Possibly Related Threads…

earflaps · 06-09-2024, 07:49 AM

I'm not necessarily asking for the easiest (I.E Sql injection), just the most common you've seen appear when pen testing. Appreciate any responses <3

Vittlesical · 06-09-2024, 07:52 AM

prolly no-rate limit which is useless jus spamming emails & it can be chained with other vulns and may or may not lead to account takeover + XSS(Cross-site scripting) + and API Vulnerabilities
https://www.vaadata.com/blog/api-penetra...box-tests/
https://academy.tcm-sec.com/p/hacking-apis
i suggest these resources if you want get into APIs Pentesting

This forum account is currently banned. Ban Length: (Permanent)
Ban Reason: See you on the other side.

earflaps · 06-09-2024, 11:00 AM

(06-09-2024, 07:52 AM)SilentMastermind Wrote: prolly no-rate limit which is useless jus spamming emails & it can be chained with other vulns and may or may not lead to account takeover + XSS(Cross-site scripting) + and API Vulnerabilities
https://www.vaadata.com/blog/api-penetra...box-tests/
https://academy.tcm-sec.com/p/hacking-apis
i suggest these resources if you want get into APIs Pentesting

Is TCM Sec worth buying or are there alternatives? Ty also

Vittlesical · 06-09-2024, 08:42 PM

(06-09-2024, 11:00 AM)earflaps Wrote:
(06-09-2024, 07:52 AM)SilentMastermind Wrote: prolly no-rate limit which is useless jus spamming emails & it can be chained with other vulns and may or may not lead to account takeover + XSS(Cross-site scripting) + and API Vulnerabilities
https://www.vaadata.com/blog/api-penetra...box-tests/
https://academy.tcm-sec.com/p/hacking-apis
i suggest these resources if you want get into APIs Pentesting

Is TCM Sec worth buying or are there alternatives? Ty also

from personal experience, i say yes theyre worth buying.
no prob<3

This forum account is currently banned. Ban Length: (Permanent)
Ban Reason: See you on the other side.

Crockett · 06-12-2024, 06:05 PM

PHP and XSS - 2 of the most flaws I have seen almost everywhere.

joepa · 06-12-2024, 07:40 PM

Weak passwords.

buu · 06-12-2024, 08:55 PM

no IP blocking or rate limiting. so they will let you brute force a login page all day long without detecting it nor blocking you.

ghostpe · 06-13-2024, 12:09 AM

XSS and SQL injec are well known

Egirl · 06-13-2024, 04:31 AM

I've seen alot of API shit since most API devs are paid like shit so they don't give a fuck to add some security

earflaps · (This post was last modified: 06-13-2024, 02:04 PM by earflaps.)

(06-13-2024, 04:31 AM)Egirl Wrote: I've seen alot of API shit since most API devs are paid like shit so they don't give a fuck to add some security

Appreciate it lmaoo

Possibly Related Threads…
Thread		Author	Replies	Views	Last Post
	A collection of deepweb sites [2025]	dg7ka	13	743	03-24-2025, 11:24 PM Last Post: ddcp1995
	3 dark web sites to get you going	UtDredd	7	419	03-24-2025, 06:57 PM Last Post: fatty
	The Dark Web most useful resources and sites	indus_pidor	5	508	03-20-2025, 05:12 PM Last Post: suciv
	Searching for anonymous file sharing sites	FFish	11	686	03-14-2025, 01:59 PM Last Post: channing456456
	good and cheap residential proxy sites/providers?	gloomer	9	665	02-26-2025, 12:50 PM Last Post: breacht00r