![]()
https://portswigger.net/web-security/cross-site-scripting/contexts/lab-href-attribute-double-quotes-html-encoded Lab: Stored XSS into anchor href attribute with double quotes HTML-encoded | Web Security Academy This lab contains a stored cross-site scripting vulnerability in the comment functionality. To solve this lab, submit a comment that calls the alert ... portswigger.net [문제] [풀이] 코멘트를 달면 ..
![]()
https://portswigger.net/web-security/file-upload/lab-file-upload-remote-code-execution-via-web-shell-upload Lab: Remote code execution via web shell upload | Web Security Academy This lab contains a vulnerable image upload function. It doesn't perform any validation on the files users upload before storing them on the server's ... portswigger.net [문제] [풀이] Web Shell 공격으로 /home/carlos/secret 파일을 ..
![]()
https://portswigger.net/web-security/access-control/lab-user-id-controlled-by-request-parameter-with-unpredictable-user-ids Lab: User ID controlled by request parameter, with unpredictable user IDs | Web Security Academy This lab has a horizontal privilege escalation vulnerability on the user account page, but identifies users with GUIDs. To solve the lab, find the GUID for ... portswigger.net [..
![]()
https://portswigger.net/web-security/access-control/lab-user-id-controlled-by-request-parameter Lab: User ID controlled by request parameter | Web Security Academy This lab has a horizontal privilege escalation vulnerability on the user account page. To solve the lab, obtain the API key for the user carlos and submit ... portswigger.net [문제] [풀이] carlos의 API키를 제출하면 문제가 풀린다. 로그인하게 되면 유저이름과 API 키를..
![]()
https://portswigger.net/web-security/os-command-injection/lab-blind-time-delays Lab: Blind OS command injection with time delays | Web Security Academy This lab contains a blind OS command injection vulnerability in the feedback function. The application executes a shell command containing the user-supplied ... portswigger.net [문제] [풀이] feedback page에 OS command injection 취약점이 있다고 한다. OS command..
![]()
https://portswigger.net/web-security/cross-site-scripting/dom-based/lab-jquery-href-attribute-sink Lab: DOM XSS in jQuery anchor href attribute sink using location.search source | Web Security Academy This lab contains a DOM-based cross-site scripting vulnerability in the submit feedback page. It uses the jQuery library's $ selector function to find an ... portswigger.net [문제] [풀이] feddback page..
![]()
https://webhacking.kr/challenge/web-36/ Challenge 59 webhacking.kr [문제] [풀이]
![]()
https://webhacking.kr/challenge/bonus-9/index.php Challenge 38 webhacking.kr [문제] [풀이] LOG INJECTION 소스코드를 확인하면 admin.php 페이지가 숨겨져있다. admin.php에 접속하면 log가 뜬다. admin으로 로그인하라고 한다. you are not admin 이 출력되며 로그인되지 않는다. log를 확인하러 가보면 log또한 없다. log에 뜨게 하면 문제가 풀릴 것 같다. a%0A[IP주소]:admin %0A: 개행 입력 후 admin.php에 접속하면 문제가 풀린다.
