Curious captives

By

Screencasts on labs, challenges, ctfs, ...... more

Download on the App Store

Download on the App Store

Get it on Google Play

FAQs about Curious captives:

How many episodes does Curious captives have?

The podcast currently has 20 episodes available.

Curious captives episodes:

May 29, 2023 Inconsistent handling of exceptional input
The application does not adequately validate user input. Exploit a logic flaw in its account registration process to gain access to administrative functionality.
...more
0min
May 29, 2023 Combining web cache poisoning vulnerabilities
Poisoning a cache with multiple malicious responses simultaneously. The website is vulnerable to DOM-XSS due to the way the initTranslations() function handles data from the JSON file for all languages except English, and the home page sometimes uses backslashes as a folder separator. The server normalises these to forward slashes using a redirect. As a result, setting a language request with backward slash that redirects to the proper language path in a 302 response is cacheable and can be used to force other users to the another language version of the home page.
These two exploits are combined in a request importing a malicious JSON file in which a language setting is attacked from an exploit server. And while the cache is still poisoned, the home page is poisoned forcing all users to the page with that language.
...more
0min
May 29, 2023 Exploiting Java deserialisation with Apache Commons
This application uses a serialisation-based session mechanism and loads the Apache Commons Collections library.
...more
0min
May 29, 2023 Arbitrary object injection in PHP
This application uses a serialisation-based session mechanism and is vulnerable to arbitrary object injection as a result.
...more
0min
May 29, 2023 Modifying serialised data types
The application uses a serialisation-based session mechanism and is vulnerable to authentication bypass as a result.
...more
0min
May 29, 2023 Using application functionality to exploit insecure deserialisation
This application uses a serialisation-based session mechanism and a certain feature invokes a dangerous method on data provided in a serialised object.
...more
0min
May 29, 2023 Modifying serialised objects
The application uses a serialisation-based session mechanism and is vulnerable to privilege escalation as a result.
...more
0min
May 29, 2023 Internal cache poisoning
Another application vulnerable to web cache poisoning. An attacker can poison the internal cache so that the home page executes alert(document.cookie) in a victim's browser.
...more
0min
May 29, 2023 Targeted web cache poisoning using an unknown header
If an application directly reflects the value of an unkeyed header in the response, it opens the door to cache poisoning. Its value is not part of the cache key. If the attacker sends a request where only this header is maliciously modified, the response to this request will be cached, with the malicious payload targeting, for example, an XSS vulnerability. Users subsequently requesting content that matches the same cache key will receive the malicious version from the cache.
...more
0min
May 29, 2023 Cache key injection
This lab contains multiple independent vulnerabilities, including cache key injection. The vulnerabilities are combined to execute an alert(1) in a victim's browser.
...more
0min

FAQs about Curious captives:

How many episodes does Curious captives have?

The podcast currently has 20 episodes available.