- Introduction 3
- Course IntroductionLecture1.103 min
- Introduction to Bug HuntingLecture1.2
- What is a Website?Lecture1.305 min
- Information Disclosure vulnerabilities 8
- Introduction to Information Disclosure VulnerabilitiesLecture2.1
- Discovering Database Login CredentialsLecture2.209 min
- Discovering Endpoints & Sensitive DataLecture2.308 min
- Introduction to HTTP Status CodesLecture2.408 min
- Employing the Hacker / Bug Hunter Mentality to Discover Admin Login InformationLecture2.508 min
- Manipulating Application Behaviour Through the HTTP GET MethodLecture2.606 min
- Manipulating Application Behaviour Through the HTTP POST MethodLecture2.707 min
- Intercepting Requests With Brup ProxyLecture2.810 min
- Broken Access Control Vulnerabilities 6
- Introduction to Broken Access Control VulnerabilitiesLecture3.1
- Cookie ManipulationLecture3.2
- Accessing Private User DataLecture3.307 min
- Discovering IDOR Vulnerabilities (Insecure Direct Object Reference)Lecture3.409 min
- Privilege Escalation with Burp RepeaterLecture3.510 min
- Debugging Flows with HTTP TRACE & Gaining Admin Access!Lecture3.608 min
- Path / Directory Traversal 7
- Introduction to Path Traversal Vulnerabilities & Basic DiscoveryLecture4.109 min
- Bypassing Absolute Path RestrictionLecture4.205 min
- Bypassing Hard-coded ExtensionsLecture4.304 min
- Bypassing FilteringLecture4.404 min
- Bypassing Hard-coded PathsLecture4.504 min
- Bypassing Advanced FilteringLecture4.606 min
- Bypassing Extreme FilteringLecture4.709 min
- CSRF - Cross-Site Request Forgery 1
- Discovering & Exploiting CSRF VulnerabilitiesLecture5.109 min
- OAUTH 2.0 Vulnerabilities 4
- Introduction to OAUTH 2.0Lecture6.1
- OAUTH 2.0 Basic ExploitationLecture6.210 min
- Exploiting a Linking OAUTH 2.0 Flow Through CSRFLecture6.312 min
- Exploiting a Login OAUTH 2.0 Flow Through CSRFLecture6.413 min
- Injection Vulnerabilities 1
- Introduction to Injection VulnerabilitiesLecture7.1
- OS Command Injection 4
- Discovering a Basic Command Injection VulnerabilityLecture8.108 min
- Discovering Blind Command Injection VulnerabilitiesLecture8.209 min
- Discovering Asynchronous Blind Command Injection VulnerabilitiesLecture8.308 min
- Using Burp Collaborator to Exploit Asynchronous Blind Command InjectionLecture8.405 min
- XSS - Cross Site Scripting 3
- Introduction to XSS Vulnerabilities & Its TypesLecture9.104 min
- Discovering a HTML Injection VulnerabilityLecture9.205 min
- Discovering Reflected & Stored XSS VulnerabilitiesLecture9.305 min
- DOM XSS Vulnerabilities 6
- Introduction to DOM XSS VulnerabilitiesLecture10.105 min
- Discovering a Reflected DOM XSS in a LinkLecture10.206 min
- Discovering a Reflected XSS in an Image Tag!Lecture10.306 min
- Injecting Javascript Directly in a Page ScriptLecture10.406 min
- Discovering XSS in a Drop-down MenuLecture10.504 min
- Discovering XSS in AngularJS ApplicationLecture10.604 min
- XSS - Bypassing Security 5
- Bypassing Basic FilteringLecture11.106 min
- Bypassing Single-Quotes FilteringLecture11.2
- Bypassing Advanced FilteringLecture11.310 min
- Bypassing Server-Side FilteringLecture11.407 min
- Bypassing Extreme Filtering with Burp IntruderLecture11.509 min
- Bypassing Content Security Policy (CSP) 2
- Analysing the Target ApplicationLecture12.106 min
