Scomurr's Blog - Page 6 of 19 - Play for serendipity...

Affiliate Marketing, Canva

Creating My New Logo with Canva

Let’s Make a New Logo with Canva for Scomurr.com Scomurr.com needs a new logo! For this, I am going to use a few tools, but the goal is to come up with a killer logo that can help me drive…

scomurr
12/13/2023

Security, Web Attacks

HTTP Request Smuggling – HTTP/2 Request Tunnelling

Time for another one of the advanced labs on the PortSwigger Web Security Academy. For this lab, we are dealing with an HTTP/2 downgrade attack that allows the attacker to smuggle a request to the backend. Due to how the…

scomurr
03/19/2023

Security, Web Attacks

HTTP Request Smuggling – Web Cache Poisoning for Deception

This lab is a bit similar to the last, however, it has a completely different purpose. In the previous, we poisoned the cache in an attempt to trigger an XSS. In this lab, we are looking at poisoning a cache…

scomurr
03/12/2023

Security, Web Attacks

HTTP Request Smuggling – Web Cache Poisoning

This lab is a lot of fun and requires chaining together techniques to fully exploit. First, we have to identify if, where, and how the application is vulnerable to a smuggling attack. Once that has been established, we need to…

scomurr
03/05/2023

Security, Web Attacks

HTTP Request Smuggling – Admin Access via CL.0 Vulnerability

This next lab represents an interesting vulnerability where specific paths/routes within an application are vulnerable to desync when there is no expectation of anything other than the intended HTTP verb ever showing as part of a request. These are very…

scomurr
02/25/2023