Share
## https://sploitus.com/exploit?id=61F7B552-C119-5B24-9A78-F5AFB58682A6
# Web Application Pentesting Cases

Practical web application security case studies demonstrating real-world vulnerability discovery, exploitation, impact analysis, and remediation.

This repository contains hands-on pentesting exercises including vulnerability discovery, exploitation, impact analysis, and remediation recommendations.

The goal of this repository is to demonstrate practical web security skills used in bug bounty hunting and penetration testing.

---

# Covered Vulnerabilities

| Vulnerability | Description |
|---|---|
| IDOR | Insecure Direct Object Reference and access control bypass |
| Business Logic | Logic flaws allowing unauthorized actions |
| File Upload | Unrestricted file upload leading to Remote Code Execution |
| XSS | Cross-Site Scripting vulnerabilities |
| SSRF | Server-Side Request Forgery vulnerability |

---

# Repository Structure
web-pentest-cases
โ”‚
โ”œโ”€โ”€ file-upload-rce
โ”‚   โ””โ”€โ”€ report.md

โ”œโ”€โ”€ idor-business-logic
โ”‚   โ””โ”€โ”€ report.md

โ”œโ”€โ”€ xss
โ”‚   โ””โ”€โ”€ report.md

โ”œโ”€โ”€ ssrf
โ”‚   โ””โ”€โ”€ report.md
---

# Example Case

Example vulnerability included in this repository:

**Unrestricted File Upload โ†’ Remote Code Execution**

Attack flow:

1. Discover upload endpoint
2. Upload malicious PHP file
3. Execute commands on the server
4. Demonstrate full server compromise

Example payload:

Example exploitation:
/uploads/shell.php?cmd=id
---

# Tools Used

Common tools used during testing:

- Burp Suite
- curl
- ffuf
- gobuster
- Browser DevTools
- Custom reconnaissance scripts

---

# Disclaimer

All testing was performed in controlled lab environments created for educational purposes.