![]()
https://portswigger.net/web-security/cross-site-scripting/dom-based/lab-document-write-sink Lab: DOM XSS in document.write sink using source location.search | Web Security Academy This lab contains a DOM-based cross-site scripting vulnerability in the search query tracking functionality. It uses the JavaScript document.write function, ... portswigger.net [문제] [풀이] 검색창에서 XSS 시도해야 하는 것 같다. 일반적인 XS..
![]()
https://portswigger.net/web-security/ssrf/lab-basic-ssrf-against-localhost Lab: Basic SSRF against the local server | Web Security Academy This lab has a stock check feature which fetches data from an internal system. To solve the lab, change the stock check URL to access the admin interface at ... portswigger.net [문제] [풀이] 문제를 확인하면 재고를 확인하는 URL을 변경하라고 한다. Check stock 클릭하여 패킷을 확인하면 stockApi 값이 노..
![]()
https://portswigger.net/web-security/access-control/lab-unprotected-admin-functionality-with-unpredictable-url Lab: Unprotected admin functionality with unpredictable URL | Web Security Academy This lab has an unprotected admin panel. It's located at an unpredictable location, but the location is disclosed somewhere in the application. Solve the ... portswigger.net [문제] [풀이] 문제를 확인하면 보호되지 않은 URL..
![]()
https://portswigger.net/web-security/file-path-traversal/lab-sequences-stripped-non-recursively Lab: File path traversal, traversal sequences stripped non-recursively | Web Security Academy This lab contains a file path traversal vulnerability in the display of product images. The application strips path traversal sequences from the ... portswigger.net [문제] [풀이] 문제를 보면 이미지 경로에 취약점이 있다고 한다. 새 탭에서..
![]()
https://portswigger.net/web-security/file-path-traversal/lab-absolute-path-bypass Lab: File path traversal, traversal sequences blocked with absolute path bypass | Web Security Academy This lab contains a file path traversal vulnerability in the display of product images. The application blocks traversal sequences but treats the supplied ... portswigger.net [문제] [풀이] 이미지 경로에 취약점이 있다고 한다. 새 탭에서 이..
![]()
https://portswigger.net/web-security/os-command-injection/lab-simple Lab: OS command injection, simple case | Web Security Academy This lab contains an OS command injection vulnerability in the product stock checker. The application executes a shell command containing user-supplied ... portswigger.net [문제] [풀이] 위 문제에서 제품에 들어가면 재고를 확인할 수 있는 서비스가 있다. 문제 설명에 보면 제품 ID가 포함된 쉘을 실행하여 재고 확인을 한다고 하는 것 같다..
![]()
https://portswigger.net/web-security/access-control/lab-unprotected-admin-functionality Lab: Unprotected admin functionality | Web Security Academy This lab has an unprotected admin panel. Solve the lab by deleting the user carlos. Solution Go to the lab and view robots.txt by appending /robots.txt to ... portswigger.net [문제] [풀이] 보호되지 않은 관리자 페이지가 존재한다. 관리자 페이지에 접근하여 carlos 계정을 삭제하면 문제가 풀린다. 먼저 ..
![]()
https://portswigger.net/web-security/access-control/lab-user-id-controlled-by-request-parameter-with-data-leakage-in-redirect Lab: User ID controlled by request parameter with data leakage in redirect | Web Security Academy This lab contains an access control vulnerability where sensitive information is leaked in the body of a redirect response. To solve the lab, obtain the API ... portswigger.n..
