Road To Bounty: #2 July 2024 - Access control / XXE
Starting point
I was at 11% completions of the portswigger course.
Week 1
Did not start yet.
Week 2
I started back the course “Web Security Academy” by PortSwigger, at first I started by the “Access control vulnerabilities” section. I finished the section which got me around 17% completion of the course, this part was not that hard, but I learned a few things.
After that, I started the “XXE” section, I knew what was the XXE vulnerability, but I never really tried to exploit it, so I started by reading the XXE documentation.
Some labs required the use of burp collaborator, which is a paid feature of burp suite, so I had to skip them.
I spend around 2h30 on it, and I will continue next week.
Week 3
I dit not have much time this week, so I only spent around 1h00. I worked on the Information disclosure section.
Week 4
I got back on the XXE section, I finished the last lab I was able to do, and finished reading the documentation. Since XXE was new to me, I’m still not very comfortable with it, so later I think I will try to practice more on other websites.
After that I went back to the Information discolosure section. This was pretty simple since the labs title was pretty explicit, I just had to look where it was indicated. I still learned a few things.
This week I spent around 1h30 on the course and I’m now at 21% completion.
Conclusion
This was fun to get back on the cybersecurity domain, despite the fact that I did not have as much time as I wanted to spend on it. I’ll do better new month.