Pink Boo

URL-based access control can be circumvented PortSwigger Academy tutorial

Pink Boo

User role can be modified in user profile PortSwigger Academy tutorial

Pink Boo

User role controlled by request parameter PortSwigger Academy tutorial

Pink Boo

Unprotected admin functionality with unpredictable URL PortSwigger Academy tutorial

Pink Boo

Unprotected admin functionality PortSwigger Academy tutorial

Pink Boo

Information disclosure in version control history PortSwigger Academy tutorial GitHub Desktop

Pink Boo

Authentication bypass via information disclosure PortSwigger Academy tutorial

Pink Boo

Soure code disclosure via backup files PortSwigger Academy tutorial ffuf fuzzing

Pink Boo

Information disclosure on debug page PortSwigger Academy tutorial FFUF tutorial

Pink Boo

Information disclosure in error messages PortSwigger Academy tutorial Owasp Juice Shop tutorial

Pink Boo

Web shell upload via race condition PortSwigger Academy tutorial

Pink Boo

Remote code execution via polyglot web shell upload PortSwigger Academy tutorial

Pink Boo

Web shell upload via obfuscated file extension PortSwigger Academy tutorial

Pink Boo

Web shell upload via extension blacklist bypass PortSwigger Academy tutorial

Pink Boo

Web shell upload via path traversal PortSwigger Academy tutorial

Pink Boo

Web shell upload via Content-Type restriction bypass PortSwigger Academy tutorial

Pink Boo

Remote code execution via web shell upload PortSwigger Academy tutorial

Pink Boo

JWT authentication bypass via algorithm confusion with no exposed key PortSwigger Academy tutorial

Pink Boo

JWT authentication bypass via algorithm confusion PortSwigger Academy tutorial

Pink Boo

JWT authentication bypass via kid header path traversal PortSwigger Academy tutorial

Pink Boo

JWT authentication bypass via jku header injection PortSwigger Academy tutorial

Pink Boo

JWT authentication bypass via jwk header injection PortSwigger Academy tutorial

Pink Boo

JWT authentication bypass via weak signing key PortSwigger Academy tutorial

Pink Boo

JWT authentication bypass via flawed signature verification PortSwigger Academy tutorial

Pink Boo

JWT authentication bypass via unverified signature PortSwigger Academy tutorial

Pink Boo

Exfiltrating sensitive data via server-side prototype pollution PortSwigger Academy tutorial

Pink Boo

Remote code execution via server-side prototype pollution PortSwigger Academy tutorial

Pink Boo

Bypassing flawed input filters for server-side prototype pollution PortSwigger Academy tutorial

Pink Boo

Detecting server-side prototype pollution without polluted property reflection PortSwigger

Pink Boo

Privilege escalation via server-side prototype pollution PortSwigger Academy tutorial

Pink Boo