- Discovering an XSS in a CSP Enabled ApplicationLecture12.208 min
- SQL Injection Vulnerabilities 5
- Introduction to SQL Injection VulnerabilitiesLecture13.107 min
- Discovering SQL InjectionsLecture13.207 min
- Bypassing Admin Login Using Logical OperatorsLecture13.305 min
- Selecting Data From the DatabaseLecture13.408 min
- Accessing The Database Admin RecordsLecture13.507 min
- Blind SQL Injections 4
- Discovering Blind SQL InjectionsLecture14.106 min
- Enumerating Table & Column NamesLecture14.210 min
- Recovering Administrator Password With Burp IntruderLecture14.308 min
- Using the Cluster-Bomb Attack to Recover PasswordsLecture14.408 min
- Time-Based Blind SQL Injection 3
- Discovering Time-Based Blind SQLiLecture15.108 min
- Extracting Data From the Database Using a Time-Based Blind SQLiLecture15.211 min
- Getting The Admin Password Using a Time-Based Blind SQLiLecture15.3
- SSRF (Server-Side Request Forgery) 4
- Introduction to SSRF VulnerabilitiesLecture16.1
- Theory Behind SSRF Vulnerabilities & Their ImpactLecture16.207 min
- Discovering a Basic SSRF VulnerabilityLecture16.305 min
- Accessing Private (Admin) Resources Using an SSRF VulnerabilityLecture16.406 min
- SSRF - Advanced Exploitation 2
- Advanced SSRF DiscoveryLecture17.106 min
- Scanning & Mapping Internal Network & ServicesLecture17.208 min
- SSRF - Bypassing Security 3
- Bypassing BlacklistsLecture18.108 min
- Bypassing WhitelistsLecture18.210 min
- Chaining Open Redirection with SSRF to Bypass Restrictive FiltersLecture18.307 min
- Blind SSRF Vulnerabilities 4
- Introduction to Blind SSRF VulnerabilitiesLecture19.1
- Discovering Blind SSRF VulnerabilitiesLecture19.206 min
- Exploiting Blind SSRF VulnerabilitiesLecture19.308 min
- Escalating Blind SSRF to a Remote Code Execution (RCE)Lecture19.408 min
- XXE (XML External Entity) Injection 4
- Introduction to XXE Injection VulnerabilitiesLecture20.1
- What is XML?Lecture20.203 min
- Exploiting a Basic XXE InjectionLecture20.309 min
- Discovering an SSRF Through a Blind XXELecture20.407 min
- 2 Hour Live Bug Hunting ! 14
- 2 Hour Live Bug Hunt IntroductionLecture21.1
- Overview of the TargetLecture21.209 min
- Discovering an Open Redirect VulnerabilityLecture21.307 min
- Discovering an XSS in the ResponseLecture21.409 min
- Discovering an XSS in a HTML CommentLecture21.509 min
- Discovering an XSS in a Date PickerLecture21.606 min
- Broken Access Control in Booking PageLecture21.706 min
- Analysing Application Files & Finding Sensitive DataLecture21.812 min
- Discovering Endpoints Hidden In CodeLecture21.904 min
- Discovering an IDOR – Insecure Direct Object ReferenceLecture21.1004 min
- Discovering Hidden Endpoints Using RegexLecture21.1109 min
- Discovering a Complex Stored XSSLecture21.1211 min
- Discovering Bugs in Hidden ElementsLecture21.1308 min
- Discovering Bugs in Hidden ParametersLecture21.1407 min
- Participating in Bug Bounty Programs 3
- Hacker1 OverviewLecture22.110 min
- Bug-Bounty OverviewLecture22.206 min
- Submitting a Bug ReportLecture22.308 min
- Bonus Section 1
- Bonus Lecture – Want to learn more?Lecture23.103 min
Introduction to Blind SSRF Vulnerabilities
This lecture will introduce you to blind SSRF vulnerabilities and discuss its limitation.