This repository contains practical web security vulnerability reports based on hands-on labs and real-world exploitation scenarios.
The focus is on understanding how common web vulnerabilities work in practice, especially in the context of authentication, API behavior, and request manipulation.
- Server-side vulnerability analysis (SSPP, logic flaws)
- API-related security issues
- Authentication and authorization weaknesses
- Step-by-step exploitation reports based on controlled lab environments
The goal of this repository is to document and reinforce practical understanding of web application security by:
- Analyzing how vulnerabilities occur at the request/response level
- Understanding backend behavior and trust boundaries
- Practicing structured vulnerability reporting
--
- Server-side Parameter Pollution in Password Reset Functionality
β Exploitation leading to administrator account takeover via backend parameter manipulation
All testing and exploitation is performed in legal, controlled lab environments designed for security learning and education.
- Web application security fundamentals
- API security testing
- Logical flaws in backend systems
- Manual vulnerability discovery techniques