Summary Accessing port 80 revealed website shoppy.htb. By brute-forcing website, I discovered login page which proved to be vulnerable to NoSQL Injection. I was able to bypass authentication and...

Summary While testing functionalities of application on port 80, I discovered that country parameter is vulnerable to SQL Injection. I was able to determine specific number of columns in the tab...

Reconnaissance Nmap Enumeration Port 21 (FTP) Port 22 (SSH) Port 25 (SMTP) Port 53 (DNS) Port 80-443 (HTTP-HTTPS) Port 111 (RPCB...