Personal Website Github LinkedIn

Home
Blue Team Labs Online
bWAPP
Command Challenge
CryptoHack
- General
CSAW 2023
CTFLearn
CyberDefenders
DVWA
Ethernaut
- 00 - Hello Ethernaut
Exploit Education
- Protostar
Google CTF - Beginner's Quest
- 0000
- 1837
- 1943
- 1965
- 1987
- 1988
- 1989
- 1990
- 1994
Hacker101
- Postbook
LetsDefend
- DFIR
  - Phishing
    Email Analysis
    Phishing Email
Microcorruption
NetGarage IO
- level 1
- level 2
OverTheWire
- Bandit
PicoCTF
PortSwigger labs
- Client-side topics
  - Cross-site scripting (XSS)
    Reflected XSS into HTML context with nothing encoded
    Stored XSS into HTML context with nothing encoded
    DOM XSS in document.write sink using source location.search
    DOM XSS in innerHTML sink using source location.search
    DOM XSS in jQuery anchor href attribute sink using location.search source
    DOM XSS in jQuery selector sink using a hashchange event
    Reflected XSS into attribute with angle brackets HTML-encoded
    Stored XSS into anchor href attribute with double quotes HTML-encoded
- Server-side topics
Pwn College
pwanable.kr
- fd
- random
Root Me
ROP Emporium
- ret2win
- split
TryHackMe
- Easy
- Medium
Under The Wire
- Century
- Cyborg
W3Challs
- Web
  - Change your browser
Websec.fr

Powered by GitBook

On this page

SQL injection
Business logic vulnerabilities
Authentication vulnerabilities
Command Injection
Path Traversal
Server-side request forgery
Information disclosure
Access control
XXE injection

Was this helpful?

PortSwigger labs

Server-side topics

Last updated 1 year ago

Was this helpful?

SQL injection

Business logic vulnerabilities

Authentication vulnerabilities

Command Injection

Path Traversal

Server-side request forgery

Information disclosure

Access control

XXE injection

SQL injection vulnerability in WHERE clause allowing retrieval of hidden data

SQL injection vulnerability allowing login bypass

SQL injection attack, querying the database type and version on Oracle

SQL injection attack, querying the database type and version on MySQL and Microsoft

SQL injection attack, listing the database contents on non-Oracle databases

SQL injection attack, listing the database contents on Oracle

SQL injection UNION attack, determining the number of columns returned by the query

SQL injection UNION attack, finding a column containing text

SQL injection UNION attack, retrieving data from other tables

SQL injection UNION attack, retrieving multiple values in a single column

Excessive trust in client-side controls

High-level logic vulnerability

Inconsistent security controls

Flawed enforcement of business rules

Username enumeration via different responses

2FA simple bypass

Password reset broken logic

Username enumeration via subtly different responses

OS command injection, simple case

Blind OS command injection with time delays

Blind OS command injection with output redirection

File path traversal, simple case

File path traversal, traversal sequences blocked with absolute path bypass

File path traversal, traversal sequences stripped non-recursively

File path traversal, traversal sequences stripped with superfluous URL-decode

File path traversal, validation of start of path

File path traversal, validation of file extension with null byte bypass

Basic SSRF against the local server

Basic SSRF against another back-end system

SSRF with blacklist-based input filter

Information disclosure in error messages

Information disclosure on debug page

Source code disclosure via backup files

Authentication bypass via information disclosure

Unprotected admin functionality

Unprotected admin functionality with unpredictable URL

User role controlled by request parameter

User role can be modified in user profile

User ID controlled by request parameter

User ID controlled by request parameter, with unpredictable user IDs

User ID controlled by request parameter with data leakage in redirect

User ID controlled by request parameter with password disclosure

Insecure direct object references

URL-based access control can be circumvented

Method-based access control can be circumvented

Multi-step process with no access control on one step

Referer-based access control

Exploiting XXE using external entities to retrieve files

Exploiting XXE to perform SSRF attacks