Categoría: Portswigger Lab writeup

Web cache poisoning with multiple headers

Descripción This lab contains a web cache poisoning vulnerability that is only exploitable when you use multiple headers to craft a malicious request. A user visits the home page roughly once a minute. To solve this lab, poison the cache with a response that executes alert(document.cookie) in the visitor’s browser. Web cache poisoning with multiple headers writeup […]

Web cache poisoning with an unkeyed cookie

Descripción This lab is vulnerable to web cache poisoning because cookies aren’t included in the cache key. An unsuspecting user regularly visits the site’s home page. To solve this lab, poison the cache with a response that executes alert(1) in the visitor’s browser. Web cache poisoning with an unkeyed cookie writeup Este laboratorio es muy similar al […]

Web cache poisoning with an unkeyed header

Descripción This lab is vulnerable to web cache poisoning because it handles input from an unkeyed header in an unsafe way. An unsuspecting user regularly visits the site’s home page. To solve this lab, poison the cache with a response that executes alert(document.cookie) in the visitor’s browser. Web cache poisoning with an unkeyed header writeup En el […]

Remote code execution via server-side prototype pollution

Descripción This lab is built on Node.js and the Express framework. It is vulnerable to server-side prototype pollution because it unsafely merges user-controllable input into a server-side JavaScript object. Due to the configuration of the server, it’s possible to pollute Object.prototype in such a way that you can inject arbitrary system commands that are subsequently executed on […]

Bypassing flawed input filters for server-side prototype pollution

Descripción This lab is built on Node.js and the Express framework. It is vulnerable to server-side prototype pollution because it unsafely merges user-controllable input into a server-side JavaScript object. To solve the lab: You can log in to your own account with the following credentials: wiener:peter Bypassing flawed input filters for server-side prototype pollution writeup Este […]

Detecting server-side prototype pollution without polluted property reflection

Descripción This lab is vulnerable to DOM XSS via client-side prototype pollution. This is due to a gadget in a third-party liThis lab is built on Node.js and the Express framework. It is vulnerable to server-side prototype pollution because it unsafely merges user-controllable input into a server-side JavaScript object. To solve the lab, confirm the […]

Privilege escalation via server-side prototype pollution

Descripción This lab is vulnerable to DOM XSS via client-side prototype pollution. This is due to a gadget in a third-party library, which is easy to miss due to the minified source code. Although it’s technically possible to This lab is built on Node.js and the Express framework. It is vulnerable to server-side prototype pollution […]

Client-side prototype pollution in third-party libraries

Descripción This lab is vulnerable to DOM XSS via client-side prototype pollution. This is due to a gadget in a third-party library, which is easy to miss due to the minified source code. Although it’s technically possible to solve this lab manually, we recommend using DOM Invader as this will save you a considerable amount of time […]

Client-side prototype pollution via flawed sanitization

Descripción This lab is vulnerable to DOM XSS via client-side prototype pollution. Although the developers have implemented measures to prevent prototype pollution, these can be easily bypassed. To solve the lab: Client-side prototype pollution via flawed sanitization writeup Este laboratorio es muy similar al anterior (DOM XSS via client-side prototype pollution). Realizaremos este laboratorio de […]

DOM XSS via an alternative prototype pollution vector

Descripción This lab is vulnerable to DOM XSS via client-side prototype pollution. To solve the lab: You can solve this lab manually in your browser, or use DOM Invader to help you. DOM XSS via an alternative prototype pollution vector writeup Este laboratorio es muy similar al anterior (DOM XSS via client-side prototype pollution). Realizaremos este laboratorio […]