I'm going to keep this plain and simple and hopefully teach others some interesting things when it comes to testing websites. I'll be discussing each of the vuln types I report along with interesting bypasses, as well as areas people soemtimes miss.
Questions? tweet me @zseano
Open url redirects are always considered as "low impact", but can we really turn an open url redirect into a $2500 payout? Let's dive in to the world of open url redirects and everything about them.
IDOR's (Insecure Direct Object Reference) are everywhere if you know where to look. In this tutorial we discuss various areas i've found them and what to do when you think you've found one.