Etiqueta: Apprentice

Authentication bypass via information disclosure

Source code disclosure via backup files

Information disclosure on debug page

Information disclosure in error messages

Reflected XSS into a JavaScript string with angle brackets HTML encoded

Clickjacking with a frame buster script

Clickjacking with form input data prefilled from a URL parameter

Basic clickjacking with CSRF token protection

Insecure direct object references

User ID controlled by request parameter with password disclosure