Insecure Direct Object Reference (IDOR) vulnerabilities are still in the wild and could lead to, for example, horizontal privilege escalation. A user could modify certain values in a web application and gain access to unauthorised data. Developing a vulnerable application Moreover, the vulnerable web application was developed using Python with…
flask
According to OWASP, injection attacks are still a common attack vector. There are several tools which can be used to exploit a SQL vulnerability. A personal favourite is SQLmap. However, understanding how SQLi works is an important aspect of penetration testing. It is also crucial to understand how the underlying…