Categoría: Portswigger Lab writeup

Limit overrun race conditions

Descripción This lab’s purchasing flow contains a race condition that enables you to purchase items for an unintended price. To solve the lab, successfully purchase a Lightweight L33t Leather Jacket. You can log in to your account with the following credentials: wiener:peter. Limit overrun race conditions writeup Al iniciar el laboratorio encontraremos una tienda online. Nos registraremos […]

DOM XSS via client-side prototype pollution

Descripción This lab is vulnerable to DOM XSS via client-side prototype pollution. To solve the lab: You can solve this lab manually in your browser, or use DOM Invader to help you. DOM XSS via client-side prototype pollution writeup Realizaremos este laboratorio de forma manual, dividiéndolo en varios pasos: Encontrar dónde hacer el prototype pollution En la […]

Client-side prototype pollution via browser APIs

Descripción This lab is vulnerable to DOM XSS via client-side prototype pollution. The website’s developers have noticed a potential gadget and attempted to patch it. However, you can bypass the measures they’ve taken. To solve the lab: You can solve this lab manually in your browser, or use DOM Invader to help you. This lab is based […]

Activar DOM Invader y Prototype pollution

Primero, entramos en las extensiones del navegador de Burp Suite: Activamos el DOM invader: Y habilitamos el tipo de ataque de ‘Prototype pollution’:

Arbitrary object injection in PHP

Descripción This lab uses a serialization-based session mechanism and is vulnerable to arbitrary object injection as a result. To solve the lab, create and inject a malicious serialized object to delete the morale.txt file from Carlos’s home directory. You will need to obtain source code access to solve this lab. You can log in to your own […]

Using application functionality to exploit insecure deserialization

Descripción This lab uses a serialization-based session mechanism. A certain feature invokes a dangerous method on data provided in a serialized object. To solve the lab, edit the serialized object in the session cookie and use it to delete the morale.txt file from Carlos’s home directory. You can log in to your own account using the following […]

Modifying serialized data types

Descripción This lab uses a serialization-based session mechanism and is vulnerable to authentication bypass as a result. To solve the lab, edit the serialized object in the session cookie to access the administrator account. Then, delete the user carlos. You can log in to your own account using the following credentials: wiener:peter Modifying serialized data types writeup Iniciamos sesión […]

Modifying serialized objects

Descripción This lab uses a serialization-based session mechanism and is vulnerable to privilege escalation as a result. To solve the lab, edit the serialized object in the session cookie to exploit this vulnerability and gain administrative privileges. Then, delete the user carlos. You can log in to your own account using the following credentials: wiener:peter Modifying serialized […]

Host validation bypass via connection state attack

Descripción This lab is vulnerable to routing-based SSRF via the Host header. Although the front-end server may initially appear to perform robust validation of the Host header, it makes assumptions about all requests on a connection based on the first request it receives. To solve the lab, exploit this behavior to access an internal admin […]

SSRF via flawed request parsing

Descripción This lab is vulnerable to routing-based SSRF due to its flawed parsing of the request’s intended host. You can exploit this to access an insecure intranet admin panel located at an internal IP address. To solve the lab, access the internal admin panel located in the 192.168.0.0/24 range, then delete the user carlos. SSRF via flawed request […]