Etiqueta: Apprentice

Reflected XSS into attribute with angle brackets HTML-encoded

DOM XSS in jQuery selector sink using a hashchange event

Web shell upload via obfuscated file extension

Manipulating WebSocket messages to exploit vulnerabilities

Basic SSRF against another back-end system

OS command injection, simple case

DOM XSS in jQuery anchor href attribute sink using location.search source

CSRF vulnerability with no defenses

DOM XSS in innerHTML sink using source location.search

DOM XSS in document.write sink using source location.search