BestHub
Sign in
Tag

API enumeration

1 views collected around this technical thread.

Java Architect Essentials
Java Architect Essentials
Feb 21, 2024 · Information Security

Student Information Leakage via Unauthenticated API in a University System

The article details a security case where an unauthenticated university API allowed an attacker to enumerate and download thousands of students' personal data by manipulating pagination parameters after discovering default credentials from a leaked PDF.

API enumerationVulnerability Analysisdata leakage
0 likes · 7 min read
Student Information Leakage via Unauthenticated API in a University System
Top Architect
Top Architect
Jan 19, 2022 · Information Security

Penetration Testing Walkthrough: Bypassing Invitation Code and Accessing the Backend of a Mobile App

This article details a step‑by‑step penetration testing process where the author captures network traffic from a mobile app, enumerates hidden API endpoints, exploits injection flaws to retrieve backend credentials, examines upload validation, and ultimately gains admin access while highlighting the challenges faced.

API enumerationSQL injectioninformation security
0 likes · 7 min read
Penetration Testing Walkthrough: Bypassing Invitation Code and Accessing the Backend of a Mobile App