Please note: This is part six of a 10-part series on TryHackMe OWASP top 10 room

This vulnerability occurs when the web application should have been configured properly but was not. These misconfigurations may include unnecessary services enabled, use of default log-in credentials, exposure of sensitive information on error messages, and using unpatched/outdated software.

Lab: Security misconfiguration

This lab requires us to hack the web app and find the flag.The lab gives us a hint that default credentials could be in the app’s (Pensive Notes) documentation

A google search for the note-taking app shows its availability on GitHub

--

--

Please note: This is part four of a 10-part series on TryHackMe OWASP top 10 room

In order to understand XXE, it is important to have basics on XML,XML Parsers, XML Entities, and DTD. All this information can be obtained from https://www.w3schools.com/xml/

XXE (XML External Entity) vulnerability can be exploited to pass malicious input to the application through an XML document. The application trusts the user input through XML documents. This vulnerability allows for an attacker to have direct interaction with the back-end and other systems that can be accessed by the vulnerable application.

XXE Lab: XML External Entity -Exploiting

--

--

@rrietwrites

@rrietwrites

@rrietwrites is a cybersecurity researcher who also enjoys conversations on personal finance, lifestyle, mental health and human psychology