Techniques to Identify Template Engines (Pre-SSTI Phase) Identifying whether a web application uses a server-side template engine is a critical precursor to SSTI testing. In modern architectures—e...

1. 🎨 Frontend Tech Stack Languages: 🧱 HTML – Structure of web pages 🎨 CSS – Styling ⚡ JavaScript – Client-side scripting Frameworks/Libraries: ⚛️ React 🧩 Vue.js 🅰️ Angular 🧵 Sv...

Enumeration and Footprint nmap: nmap -sC -sV -A -T4 -Pn 10.10.68.61 Starting Nmap 7.95 ( https://nmap.org ) at 2025-05-20 12:05 IST Nmap scan report for 10.10.68.61 Host is up (0.14s latency). No...

How do web servers handle requests for static files? The process for handling these static files is still largely the same. At some point, the server parses the path in the request to identify the...

✅ Security Headers (Response) These help protect against XSS, clickjacking, MIME sniffing, and enforce secure communication. Header Purpose Strict-Trans...

🧨 1. XXE (XML External Entity) Injection Target: Applications that parse XML input Cause: Improper XML parser configuration that allows external entity declarations Exploitation: Attackers inject ...

Enumeration and Footprinting nmap: nmap -sC -sV -A -T4 -Pn 10.10.11.58 Starting Nmap 7.95 ( https://nmap.org ) at 2025-03-17 22:14 IST Nmap scan report for 10.10.11.58 Host is up (0.22s latenc...

Cross-site request forgery (also known as CSRF) is a web security vulnerability that allows an attacker to induce users to perform actions that they do not intend to perform. It allows an attacker ...

Request Methods: 1. GET 2. HEAD 3. POST 4. PUT 5. DELETE 6. PATCH 7. CONNECT 8. OPTIONS 9. TRACE Safe, idempotent, and cacheable request methods Method Safe Idempotent...

Enumeration There is feature to book trip, which then makes the date downloaded in json file. http://titanic.htb/download?ticket=08de371a-8c0c-4215-a977-b53459f4bb41.json nmap: ┌──(d31ty㉿kali)-[~...