Portswigger Lab writeup archivos - Página 11 de 23

Exploiting vulnerabilities in LLM APIs writeup

Descripción This lab contains an OS command injection vulnerability that can be exploited via its APIs. You can call these APIs via the LLM. To solve the lab, delete the morale.txt file from Carlos’ home directory. Required knowledgeTo solve this lab, you’ll need to know: For more information, see our OS command injection topic. Exploiting […]

JWT authentication bypass via flawed signature verification

Descripción This lab uses a JWT-based mechanism for handling sessions. The server is insecurely configured to accept unsigned JWTs. To solve the lab, modify your session token to gain access to the admin panel at /admin, then delete the user carlos. You can log in to your own account using the following credentials: wiener:peter JWT authentication bypass via […]

JWT authentication bypass via unverified signature

Descripción This lab uses a JWT-based mechanism for handling sessions. Due to implementation flaws, the server doesn’t verify the signature of any JWTs that it receives. To solve the lab, modify your session token to gain access to the admin panel at /admin, then delete the user carlos. You can log in to your own account using […]

Exploiting cross-site scripting to capture passwords

Descripción This lab contains a stored XSS vulnerability in the blog comments function. A simulated victim user views all comments after they are posted. To solve the lab, exploit the vulnerability to exfiltrate the victim’s username and password then use these credentials to log in to the victim’s account. Exploiting cross-site scripting to capture passwords […]

DOM-based open redirection

Descripción This lab contains a DOM-based open-redirection vulnerability. To solve this lab, exploit this vulnerability and redirect the victim to the exploit server. DOM-based open redirection writeup Al entrar al laboratorio veremos un blog. En cualquiera de sus entradas, si examinamos su código fuente con Ctrl + U o Click derecho ->Ver código fuente de […]

Reflected XSS into a template literal with angle brackets, single, double quotes, backslash and backticks Unicode-escaped

Descripción This lab contains a reflected cross-site scripting vulnerability in the search blog functionality. The reflection occurs inside a template string with angle brackets, single, and double quotes HTML encoded, and backticks escaped. To solve this lab, perform a cross-site scripting attack that calls the alert function inside the template string. Reflected XSS into a template literal […]

Stored XSS into onclick event with angle brackets and double quotes HTML-encoded and single quotes and backslash escaped

Descripción This lab contains a stored cross-site scripting vulnerability in the comment functionality. To solve this lab, submit a comment that calls the alert function when the comment author name is clicked. Stored XSS into onclick event with angle brackets and double quotes HTML-encoded and single quotes and backslash escaped writeup Al entrar en el laboratorio veremos un Blog. […]

Blind OS command injection with out-of-band data exfiltration

Descripción This lab contains a blind OS command injection vulnerability in the feedback function. The application executes a shell command containing the user-supplied details. The command is executed asynchronously and has no effect on the application’s response. It is not possible to redirect output into a location that you can access. However, you can trigger […]

Blind OS command injection with out-of-band interaction