Все публикации

0:03:33

Portswigger: exploiting path delimiters for web cache deception

0:02:51

Portswigger: Exploiting path mapping for web cache deception

0:03:50

Portswigger: Referer-based access control

0:03:02

Portswigger: Multi-step process with no access control on one step

0:02:07

Portswigger: Insecure direct object references

0:01:48

Portswigger: User ID controlled by request parameter with password disclosure

0:01:37

Portswigger: User ID controlled by request parameter with data leakage in redirect

0:01:51

Portswigger: User ID controlled by request parameter, with unpredictable user IDs

0:01:20

Portswigger: User ID controlled by request parameter

0:05:24

Portswigger: Exploiting insecure output handling in LLMs

0:06:41

Portswigger: Indirect prompt injection

0:03:33

Portswigger: Exploiting vulnerabilities in LLM APIs

0:03:27

Portswigger: Exploiting LLM APIs with excessive agency

0:03:11

Portswigger: Method-based access control can be circumvented

0:04:08

Portswigger: URL-based access control can be circumvented

0:01:58

Portswigger: User role can be modified in user profile

0:01:46

Portswigger: User role controlled by request parameter

0:01:15

Portswigger: Unprotected admin functionality with unpredictable URL

0:01:07

Portswigger: Unprotected admin functionality

0:02:56

Portswigger: Exploiting server-side parameter pollution in a REST URL

0:03:36

Portswigger: Exploiting server side parameter pollution in a query string

0:04:17

Portswigger: Exploiting a mass assignment vulnerability

0:04:09

Portswigger: Finding and exploiting an unused API endpoint

0:03:05

Portswigger: Exploiting an API endpoint using documentation