Projects using Kali Linux in Lahore

Projects using Kali Linux in LahoreProjects using Kali Linux in Lahore

Cover image for I discovered a stored cross-site

I discovered a stored cross-site scripting (XSS) vulnerability in a practice web application's comment section that allowed me to inject malicious JavaScript that would execute in any user's browser. By submitting a comment containing a script payload, I successfully stole session cookies from other users and could have hijacked their accounts, performed actions on their behalf, or defaced the website. This finding was documented in a comprehensive report including proof-of-concept screenshots showing cookie theft, CVSS risk scoring of 6.5 (Medium), and step-by-step remediation guidance including input sanitization and output encoding. This assessment demonstrates my ability to find client-side vulnerabilities that can compromise every user visiting the site.

0

2

Cover image for I discovered a SQL injection

I discovered a SQL injection vulnerability in a practice web application that allowed me to bypass the login system and access the entire user database without any credentials. By inserting a simple payload into the username field, I successfully logged in as the first user in the database and extracted sensitive information including usernames, password hashes, and user email addresses. This finding was documented in a detailed report with proof-of-concept screenshots, risk analysis showing potential data breach impact, and step-by-step remediation guidance including parameterized queries and input validation. This assessment demonstrates my ability to find critical database vulnerabilities that could expose thousands of customer records.

0

2

Cover image for During a security assessment of

During a security assessment of a practice web application, I discovered an exposed FTP directory with directory listing enabled, revealing multiple sensitive files including a password database, backup configurations, compiled source code, and error logs. After finding a clue in robots.txt, I navigated to the /ftp directory and documented over ten exposed files with their associated risks. My final report included an executive summary, detailed findings with screenshots, risk ratings for each exposed file, and step-by-step remediation guidance including disabling directory listing and removing sensitive data. This finding highlights how simple misconfigurations can lead to critical data exposure.

0

11

Cover image for I discovered an Insecure Direct

I discovered an Insecure Direct Object Reference (IDOR) vulnerability in a practice web application that allowed unauthorized users to access other people's private snippets simply by changing a number in the URL. Using whatweb and manual inspection, I identified parameter tampering points and successfully accessed private data for five different users without authentication. The finding was documented in a comprehensive report including executive summary, technical details with screenshots, CVSS risk scoring, and step-by-step remediation instructions. This assessment demonstrates my ability to find broken access controls that automated tools miss and deliver clear, actionable fixes.

0

12