Categoría: Portswigger Lab writeup

Excessive trust in client-side controls

Descripción This lab doesn’t adequately validate user input. You can exploit a logic flaw in its purchasing workflow to buy items for an unintended price. To solve the lab, buy a «Lightweight l33t leather jacket». You can log in to your own account using the following credentials: wiener:peter Excessive trust in client-side controls writeup Entramos en […]

Visible error-based SQL injection

Descripción This lab contains a SQL injection vulnerability. The application uses a tracking cookie for analytics, and performs a SQL query containing the value of the submitted cookie. The results of the SQL query are not returned. The database contains a different table called users, with columns called username and password. To solve the lab, find a way to […]

CSRF where token validation depends on token being present

Descripción This lab’s email change functionality is vulnerable to CSRF. To solve the lab, use your exploit server to host an HTML page that uses a CSRF attack to change the viewer’s email address. You can log in to your own account using the following credentials: wiener:peter CSRF where token validation depends on token being present […]

Information disclosure in version control history

Descripción This lab discloses sensitive information via its version control history. To solve the lab, obtain the password for the administrator user then log in and delete the user carlos. Information disclosure in version control history writeup Como nos habla de un control de versiones, lo primero que haremos es entrar en ‘./git’ en la aplicación. Allí encontraremos […]

Authentication bypass via information disclosure

Descripción This lab’s administration interface has an authentication bypass vulnerability, but it is impractical to exploit without knowledge of a custom HTTP header used by the front-end. To solve the lab, obtain the header name then use it to bypass the lab’s authentication. Access the admin interface and delete the user carlos. You can log in […]

Source code disclosure via backup files

Descripción This lab leaks its source code via backup files in a hidden directory. To solve the lab, identify and submit the database password, which is hard-coded in the leaked source code. Source code disclosure via backup files writeup Al entrar encontraremos una tienda online. Añadiendo a la URL ‘/backup’ encontraremos el siguiente archivo: Dentro […]

Information disclosure on debug page

Descripción This lab contains a debug page that discloses sensitive information about the application. To solve the lab, obtain and submit the SECRET_KEY environment variable. Information disclosure on debug page writeup Al entrar encontraremos una tienda online. Buscando en su código fuente con Ctrl + U o Click derecho -> Ver código fuente de la página, encontramos […]

Information disclosure in error messages

Descripción This lab’s verbose error messages reveal that it is using a vulnerable version of a third-party framework. To solve the lab, obtain and submit the version number of this framework. Information disclosure in error messages writeup Al entrar veremos una tienda online. Para provocar un error, iremos a cualquier producto y veremos que se […]

SQL injection attack, listing the database contents on Oracle

Descripción This lab contains a SQL injection vulnerability in the product category filter. The results from the query are returned in the application’s response so you can use a UNION attack to retrieve data from other tables. The application has a login function, and the database contains a table that holds usernames and passwords. You […]

SQL injection attack, listing the database contents on non-Oracle databases

Descripción This lab contains a SQL injection vulnerability in the product category filter. The results from the query are returned in the application’s response so you can use a UNION attack to retrieve data from other tables. The application has a login function, and the database contains a table that holds usernames and passwords. You […]