broken-access-control

SessionProbe is a multi-threaded tool designed for penetration testing and bug bounty hunting. It evaluates user privileges in web applications by taking a session token and checking access across a list of URLs, highlighting potential authorization issues.

🧿 AutorizePro是一款强大越权检测 Burp 插件，通过增加 AI 辅助分析 && 进一步优化检测逻辑，大幅降低误报率，提升越权漏洞检出效率。 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding Ai-assisted analysis, it significantly reduces the false positive rate and improves the efficiency of vulnerability detection.

CVE-2023-22515: Confluence Broken Access Control Exploit

CVE-2023-22515

Web Application Penetration Tester (WAPT) Notes

This repository contains OWASP Top 10 CTF challenges designed to test your skills in web application security. Each category includes both "easy" and "hard" challenges.

Bachelor’s Work - WEB programming

Fixing an Insecure Blog Application.

WARNING: This is a vulnerable application to test the exploit for the Jetpack < 13.9.1 broken access control (CVE-2024-9926). Run it at your own risk!

Django website with intentional security flaws and their fixes to demonstrate vulnerabilities commonly found in web applications. Flaws include SQL injection, broken access control, SSRF, security misconfiguration, and CSRF.

Project in Django Python on theme Security vulnerabilites - Sensitive data exposure, Broken Access Control.

Bachelor’s Work - WEB programming

Script que permite obtener la información de estudiantes y la sesion de un usuario en el portal de la universidad. Ademas de poder inyectar codigo SQL en una cookie en la base de datos de la universidad.

VulnWeb - Learn & Fix Common Security Flaws

Curso de OWASP Top 10: de Injections a monitoramento.

Aplicación web desarrollada para asignatura Seguridad en Sistemas Computacionales