Blind OS command injection with time delaysLab(2): Blind OS command injection with time delaysLab Description →Oct 30, 2023Oct 30, 2023
Lab(1)OS command injection, simple caseLab(1): OS command injection, simple caseOct 30, 2023Oct 30, 2023
Access control vulnerabilities and privilege escalationAccess control vulnerabilities and…Access control is method by which a constraint is put on users of web application that if they can do a specific activity or not , or they…Oct 29, 20231Oct 29, 20231
Authentication : 2FA bypass using a brute-force attackLab Description : This lab’s two-factor authentication is vulnerable to brute-forcing. You have already obtained a valid username and…Oct 27, 2023Oct 27, 2023
Cross Site Request ForgeryCSRF is a type of attack in which victims do some malicious task on a victim authenticated web application on behalf of the attacker’s…Oct 27, 202314Oct 27, 202314
Server-side request forgery (SSRF) (PortswiggerServer-side request forgery (SSRF)Oct 26, 2023Oct 26, 2023
OAuth 2.0 authentication vulnerabilities()OAuth 2.0 authentication vulnerabilitiesOct 26, 2023Oct 26, 2023
Lab 12 (Authentication ): Password brute-force via password changeLab Description — This lab’s password change functionality makes it vulnerable to brute-force attacks. To solve the lab, use the list of…Oct 26, 2023Oct 26, 2023
Cross-site scripting Portswigger LabsAn attacker sneaks some code into a website , and if the input fields are not properly sanitized then it is possible that the website…Oct 26, 20234Oct 26, 20234
Portswigger Cross-origin resource sharing (CORS)CORS it’s a browser mechanism to control access over files located outside of the given domain .Oct 26, 20233Oct 26, 20233
Lab(6): File path traversal, validation of file extension with null byte bypassOct 26, 2023Oct 26, 2023
Lab(5): File path traversal, validation of start of pathLab description → This lab contains a file path traversal vulnerability in the display of product images.Oct 26, 2023Oct 26, 2023
Lab(4): File path traversal, traversal sequences stripped with superfluous URL-decodeLab description → This lab contains a file path traversal vulnerability in the display of product images.Oct 26, 20231Oct 26, 20231
Lab(3): File path traversal, traversal sequences stripped non-recursivelyLab description → This lab contains a file path traversal vulnerability in the display of product images.Oct 26, 20234Oct 26, 20234
Lab(2): File path traversal, traversal sequences blocked with absolute path bypassLab Description → This lab contains a file path traversal vulnerability in the display of product images.Oct 26, 20231Oct 26, 20231