Autoplay
Autocomplete
Previous Lesson
Complete and Continue
WebSecNinja: Lesser Known WebAttacks
Introduction to the Course
Introduction (1:34)
RCE ATTACKS AND TECHNIQUES
Remote Command or OS Command Injection Basics (7:00)
Blind RCE Injection (6:13)
RCE Techniques and Cheat Sheet (6:13)
Bypassing RCE Filter (2:46)
JSON HIJACKING
JSON Hijacking Basics (3:24)
JSON Hijacking Demo (4:36)
LESSER KNOWN XSS VARIANTS
mXSS or mutation XSS (5:25)
rPO XSS or Relative Path Overwrite XSS (5:04)
SERVER SIDE INCLUDES INJECTION (SSI INJECTION)
Server Side Includes Injection Basics (2:49)
Server Side Includes Injection Demo (3:25)
SERVER SIDE REQUEST FORGERY (SSRF)
Server Side Request Forgery Basics (2:50)
Exploiting an SSRF Vulnerability (7:30)
REFLECTED FILE DOWNLOAD (RFD)
Reflected File Download (RFD) Theory (8:20)
RFD Attack Explained (12:00)
ABUSING WINDOW.OPENER PROPERTY
Abusing JavaScript's window.opener property Theory (4:26)
Phishing by abusing window.opener property (0:54)
SAME ORIGIN METHOD EXECUTION (SOME)
Same Origin Method Execution Introduction (7:11)
Same Origin Policy (SOP) (3:38)
SOME Attack with Flash Callback explained (5:17)
SOME Attack with Flash Callback Demo (8:04)
COURSE MATERIALS
Course Slides
Source Code
rPO XSS or Relative Path Overwrite XSS
Lesson content locked
If you're already enrolled,
you'll need to login
.
Enroll in Course to Unlock