⌘Ctrlk

Whoami
Notes
owsap-top-10:2025
write up
How I Turned an Image Upload Feature into Full Server Access Using DNS Queries
How I Discovered a Dependency Confusion Vulnerability in a Ruby Application Leading to RCE
Privilege Escalation via Impersonation Features feature
How I Escalated Simple HTML Injection to SSRF via PDF Rendering
How I was able to discover ATO Via IDOR vulnerability
how I Bypassed SAML Authentication, and had access to Admin Panel.

Powered by GitBook

On this page

Notes
API-Pen

API Authorization Attacks

Broken Object Level Authorization (BOLA)Broken Function Level Authorization

PreviousAPI Token Attacks NextBroken Object Level Authorization (BOLA)