API on Medusa0xf

API on Medusa0xf https://medusa0xf.com/tags/api/ Recent content in API on Medusa0xf Hugo -- gohugo.io en © 2026 Medusa0xf Thu, 05 Dec 2024 19:43:35 +0100 Bypassing Rate Limit in GraphQL https://medusa0xf.com/posts/bypassing-rate-limit-in-graphql/ Thu, 05 Dec 2024 19:43:35 +0100 https://medusa0xf.com/posts/bypassing-rate-limit-in-graphql/ What is GraphQL? Exploiting insecure output handling in LLMs https://medusa0xf.com/posts/exploiting-insecure-output-handling-in-llms/ Sun, 21 Jul 2024 12:42:00 +0100 https://medusa0xf.com/posts/exploiting-insecure-output-handling-in-llms/ Introduction # In the previous blog, I discussed indirect prompt injection and its potential applications. Indirect prompt injection https://medusa0xf.com/posts/indirect-prompt-injection/ Sun, 14 Jul 2024 12:04:37 +0100 https://medusa0xf.com/posts/indirect-prompt-injection/ Learn about the risks and techniques of indirect prompt injection in Large Language Models (LLMs). Exploiting vulnerabilities in LLM APIs https://medusa0xf.com/posts/exploiting-vulnerabilities-in-llm-apis/ Sat, 29 Jun 2024 22:34:07 +0100 https://medusa0xf.com/posts/exploiting-vulnerabilities-in-llm-apis/ What is OS command injection? Exploiting LLM APIs with excessive agency https://medusa0xf.com/posts/exploiting-llm-apis-with-excessive-agency/ Sat, 22 Jun 2024 23:04:07 +0100 https://medusa0xf.com/posts/exploiting-llm-apis-with-excessive-agency/ What is Excessive Agency in LLM API? What is LLM APIs and how they work? https://medusa0xf.com/posts/what-is-llm-apis-and-how-they-work/ Tue, 18 Jun 2024 15:04:37 +0100 https://medusa0xf.com/posts/what-is-llm-apis-and-how-they-work/ What is an LLM API? HTTP Parameter Pollution vs Mass Assignment https://medusa0xf.com/posts/http-parameter-pollution-vs-mass-assignment/ Tue, 04 Jun 2024 22:20:35 +0100 https://medusa0xf.com/posts/http-parameter-pollution-vs-mass-assignment/ In this blog, we are going to see the difference between HTTP parameter pollution and mass assignment. Understanding and Testing Authentication methods in REST API https://medusa0xf.com/posts/testing-auth-methods-in-rest-api/ Thu, 09 May 2024 21:21:37 +0100 https://medusa0xf.com/posts/testing-auth-methods-in-rest-api/ What is Authentication? API Basics: A Hacker's Starter Guide https://medusa0xf.com/posts/api-basics-hsg/ Thu, 21 Mar 2024 21:42:37 +0100 https://medusa0xf.com/posts/api-basics-hsg/ What is an API? Exploiting SQL Injection in Graphql | DVGA | https://medusa0xf.com/posts/sqli-in-graphql-dvga/ Sun, 17 Mar 2024 21:39:37 +0100 https://medusa0xf.com/posts/sqli-in-graphql-dvga/ This article covers exploiting SQL Injection manually in a Graphql Application. How to Discover API Subdomains? | API Hacking | https://medusa0xf.com/posts/api-subdomains/ Tue, 12 Mar 2024 22:05:37 +0100 https://medusa0xf.com/posts/api-subdomains/ How to Discover API Subdomains? Server Side Parameter Pollution in Rest API path parameter https://medusa0xf.com/posts/server-side-parameter-pollution/ Mon, 04 Mar 2024 11:50:00 +0001 https://medusa0xf.com/posts/server-side-parameter-pollution/ What is Server Side Parameter Pollution? How to Perform CSRF Attack in GraphQL https://medusa0xf.com/posts/csrf-in-graphql/ Tue, 16 Jan 2024 22:05:37 +0100 https://medusa0xf.com/posts/csrf-in-graphql/ What is a CSRF Attack? Broken Object Level Authorization Vs. Broken Functionality Level Authorization | API Hacking https://medusa0xf.com/posts/api-broken-auth/ Mon, 13 Jun 2022 20:55:37 +0100 https://medusa0xf.com/posts/api-broken-auth/ In this blog, we will explore two significant security vulnerabilities: Broken Object Level Authorization (BOLA) and Broken Functionality Level Authorization (BFLA) in APIs.