Web Hacking Advanced - Server-Side

10.0

(1)

Tier 2 Medium Skill Path Web Hacking

Learn advanced server-side web hacking techniques, and analyze/exploit vulnerabilities commonly found in real-world services. This Path is designed for those seeking to enhance their server-side security skills.

21 hours read

20 courses

5 Labs

9 challenges

7 quizzes

Medium, Medium

Contains machine-translated lectures

0% Completed Total 0 completed

Lecture 0 /20

Excluded

Wargame 0 /9

Quiz 0 /7

You can access locked objectives by upgrading your plan or purchasing the units separately.

The Lab is a practice and is not included in the overall progress.

Why It's Worth Your Time

Behind the web services we use daily, web servers process data and deliver content to users. Security vulnerabilities on the server-side can lead to severe incidents like authentication bypass, data breaches, and system compromises. This Path dives deeper into real-world techniques such as Blind SQL Injection, NoSQL Injection, Command Injection, and file upload vulnerabilities. Through hands-on exercises beyond theory, you will build practical web hacking skills for real-world scenarios.

Topics Covered

Blind SQL Injection: Error-based and Time-based techniques
DBMS Fingerprinting techniques
NoSQL Injection in MongoDB, CouchDB, and Redis
WAF bypass and web security filter bypass
Command Injection analysis in Windows and Linux environments
File upload/download vulnerabilities and .htaccess exploitation

Recommended For

Aspiring white-hat hackers, security consultants, and bug bounty hunters
Those aiming to master server-side web hacking techniques
CTF players targeting advanced server-side challenges

Prerequisite Knowledge

Strong understanding of web hacking basics
Basic Linux usage skills
Basic knowledge of web application architecture
Basic HTML knowledge
Basic JavaScript knowledge
Basic SQL knowledge

Unit Composition

Total 5 units

1

SQL Injection Advanced

9.5
(4)

Tier 2 Medium

700 Coin

SQL Injection Advanced

9.5
(4)

700 Coin

Tier 2 Medium

Explore advanced SQL Injection techniques and WAF (Web Application Firewall) bypass strategies.

6 courses 6

1 Labs 1

1 quizzes 1

4 challenges 4

Blind SQL Injection Advanced

[WHA-S] ExploitTech: Blind SQL Injection Advanced

Error & Time based SQL Injection

[WHA-S] ExploitTech: Error & Time based SQL Injection

[Exercise] Blind SQL Injection Advanced

[WHA-S] Exercise: Blind SQL Injection Advanced

blind sql injection advanced

[Self-practice] Error & Time based Injection

error based sql injection

Bypass WAF

[WHA-S] ExploitTech: Bypass WAF

Lab: WAF Bypass

Pro

DBMS Misconfiguration

[WHA-S] Exploit Tech: DBMS Misconfiguration

Quiz: DBMS Misconfiguration

[Exercise] Bypass WAF

[WHA-S] Exercise: Bypass WAF

sql injection bypass WAF

[Self-practice] Bypass WAF Advanced

sql injection bypass WAF Advanced
2

SQL Injection Advanced - Fingerprinting

9.7
(35)

Tier 0 Medium

SQL Injection Advanced - Fingerprinting

9.7
(35)

Tier 0 Medium

Explore SQL Injection techniques for database fingerprinting and information gathering.

2 courses 2

2 quizzes 2

System Table Fingerprinting

[WHA-S] ExploitTech: System Table Fingerprinting

Quiz: System Table Fingerprinting

DBMS Fingerprinting

[WHA-S] ExploitTech: DBMS Fingerprinting

Quiz: DBMS Fingerprinting
3

NoSQL Injection Advanced

10.0
(1)

Tier 2 Medium

500 Coin

NoSQL Injection Advanced

10.0
(1)

500 Coin

Tier 2 Medium

Learn in depth about security vulnerabilities and attack techniques targeting various NoSQL databases.

4 courses 4

3 Labs 3

1 quizzes 1

2 challenges 2

CouchDB

[WHA-S] ExploitTech: CouchDBMS

MongoDB

[WHA-S] ExploitTech: MongoDB DBMS

Lab: MongoDB Injection

Pro

Lab: MongoDB Blind Injection

Pro

Quiz: MongoDB DBMS

Redis

[WHA-S] ExploitTech: Redis DBMS

Lab: Redis

Pro

[Exercise] CouchDB

[WHA-S] Exercise: CouchDB

NoSQL-CouchDB

[Self-practice] Redis

phpMyRedis
4

Command Injection Advanced - Web Servers

9.8
(8)

Tier 2 Medium

250 Coin

Command Injection Advanced - Web Servers

9.8
(8)

250 Coin

Tier 2 Medium

Explore command injection vulnerabilities and attack techniques across various environments.

4 courses 4

1 Labs 1

1 quizzes 1

1 challenges 1

Command Injection for Linux

[WHA-S] ExploitTech: Command Injection for Linux

Command Injection for Windows

[WHA-S] Background: Command Injection for Windows

Quiz: Command Injection for Windows

Command Injection Vulnerability Cases

[WHA-S] ExploitTech: Command Injection Vulnerability cases

Lab: PHP escapeshellcmd Command Injection

Pro

[Exercise] Command Injection Advanced

[WHA-S] Exercise: Command Injection Advanced

Command Injection Advanced
5

File Vulnerability Advanced - Web Servers

9.0
(1)

Tier 2 Medium

650 Coin

File Vulnerability Advanced - Web Servers

9.0
(1)

650 Coin

Tier 2 Medium

Learn about file upload/download vulnerabilities across various environments and how to exploit them.

4 courses 4

2 quizzes 2

2 challenges 2

File Vulnerabilities for Windows

[WHA-S] Background: File Vulnerabilities for Windows

Quiz: File Vulnerabilities for Windows

File Vulnerabilities for Linux

[WHA-S] Background: File Vulnerabilities for Linux

Quiz: File Vulnerabilities for Linux

File Vulnerability Cases

[WHA-S] ExploitTech: File Vulnerability cases

[Exercise] File Vulnerability Advanced

[WHA-S] Exercise: File Vulnerability Advanced

File Vulnerability Advanced for linux

[Self-practice] Apache htaccess

Apache htaccess

Reviews

10.0 (1)

Hands-on experience

드림핵을 시작하기전에는 단순히 웹 개발 지식만 있는 상태였는데 web 보안 커리큘럼을 듣고서 시큐어 코딩 능력도 향상 시킬 수 있어서 좋았습니다.