Episode Details
Back to Episodes
Course 27 - Hacking Web Applications, Penetration Testing, CTF | Episode 17: Common Network and Web Application Vulnerabilities
Published 2 months ago
Description
In this lesson, you’ll learn about:
You can listen and download our episodes for free on more than 10 different platforms:
https://linktr.ee/cybercode_academy
- Common network “low-hanging fruit” vulnerabilities, including:
- Anonymous FTP access
- Guest SMB shares
- Default credentials across services like SSH, RDP, and databases such as MySQL, PostgreSQL, and Microsoft SQL Server
- The risks of credential reuse across multiple systems
- Clear-text traffic risks, understanding how tools like Wireshark can reveal sensitive credentials when encryption is not enforced.
- Injection-based web attacks, including:
- SQL Injection (SQLi), where unsanitized input manipulates backend database queries
- OS Command Injection, where user input is executed directly by the underlying operating system
- File Inclusion vulnerabilities, distinguishing between:
- Local File Inclusion (LFI)
- Remote File Inclusion (RFI)
- Common bypass techniques such as null byte injections and encoding tricks
- Cross-Site Scripting (XSS) categories:
- Reflected XSS
- Stored XSS
- DOM-based XSS
- Authentication and session management flaws, including:
- Username enumeration
- Password spraying attacks
- Improper reliance on cookies for authorization decisions
- Client-side validation weaknesses, demonstrating how browser-side controls can be bypassed using interception tools like Burp Suite to manipulate parameters, hidden fields, and perform parameter pollution.
- Additional misconfigurations and risks, such as:
- Open redirects
- Open mail relays
- Logic flaws in applications, including online gaming systems
You can listen and download our episodes for free on more than 10 different platforms:
https://linktr.ee/cybercode_academy