Well, you may have heard of OAuth as a third-party authorization delegation service, but we need a set of test cases and some context. I’ll explain everything you need to know about OAuth from a security standpoint and provide a clear list of test cases so you can report high severity issues on your next engagement.This guide will cover the Authorization Code Grant flow. After reading this article, you should have enough context to devise your own test cases for the remaining authorization flows.
OAuth is an attempt to migrate authorization to a third party service. It allows a resource…
Here is the fun story, i managed to brake my phone by just applying a wallpaper to it and i am not alone. It seems like hundreds of people in the last week for their entire phone wiped because if this photo. I see it first on twitter (Ice Universe , a famous leakier) saying please don’t apply it 🙏 but off course people did.
so you want to bypass your’s college filtering firewall,amirite?
well,there are many ways to do so..i will let you know the ways i know
I would create a simple NodeJs application,which rurs on one of my private servers on the internet. It would wait for a Websocket connection on port 80 and unwrap/proxy everything it receives to the internet. It would require some form of authentication, maybe using a certificate or password.
On my work laptop, I would then create a local NodeJS proxy, which accepts all kinds of connections and wraps them into a request to my external server…
hope you all are doing well .. 😃
There are many ways to hunt for the IDOR but here i will share my way that might help you. 🚀
Insecure direct object references (IDOR) are a type of access control vulnerability that arises when an application uses user-supplied input to access objects directly. The term IDOR was popularized by its appearance in the OWASP 2007 Top Ten. However, it is just one example of many access control implementation mistakes that can lead to access controls being circumvented. IDOR vulnerabilities are most commonly associated with horizontal privilege escalation, but…
Hello Fellow Hackers!
I am sitting in my room for last 5 days due to corona virus outbreak world wide and feeling really bored . So I thought why not do a write-up for the new comers that have the same problem that i had when i was new to the community. 😃
All the things it get to learn are from the community and googling the stuffs.
I would like to divide the target into two categories and the way to approach that target will be based on the category it lies under. 👇