secDevLabs
secDevLabs copied to clipboard
globocom
A laboratory for learning secure web and mobile development in a practical manner.
What are the steps to reproduce this bug? ------------------------------------------- 1. All instructions for the implementation and deployment of the application were followed. 2. When entering http://localhost:10005/login and clicking on the...
## This solution refers to which of the apps? A5 - vinijr-blog ## What did you do to mitigate the vulnerability? I removed external entities flags
For this solution, bcrypt was used to encrypt the user's password before storing it in the database. Since tcpdump was still capturing passwords, I noticed that the front-end requests were...
## This solution refers to which of the apps? A3 - Copy n Paste ## What did you do to mitigate the vulnerability? I replaced the **string concatenation** approach used...
## This solution refers to which of the apps? A3 - Mongection ## What did you do to mitigate the vulnerability? I transformed user inputs into strings. ## Did you...
## This solution refers to which of the apps? A3 - SSType ## What did you do to mitigate the vulnerability? Replaced 'NAMEHERE' with '{{ name }}' in the template...
## This solution refers to which of the apps? A3 - Gossip World ## What did you do to mitigate the vulnerability? I mitigated the XSS vulnerability by sanitizing user...
## This solution refers to which of the apps? A/M# - Broken Access Token - A1 - TicTacToe ## What did you do to mitigate the vulnerability? The SecDevLab reports...
Fixes #588 Fixes #587 ## This solution refers to which of the apps? Multiple apps - fixing documentation links and docker-compose naming across the repository. ## What did you do...
# - INSECURE FILE UPLOAD ## Summary Added a new PHP teaching scenario that demonstrates an Unrestricted File Upload vulnerability that occasionally leads to Remote Code Execution (RCE). The goal...
