Categoría: Portswigger Lab writeup

Blind OS command injection with time delays

Descripción This lab contains a blind OS command injection vulnerability in the feedback function. The application executes a shell command containing the user-supplied details. The output from the command is not returned in the response. To solve the lab, exploit the blind OS command injection vulnerability to cause a 10 second delay. Blind OS command […]

CORS vulnerability with trusted null origin

Descripción This website has an insecure CORS configuration in that it trusts the «null» origin. To solve the lab, craft some JavaScript that uses CORS to retrieve the administrator’s API key and upload the code to your exploit server. The lab is solved when you successfully submit the administrator’s API key. You can log in […]

CORS vulnerability with basic origin reflection

Descripción This website has an insecure CORS configuration in that it trusts all origins. To solve the lab, craft some JavaScript that uses CORS to retrieve the administrator’s API key and upload the code to your exploit server. The lab is solved when you successfully submit the administrator’s API key. You can log in to […]

DOM-based cookie manipulation

Descripción This lab demonstrates DOM-based client-side cookie manipulation. To solve this lab, inject a cookie that will cause XSS on a different page and call the print() function. You will need to use the exploit server to direct the victim to the correct pages. DOM-based cookie manipulation writeup Al entrar veremos una tienda online. Al visitar un […]

DOM XSS using web messages and JSON.parse

Descripción This lab uses web messaging and parses the message as JSON. To solve the lab, construct an HTML page on the exploit server that exploits this vulnerability and calls the print() function. DOM XSS using web messages and JSON.parse writeup Al entrar al laboratorio y examinar su código fuente con Ctrl + U o Click derecho ->Ver […]

DOM XSS using web messages and a JavaScript URL

Descripción This lab demonstrates a DOM-based redirection vulnerability that is triggered by web messaging. To solve this lab, construct an HTML page on the exploit server that exploits this vulnerability and calls the print() function. DOM XSS using web messages writeup Al entrar al laboratorio y examinar su código fuente con Ctrl + U o Click derecho […]

DOM XSS using web messages

Descripción This lab demonstrates a simple web message vulnerability. To solve this lab, use the exploit server to post a message to the target site that causes the print() function to be called. DOM XSS using web messages writeup Al entrar al laboratorio y examinar su código fuente con Ctrl + U o Click derecho ->Ver código […]

SameSite Strict bypass via client-side redirect

Descripción This lab’s change email function is vulnerable to CSRF. To solve the lab, perform a CSRF attack that changes the victim’s email address. You should use the provided exploit server to host your attack. You can log in to your own account using the following credentials: wiener:peter SameSite Strict bypass via client-side redirect writeup Entraremos […]

SameSite Lax bypass via method override

Descripción This lab’s change email function is vulnerable to CSRF. To solve the lab, perform a CSRF attack that changes the victim’s email address. You should use the provided exploit server to host your attack. You can log in to your own account using the following credentials: wiener:peter SameSite Lax bypass via method override writeup Entraremos […]

CSRF where token is duplicated in cookie

Descripción This lab’s email change functionality is vulnerable to CSRF. It attempts to use the insecure «double submit» CSRF prevention technique. To solve the lab, use your exploit server to host an HTML page that uses a CSRF attack to change the viewer’s email address. You can log in to your own account using the […]