corben.io

corben.io


infosec write-ups and ramblings

Tags


Corben Leo

infosec write-ups and ramblings


A Simple SQL Injection in an Air Force Website

Information is key. What sort of information could be in an Air Force Database? Who would get hurt by that data? Who would it benefit? In 2017, 17-year-old me easily gained access to an Air Force database. Back then, I practiced in the DoD's Vulnerability Disclosure Program (VDP). I was looking at…

Corben Leo Corben Leo

A Fun SSRF through a Headless Browser

I found a Server-Side Request Forgery in March 2022 (well, more than one luckily)! But let's talk about the coolest one. So you can learn. I don't like talking about bounty amounts. (It's ok if you do, we all get excited) Instead, I'll show you how I found it: The scope of this program was *.███.…

Corben Leo Corben Leo

Learn to Hack Web Apps

So you want to learn to hack. Want to participate in bug bounty? No problem. Here's a roadmap to follow so you can learn web hacking. Just remember: "Enduring growth cannot be achieved without a commitment to process"Learn to love the process of learning and bettering yourself. Take time to underst…

Corben Leo Corben Leo