This blog post aims to provide an overview of caching mechanisms on both the front-end and back-end of GraphQL Apollo. In this article, the researcher presented the misconfiguration that can exist in the caching mechanism of Apollo with the attached checklist for the penetration testing engagements and recommendations for developers....
[Read More]
AWAE and OSWE review
At the end of the 2020, I took the Advanced Web Application Exploitation (AWAE) course by Offensive Security. After the course, at the beginning of 2021 I have successfully passed the Offensive Security Web Expert (OSWE) exam on the first attempt. This blog post is written to share my path,...
[Read More]
Exploiting Jinja SSTI with limited payload size.
Interesting use-case
There have been several interesting articles published on how to exploit the Jinja SSTI with several restrictions in place e.g. character restriction or access to the object restrictions. The very comprehensive article I have found with regards to Jinja Exploitation that covers almost all aspect can be found under the...
[Read More]
Gynvael's web security challenge - part 6.
Quick hacking at the weekend.
Over the weekend I have decided to play with Gynvael’s web security challenges. The post presents the write-up of challenge 6.
The challenge is located under the following URL:
http://challenges.gynvael.stream:5006
[Read More]
Gynvael's web security challenge - part 5.
Quick hacking at the weekend.
Over the weekend I have decided to play with Gynvael’s web security challenges. The post presents the write-up of challenge 5.
The challenge is located under the following URL:
http://challenges.gynvael.stream:5005
[Read More]