PortSwigger - HTTP Host Header Attacks - Lab #2 Host header authentication bypass
Popo Hack
PortSwigger - HTTP Host Header Attacks - Lab #2 Host header authentication bypass
9:32
PortSwigger - HTTP Host Header Attacks - Lab #1 Basic password reset poisoning
Popo Hack
PortSwigger - HTTP Host Header Attacks - Lab #1 Basic password reset poisoning
17:01
Portswigger - File upload - Lab #2 Web shell upload via Content Type restriction bypass
Popo Hack
Portswigger - File upload - Lab #2 Web shell upload via Content Type restriction bypass
11:24
Portswigger - File upload - Lab #1 Remote code execution via web shell upload
Popo Hack
Portswigger - File upload - Lab #1 Remote code execution via web shell upload
13:14
Portswigger - Access Control - Lab #13 Referer based access control
Popo Hack
Portswigger - Access Control - Lab #13 Referer based access control
9:13
Portswigger - Access Control - Lab #12 Multi step process with no access control on one step
Popo Hack
Portswigger - Access Control - Lab #12 Multi step process with no access control on one step
9:00
Portswigger - Access Control - Lab #11 Method based access control can be circumvented
Popo Hack
Portswigger - Access Control - Lab #11 Method based access control can be circumvented
9:18
Portswigger - Access Control - Lab #10 URL based access control can be circumvented
Popo Hack
Portswigger - Access Control - Lab #10 URL based access control can be circumvented
8:44
Portswigger - Access Control - Lab #9 Insecure direct object references (IDOR)
Popo Hack
Portswigger - Access Control - Lab #9 Insecure direct object references (IDOR)
7:12
Portswigger - Access Control - Lab #8 User ID controlled request parameter with password disclosure
Popo Hack
Portswigger - Access Control - Lab #8 User ID controlled request parameter with password disclosure
5:31
Portswigger - Access Control - Lab #7 User ID controlled by req params with data leakage in redirect
Popo Hack
Portswigger - Access Control - Lab #7 User ID controlled by req params with data leakage in redirect
7:10
Portswigger - Access Control - Lab #6 User ID controlled by request parameter with unpredictable use
Popo Hack
Portswigger - Access Control - Lab #6 User ID controlled by request parameter with unpredictable use
7:09
Portswigger - XSS - Lab #3 DOM XSS in document write sink using source location search
Popo Hack
Portswigger - XSS - Lab #3 DOM XSS in document write sink using source location search
5:39
Portswigger - XSS - Lab #2 Stored XSS into HTML context with nothing encoded
Popo Hack
Portswigger - XSS - Lab #2 Stored XSS into HTML context with nothing encoded
7:09
Portswigger - XSS - Lab #1 Reflected XSS into HTML context with nothing encoded
Popo Hack
Portswigger - XSS - Lab #1 Reflected XSS into HTML context with nothing encoded
7:31
Portswigger - Access Control - Lab #5 User ID controlled by request parameter
Popo Hack
Portswigger - Access Control - Lab #5 User ID controlled by request parameter
5:23
Portswigger - Information Disclosure - Lab #5 Information disclosure in version control history
Popo Hack
Portswigger - Information Disclosure - Lab #5 Information disclosure in version control history
11:29
Portswigger - Access Control - Lab #4 User role can be modified in user profile
Popo Hack
Portswigger - Access Control - Lab #4 User role can be modified in user profile
6:57
Portswigger - Access Control - Lab #3 User role controlled by request parameter
Popo Hack
Portswigger - Access Control - Lab #3 User role controlled by request parameter
4:37
Portswigger - Access Control - Lab #2 Unprotected admin functionality with unpredictable URL
Popo Hack
Portswigger - Access Control - Lab #2 Unprotected admin functionality with unpredictable URL
5:22
Portswigger - Access Control - Lab #1 Unprotected admin functionality
Popo Hack
Portswigger - Access Control - Lab #1 Unprotected admin functionality
4:36
Portswigger - Business Logic - Lab #2 High level logic vulnerability
Popo Hack
Portswigger - Business Logic - Lab #2 High level logic vulnerability
7:31
Portswigger - Business Logic - Lab #1 Excessive trust in client side controls
Popo Hack
Portswigger - Business Logic - Lab #1 Excessive trust in client side controls
6:32
Portswigger - Information Disclosure - Lab #4 Authentication bypass via information disclosure
Popo Hack
Portswigger - Information Disclosure - Lab #4 Authentication bypass via information disclosure
9:22
Portswigger - Information Disclosure - Lab #3 Source code disclosure via backup files
Popo Hack
Portswigger - Information Disclosure - Lab #3 Source code disclosure via backup files
6:06
Portswigger - Information Disclosure - Lab #2 Information disclosure on debug page
Popo Hack
Portswigger - Information Disclosure - Lab #2 Information disclosure on debug page
4:50
Portswigger - Information Disclosure - Lab #1 Information disclosure in error messages
Popo Hack
Portswigger - Information Disclosure - Lab #1 Information disclosure in error messages
5:24
