Course 27 - Hacking Web Applications, Penetration Testing, CTF | Episode 17: Common Network and Web Application Vulnerabilities

In this lesson, you’ll learn about:Common network “low-hanging fruit” vulnerabilities, including:Anonymous FTP accessGuest SMB sharesDefault credentials across services like SSH, RDP, and databases such as MySQL, PostgreSQL, and Microsoft SQL ServerThe risks of credential reuse across multiple systemsClear-text traffic risks, understanding how tools like Wireshark can reveal sensitive credentials when encryption is not enforced.Injection-based web attacks, including:SQL Injection (SQLi), where unsanitized input manipulates backend database queriesOS Command Injection, where user input is executed directly by the underlying operating systemFile Inclusion vulnerabilities, distinguishing between:Local File Inclusion (LFI)Remote File Inclusion (RFI)Common bypass techniques such as null byte injections and encoding tricksCross-Site Scripting (XSS) categories:Reflected XSSStored XSSDOM-based XSSAuthentication and session management flaws, including:Username enumerationPassword spraying attacksImproper reliance on cookies for authorization decisionsClient-side validation weaknesses, demonstrating how browser-side controls can be bypassed using interception tools like Burp Suite to manipulate parameters, hidden fields, and perform parameter pollution.Additional misconfigurations and risks, such as:Open redirectsOpen mail relaysLogic flaws in applications, including online gaming systemsYou can listen and download our episodes for free on more than 10 different platforms:https://linktr.ee/cybercode_academy