Categoría: Portswigger Lab writeup

Blind SQL injection with conditional errors

Descripción This lab contains a blind SQL injection vulnerability. The application uses a tracking cookie for analytics, and performs a SQL query containing the value of the submitted cookie. The results of the SQL query are not returned, and the application does not respond any differently based on whether the query returns any rows. If […]

Blind SQL injection with conditional responses

Descripción This lab contains a blind SQL injection vulnerability. The application uses a tracking cookie for analytics, and performs a SQL query containing the value of the submitted cookie. The results of the SQL query are not returned, and no error messages are displayed. But the application includes a Welcome back message in the page if the […]

SQL injection UNION attack, retrieving multiple values in a single column

Descripción This lab contains a SQL injection vulnerability in the product category filter. The results from the query are returned in the application’s response so you can use a UNION attack to retrieve data from other tables. The database contains a different table called users, with columns called username and password. To solve the lab, perform a SQL injection […]

SQL injection UNION attack, retrieving data from other tables

Descripción This lab contains a SQL injection vulnerability in the product category filter. The results from the query are returned in the application’s response, so you can use a UNION attack to retrieve data from other tables. To construct such an attack, you need to combine some of the techniques you learned in previous labs. […]

SQL injection UNION attack, finding a column containing text

Descripción This lab contains a SQL injection vulnerability in the product category filter. The results from the query are returned in the application’s response, so you can use a UNION attack to retrieve data from other tables. To construct such an attack, you first need to determine the number of columns returned by the query. […]

SQL injection UNION attack, determining the number of columns returned by the query

Descripción This lab contains a SQL injection vulnerability in the product category filter. The results from the query are returned in the application’s response, so you can use a UNION attack to retrieve data from other tables. The first step of such an attack is to determine the number of columns that are being returned […]

User role controlled by request parameter

Descripción This lab has an admin panel at /admin, which identifies administrators using a forgeable cookie. Solve the lab by accessing the admin panel and using it to delete the user carlos. You can log in to your own account using the following credentials: wiener:peter User role controlled by request parameter writeup Al entrar en el laboratorio encontraremos […]

Unprotected admin functionality with unpredictable URL

Descripción This lab has an unprotected admin panel. It’s located at an unpredictable location, but the location is disclosed somewhere in the application. Solve the lab by accessing the admin panel, and using it to delete the user carlos. Unprotected admin functionality with unpredictable URL writeup Al entrar en la página web encontraremos una tienda online. […]

Unprotected admin functionality

Descripción This lab has an unprotected admin panel. Solve the lab by deleting the user carlos. Unprotected admin functionality writeup Al entrar encontraremos una tienda online. En principio, añadir ‘/admin’ a la URL no nos dará el panel de administrador, pero añadiendo ‘/robots.txt’ podremos ver lo siguiente: La página ‘/robots.txt’ se utiliza para decirle a los […]

SSRF with blacklist-based input filter

Descripción This lab has a stock check feature which fetches data from an internal system. To solve the lab, change the stock check URL to access the admin interface at http://localhost/admin and delete the user carlos. The developer has deployed two weak anti-SSRF defenses that you will need to bypass. SSRF with blacklist-based input filter writeup Al entrar […]