Categoría: Portswigger Lab writeup

SQL injection attack, querying the database type and version on MySQL and Microsoft

Descripción This lab contains a SQL injection vulnerability in the product category filter. You can use a UNION attack to retrieve the results from an injected query. To solve the lab, display the database version string. SQL injection attack, querying the database type and version on MySQL and Microsoft writeup Este laboratorio deberemos de resolverlo […]

SQL injection attack, querying the database type and version on Oracle

Descripción This lab contains a SQL injection vulnerability in the product category filter. You can use a UNION attack to retrieve the results from an injected query. To solve the lab, display the database version string. SQL injection attack, querying the database type and version on Oracle writeup Este laboratorio deberemos de resolverlo en cuatro […]

Exploiting XSS to bypass CSRF defenses

Descripción This lab contains a stored XSS vulnerability in the blog comments function. To solve the lab, exploit the vulnerability to steal a CSRF token, which you can then use to change the email address of someone who views the blog post comments. You can log in to your own account using the following credentials: wiener:peter […]

Reflected XSS into a JavaScript string with angle brackets and double quotes HTML-encoded and single quotes escaped

Descripción This lab contains a reflected cross-site scripting vulnerability in the search query tracking functionality where angle brackets and double are HTML encoded and single quotes are escaped. To solve this lab, perform a cross-site scripting attack that breaks out of the JavaScript string and calls the alert function. Reflected XSS into a JavaScript string with angle […]

Reflected XSS into a JavaScript string with single quote and backslash escaped

Descripción This lab contains a reflected cross-site scripting vulnerability in the search query tracking functionality. The reflection occurs inside a JavaScript string with single quotes and backslashes escaped. To solve this lab, perform a cross-site scripting attack that breaks out of the JavaScript string and calls the alert function. Reflected XSS into a JavaScript string with single […]

Reflected XSS in canonical link tag

Descripción This lab reflects user input in a canonical link tag and escapes angle brackets. To solve the lab, perform a cross-site scripting attack on the home page that injects an attribute that calls the alert function. To assist with your exploit, you can assume that the simulated user will press the following key combinations: Please note […]

Reflected XSS with some SVG markup allowed

Descripción This lab has a simple reflected XSS vulnerability. The site is blocking common tags but misses some SVG tags and events. To solve the lab, perform a cross-site scripting attack that calls the alert() function. Reflected XSS with some SVG markup allowed writeup Este laboratorio se resuelve de la misma forma que el laboratorio anterior (Reflected […]

Reflected XSS into HTML context with all tags blocked except custom ones

Descripción This lab blocks all HTML tags except custom ones. To solve the lab, perform a cross-site scripting attack that injects a custom tag and automatically alerts document.cookie. Reflected XSS into HTML context with all tags blocked except custom ones writeup HTML5 tiene varias etiquetas predefinidas (h1, p, script), pero también da la posibilidad de crear […]

Reflected XSS into HTML context with most tags and attributes blocked

Descripción This lab contains a reflected XSS vulnerability in the search functionality but uses a web application firewall (WAF) to protect against common XSS vectors. To solve the lab, perform a cross-site scripting attack that bypasses the WAF and calls the print() function. Reflected XSS into HTML context with most tags and attributes blocked writeup Al entrar […]

Stored DOM XSS

Descripción This lab demonstrates a stored DOM vulnerability in the blog comment functionality. To solve this lab, exploit this vulnerability to call the alert() function. Stored DOM XSS writeup Al entrar en ele laboratorio veremos un blog. Al entrar en un post hay un formulario para poder enviar comentarios. Aquí estará la vulnerabilidad XSS. Explorando el código […]