Etiqueta: Apprentice

Stored XSS into HTML context with nothing encoded

Descripción This lab contains a stored cross-site scripting vulnerability in the comment functionality. To solve this lab, submit a comment that calls the alert function when the blog post is viewed. Stored XSS into HTML context with nothing encoded writeup Al entrar al laboratorio nos encontramos con un blog. Dado que el título del laboratorio nos dice […]

Reflected XSS into HTML context with nothing encoded

Descripción This lab contains a simple reflected cross-site scripting vulnerability in the search functionality. To solve the lab, perform a cross-site scripting attack that calls the alert function. Reflected XSS into HTML context with nothing encoded writeup Al entrar al laboratorio nos encontramos con un blog y una barra de búsqueda, donde la descripción dice que tenemos […]

File path traversal, simple case

Descripción This lab contains a path traversal vulnerability in the display of product images. To solve the lab, retrieve the contents of the /etc/passwd file. File path traversal, simple case writeup Al iniciar el laboratorio encontraremos una tienda online: Dado que nos indican que la vulnerabilidad está en las imágenes, inspeccionamos una con el inspeccionador de elementos […]

Basic SSRF against the local server

Descripción This lab has a stock check feature which fetches data from an internal system. To solve the lab, change the stock check URL to access the admin interface at http://localhost/admin and delete the user carlos. Basic SSRF against the local server writeup Al iniciar el laboratorio encontraremos una tienda online: Vamos a buscar la funcionalidad de ‘stock […]

Accessing private GraphQL posts

Descripción The blog page for this lab contains a hidden blog post that has a secret password. To solve the lab, find the hidden blog post and enter the password. Learn more about Working with GraphQL in Burp Suite. Accessing private GraphQL posts writeup Al iniciar el laboratorio encontraremos un blog online: Podremos encontrar la petición […]

SQL injection vulnerability allowing login bypass

Descripción This lab contains a SQL injection vulnerability in the login function. To solve the lab, perform a SQL injection attack that logs in to the application as the administrator user. SQL injection vulnerability allowing login bypass writeup Al iniciar el laboratorio encontraremos una tienda online: Entrando en ‘My account’ podremos iniciar sesión: Dado que tenemos que […]

SQL injection vulnerability in WHERE clause allowing retrieval of hidden data

Descripción his lab contains a SQL injection vulnerability in the product category filter. When the user selects a category, the application carries out a SQL query like the following: SELECT * FROM products WHERE category = ‘Gifts’ AND released = 1 To solve the lab, perform a SQL injection attack that causes the application to […]

Web shell upload via Content-Type restriction bypass

Descripción This lab contains a vulnerable image upload function. It attempts to prevent users from uploading unexpected file types, but relies on checking user-controllable input to verify this. To solve the lab, upload a basic PHP web shell and use it to exfiltrate the contents of the file /home/carlos/secret. Submit this secret using the button […]

Remote code execution via web shell upload

Descripción This lab contains a vulnerable image upload function. It doesn’t perform any validation on the files users upload before storing them on the server’s filesystem. To solve the lab, upload a basic PHP web shell and use it to exfiltrate the contents of the file /home/carlos/secret. Submit this secret using the button provided in […]

Exploiting LLM APIs with excessive agency writeup

Descripción To solve the lab, use the LLM to delete the user carlos. Required knowledgeTo solve this lab, you’ll need to know: For more information, see our Web LLM attacks Academy topic. Exploiting LLM APIs with excessive agency writeup Entramos en el laboratorio y lo exploramos: En el apartado de «Live chat», le decimos a […]