sensitive files.… read more
top