Tutorials on How To Exploit Some Vulnerabilities

This is a list of tutorial resources that can be helpful to security researchers that want to learn more about web and mobile application hacking. Please let us know if you have any suggestions for resources that we should add to this post!

Web applications:

XSS

  • A comprehensive tutorial on cross-site scripting – link1.6k
  • Favorite XSS Filters/IDS and how to attack them – pdf link639
  • Introduction to cross-site scripting – link364
  • Avoiding XSS Detection – link

 

 

CSRF

  • Finding and Preventing CSRF – pdf link474
  • How to exploit CSRF Vulnerabilities – link385

 

 

SQL Injection

  • Introduction to SQL Injection – link614
  • Introduction to MySQL Injection – link198
  • Full MSSQL Injection PWNage – link200
  • Everything you wanted to know about SQL injection – link269

 

 

Remote Code/Command Execution

  • How to find RCE in scripts (with examples)- link621
  • Yahoo LFI Converted to RCE – link169
  • Remote Code Execution in Elasticsearch – CVE-2015-1427 – link175

 

 

XXE

  • Generic XXE Detection – link326
  • XML Out-Of-Band Data Retrieval – pdf link114
  • SSRF vs. Business-critical applications: XXE tunneling in SAP – pdf
    link86
  • What you didn’t know about XXE – pdf link125

 

 

Other:

  • SSRF Attacks – slideshare link163
  • Cross Site Port Attacks – link115
  • Hunting for Top Bounties – YouTube link294
  • How to steal and modify data using Business Logic flaws – slideshare
    link116
  • Exploiting CVE-2011-2461 on google.com – link92
  • PentesterLab – link165 – PentesterLab provides vulnerable systems that can be used to test and understand vulnerabilities. (thanks @n0x00)
  • InjectX to find XSS – link – thanks @1N3
  • Attacking Ruby on Rails Applications – link58

 

 

Mobile Applications:

Android

  • Debugging Java Applications Using JDB – link174
  • Hacking Android Apps Using Backup Techniques – link243

iOS

  • Setting Up a Mobile Pentesting Platform – link164
  • iOS Application Security – link97
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s