Skip to content

Resources and exploits made for OSWE preparation.

Notifications You must be signed in to change notification settings

Xcatolin/OSWE-Prep

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

70 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Thumbnail

Offensive Security Web Expert (OSWE)

Advanced Web Attacks and exploitation (WEB-300) is an advanced web application security course that teaches the skills needed to conduct white box web app penetration tests. Learners who complete the course and pass the exam earn the OffSec Web Expert (OSWE) certification and will demonstrate mastery in exploiting front-facing web apps.

Official guides and information

Local Labs Setup

Personal Progress

  • ATutor LMS
    • Authentication Bypass via Blind SQL Injection
    • Authentication Bypass via PHP Type Juggling
    • Remote Code Execution via File Upload
  • ManageEngine Applications Manager
    • PostgreSQL Authentication Bypass and Remote Code Execution
  • Bassmaster NodeJS
    • Remote Code Execution via Arbitrary JavaScript Injection
  • DotNetNuke
    • Remote Code Execution via Deserialization
  • ERPNext
    • Authentication Bypass via SQL Injection
    • Remote Code Execution via Server-Side Template Injection
  • openCRX
    • Authentication Bypass via Weak Random Generator
  • openITCOCKPIT
    • Remote Code Execution via WebSocket Command Injection
  • Concord
    • Authentication Bypass via Permissive CORS and CSRF
    • Authentication Bypass via Insecure Defaults
  • Guacamole Lite
    • Prototype Pollution
  • TUDO
    • Authentication Bypass via Blind SQL Injection
    • Authentication Bypass via Weak Random Generator
    • Privilege Escalation via Cross-Site Scripting (XSS)
    • Remote Code Execution via PHP Object Injection
    • Remote Code Execution via File Upload + Filters Bypass
    • Remote Code Execution via PostgreSQL
    • Remote Code Execution via Server-Side Template Injection

About

Resources and exploits made for OSWE preparation.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published