idor

Web Hacking with Santeri

Santeri shared his approach to web pen penetration testing. He visited my ethical hacking course.

Santeri's top 3 favourite vulnerabilities are

  • IDOR (?id=123 => id=124, also OWASP 1.)
  • Path traversal (../../../etc/passwd)
  • Server Side Template Injection - My name is {{6*7}}