Freaks City

Authentication Vulnerabilities Exploiting Weak Credentials The first challenge involves bypassing authentication through brute force techniques. The objective is to identify valid credentials by testing common passwords against a target login interface. To execute this attack, an interception proxy like Burp Suite is essential. Capture the init ...

JSON Web Tokens consist of three distinct segments: a header defining cryptographic parameters, a payload carrying assertions, and a signature ensuring integrity. Implementing token validation in a Spring ecosystem requires orchestrating token generation, externalized configuration, request interception, and MVC registration. The following guid ...

Algorithm Comparison SHA-256 AES Hash Algorithm Symmetric Encryption Irreversible Reversible No Key Storage Required Requires Key Storage When securing passwords, hash functions are typically preferred over symmetric encryption algorithms. Hash algorithms like SHA-256 are more commonly recommended for password protection due to th ...

Understanding SSRF Attacks Server-Side Request Forgery (SSRF) occurs when a application allows users to supply URLs or IP addresses that the server will then request data from. This vulnerability arises primarily when web applications provide functionality to fetch resources from external sources without properly validating or sanitizing the ta ...

The src attribute of an <img> tag can reference local files, inline base64 data, or execute asynchronous HTTP GET requests when pointing to a backend route. Routing this endpoint to return binary image data allows seamless integration with template rendering. To avoid filesystem overhead, generating verification images entirely in memory ...

Overview File upload vulnerabilities arise when web applications inadequately validate or sanitize user-supplied files before storing and serving them. Exploiting these flaws allows attackers to inject executable code—such as PHP webshells—into the server’s filesystem, often leading to remote code execution. Upload-Labs is a deliberately vulner ...

1 File Upload Vulnerability Overview File upload functionality is a common feature in virtually all web applications and server-client systems. Users need to upload images for articles and blog posts, profile pictures, or various files to cloud storage services. If servers lack proper filtering mechanisms, allowing webshells, executable files, ...