Skip to content

Latest commit

Β 

History

History
46 lines (28 loc) Β· 1.37 KB

File metadata and controls

46 lines (28 loc) Β· 1.37 KB

Web Security Reports

This repository contains practical web security vulnerability reports based on hands-on labs and real-world exploitation scenarios.

The focus is on understanding how common web vulnerabilities work in practice, especially in the context of authentication, API behavior, and request manipulation.


πŸ” What this repository includes

  • Server-side vulnerability analysis (SSPP, logic flaws)
  • API-related security issues
  • Authentication and authorization weaknesses
  • Step-by-step exploitation reports based on controlled lab environments

🧠 Purpose

The goal of this repository is to document and reinforce practical understanding of web application security by:

  • Analyzing how vulnerabilities occur at the request/response level
  • Understanding backend behavior and trust boundaries
  • Practicing structured vulnerability reporting

--

πŸ“„ Current Reports

  • Server-side Parameter Pollution in Password Reset Functionality
    β†’ Exploitation leading to administrator account takeover via backend parameter manipulation

⚠️ Note

All testing and exploitation is performed in legal, controlled lab environments designed for security learning and education.


πŸ“Œ Focus Areas

  • Web application security fundamentals
  • API security testing
  • Logical flaws in backend systems
  • Manual vulnerability discovery techniques