PortSwigger7 年
What is OS command injection?
In this example, a shopping application lets the user view whether an item is in stock in a particular store. This information is accessed via a URL: https://insecure ...
PortSwigger4 年
Lab: CORS vulnerability with basic origin reflection
This website has an insecure CORS configuration in that it trusts all origins. To solve the lab, craft some JavaScript that uses CORS to retrieve the administrator's API key and upload the code to ...
PortSwigger4 年
Vulnerabilities in multi-factor authentication
In this section, we'll look at some of the vulnerabilities that can occur in multi-factor authentication mechanisms. We've also provided several interactive labs to demonstrate how you can exploit ...
PortSwigger4 年
Lab: Offline password cracking
This lab stores the user's password hash in a cookie. The lab also contains an XSS vulnerability in the comment functionality. To solve the lab, obtain Carlos's stay-logged-in cookie and use it to ...
PortSwigger5 年
Lab: SSRF with filter bypass via open redirection vulnerability
This lab has a stock check feature which fetches data from an internal system. To solve the lab, change the stock check URL to access the admin interface at http ...
PortSwigger4 年
Lab: Method-based access control can be circumvented
This lab implements access controls based partly on the HTTP method of requests. You can familiarize yourself with the admin panel by logging in using the credentials ...
PortSwigger7 年
DOM-based client-side JSON injection
In this section, we'll describe client-side JSON injection as related to the DOM, look at how damaging such an attack could be, and suggest ways to reduce your exposure to this kind of vulnerability.
PortSwigger5 年
Lab: SQL injection UNION attack, finding a column containing text
This lab contains a SQL injection vulnerability in the product category filter. The results from the query are returned in the application's response, so you can use a UNION attack to retrieve data ...
PortSwigger4 年
DOM clobbering
In this section, we will describe what DOM clobbering is, demonstrate how you can exploit DOM vulnerabilities using clobbering techniques, and suggest ways you can reduce your exposure to DOM ...
PortSwigger5 年
Lab: File path traversal, validation of file extension with null byte bypass
Launching labs may take some time, please hold on while we build your environment. Practise exploiting vulnerabilities on realistic targets. Record your progression from Apprentice to Expert. See ...
PortSwigger4 年
Using Burp's Session Handling Rules with anti-CSRF Tokens
Anti-CSRF tokens are randomly generated "challenge" tokens that are associated with the user’s current session. They are inserted within HTML forms and links associated with sensitive server-side ...
PortSwigger2 年
How to find and exploit information disclosure vulnerabilities
Generally speaking, it is important not to develop "tunnel vision" during testing. In other words, you should avoid focussing too narrowly on a particular vulnerability. Sensitive data can be leaked ...