Portswigger - API Testing - Lab #5 Exploiting server side parameter pollution in a REST URL
Popo Hack
Portswigger - API Testing - Lab #5 Exploiting server side parameter pollution in a REST URL
14:12
Portswigger - API Testing - Lab #4 Exploiting a mass assignment vulnerability
Popo Hack
Portswigger - API Testing - Lab #4 Exploiting a mass assignment vulnerability
7:06
Portswigger - API Testing - Lab #3 Finding and exploiting an unused API endpoint
Popo Hack
Portswigger - API Testing - Lab #3 Finding and exploiting an unused API endpoint
9:19
Portswigger - API Testing - Lab #2 Exploiting server side parameter pollution in a query string
Popo Hack
Portswigger - API Testing - Lab #2 Exploiting server side parameter pollution in a query string
15:05
Portswigger - API Testing - Lab #1 Exploiting an API endpoint using documentation
Popo Hack
Portswigger - API Testing - Lab #1 Exploiting an API endpoint using documentation
9:50
Portswigger - WebSockets - Lab #2 Cross site WebSocket hijacking
Popo Hack
Portswigger - WebSockets - Lab #2 Cross site WebSocket hijacking
13:19
Portswigger - NoSQL injection - Lab #4 Exploiting NoSQL operator injection to extract unknown field
Popo Hack
Portswigger - NoSQL injection - Lab #4 Exploiting NoSQL operator injection to extract unknown field
24:19
Portswigger - NoSQL injection - Lab #3 Exploiting NoSQL injection to extract data
Popo Hack
Portswigger - NoSQL injection - Lab #3 Exploiting NoSQL injection to extract data
16:18
Portswigger - NoSQL injection - Lab #2 Exploiting NoSQL operator injection to bypass authentication
Popo Hack
Portswigger - NoSQL injection - Lab #2 Exploiting NoSQL operator injection to bypass authentication
9:21
Portswigger - NoSQL injection - Lab #1 Detecting NoSQL injection
Popo Hack
Portswigger - NoSQL injection - Lab #1 Detecting NoSQL injection
10:21
Portswigger - Cross-origin resource sharing - Lab #3 CORS vulnerability with trusted insecure
Popo Hack
Portswigger - Cross-origin resource sharing - Lab #3 CORS vulnerability with trusted insecure
14:35
Portswigger - Cross-origin resource sharing - Lab #2 CORS vulnerability with trusted null origin
Popo Hack
Portswigger - Cross-origin resource sharing - Lab #2 CORS vulnerability with trusted null origin
10:40
Portswigger - Cross-origin resource sharing - Lab #1 CORS vulnerability with basic origin reflection
Popo Hack
Portswigger - Cross-origin resource sharing - Lab #1 CORS vulnerability with basic origin reflection
12:41
Portswigger - WebSockets - Lab #1 Manipulating WebSocket messages to exploit vulnerabilities
Popo Hack
Portswigger - WebSockets - Lab #1 Manipulating WebSocket messages to exploit vulnerabilities
6:22
Portswigger - Essential Skills - Lab #1 Discovering vulnerabilities quickly with targeted scanning
Popo Hack
Portswigger - Essential Skills - Lab #1 Discovering vulnerabilities quickly with targeted scanning
6:48
Portswigger - Race Conditions - Lab #5 Exploiting time sensitive vulnerabilities
Popo Hack
Portswigger - Race Conditions - Lab #5 Exploiting time sensitive vulnerabilities
11:55
picoCTF Capture the Flag for beginners - picoGym Practice Challenges - Obedient Cat
Popo Hack
picoCTF Capture the Flag for beginners - picoGym Practice Challenges - Obedient Cat
3:36
Portswigger - Race Conditions - Lab #4 Single endpoint race conditions
Popo Hack
Portswigger - Race Conditions - Lab #4 Single endpoint race conditions
7:29
Portswigger - Race Conditions - Lab #3 Multi endpoint race conditions
Popo Hack
Portswigger - Race Conditions - Lab #3 Multi endpoint race conditions
7:14
Portswigger - Race Conditions - Lab #2 Bypassing rate limits via race conditions
Popo Hack
Portswigger - Race Conditions - Lab #2 Bypassing rate limits via race conditions
7:07
Portswigger - GraphQL API Vulnerabilities - Lab #5 Performing CSRF exploits over GraphQL
Popo Hack
Portswigger - GraphQL API Vulnerabilities - Lab #5 Performing CSRF exploits over GraphQL
13:18
Portswigger - Race Conditions - Lab #1 Limit overrun race conditions
Popo Hack
Portswigger - Race Conditions - Lab #1 Limit overrun race conditions
9:29
Portswigger - GraphQL API Vulnerabilities - Lab #4 Bypassing GraphQL brute force protections
Popo Hack
Portswigger - GraphQL API Vulnerabilities - Lab #4 Bypassing GraphQL brute force protections
13:53
How to update Burp Suite version to 2023.9 or higher in Kali Linux
Popo Hack
How to update Burp Suite version to 2023.9 or higher in Kali Linux
4:08
Portswigger - GraphQL API Vulnerabilities - Lab #3 Finding a hidden GraphQL endpoint
Popo Hack
Portswigger - GraphQL API Vulnerabilities - Lab #3 Finding a hidden GraphQL endpoint
13:24
Portswigger - GraphQL API Vulnerabilities - Lab #2 Accidental exposure of private GraphQL fields
Popo Hack
Portswigger - GraphQL API Vulnerabilities - Lab #2 Accidental exposure of private GraphQL fields
5:43
Portswigger - GraphQL API Vulnerabilities - Lab #1 Accessing Private GraphQL posts
Popo Hack
Portswigger - GraphQL API Vulnerabilities - Lab #1 Accessing Private GraphQL posts
7:10