#HackTheH00d

Some developers mess up
and put their functions on the front,
Forgetting it be hackers just like us who like to hunt.

I put the hack to poetry
they tell me it’s not literal,
so let’s attack a type of vuln
that’s known as critical.

Injection….

No matter how rational it may seem to seek other sources of training while attempting to accomplish the above task, save yourself the time and don’t. You will become the very definition of Scope Creep!

It should never be
be accessible,
But did the dev
try to hide it in an uncommon location?
Is the question though.

With TCM, the real learning took place “within the exam itself“. The best I can come to describing what I mean by that is comparing it to OJT- On The Job training. I was able to learn “how” to become a web application penetration tester “while on” a web application engagement for a client.

Right now
your pulse is low,
but you’ll be racing
in a second
Cause trying to find a bug is getting hectic.

If our functions
are not coded
with
security in mind,
Attackers can manipulate
parameters to find

content
of a local file
that is hosted on the server,
We’re scoping L-F-I
vulnerabilities to merger.

It’s repercussions,
Here on X cause half these follows
Be bots,
That’s why most hackers,
Chose to follow those
Who prove that they not.

Let’s get some information,
About the Cats Facts
A P I,

Some devs be thinking
they can stop this hacking
so they try.

Identify the weaknesses
before they reach production,
Cause IDOR vulnerabilities
Don’t need no introduction.

If a user somehow
can access the pages that’s restricted,
This may lead to the elevation
of that user’s privilege.