https://portswigger.net/web-security/cross-site-scripting/contexts/lab-javascript-string-angle-brackets-html-encoded Lab: Reflected XSS into a JavaScript string with angle brackets HTML encoded | Web Security Academy This lab contains a reflected cross-site scripting vulnerability in the search query tracking functionality where angle brackets are encoded. The reflection ... portswigger.net [문제]..
https://portswigger.net/web-security/cross-site-scripting/contexts/lab-href-attribute-double-quotes-html-encoded Lab: Stored XSS into anchor href attribute with double quotes HTML-encoded | Web Security Academy This lab contains a stored cross-site scripting vulnerability in the comment functionality. To solve this lab, submit a comment that calls the alert ... portswigger.net [문제] [풀이] 코멘트를 달면 ..
https://portswigger.net/web-security/file-upload/lab-file-upload-remote-code-execution-via-web-shell-upload Lab: Remote code execution via web shell upload | Web Security Academy This lab contains a vulnerable image upload function. It doesn't perform any validation on the files users upload before storing them on the server's ... portswigger.net [문제] [풀이] Web Shell 공격으로 /home/carlos/secret 파일을 ..
https://portswigger.net/web-security/access-control/lab-user-id-controlled-by-request-parameter-with-unpredictable-user-ids Lab: User ID controlled by request parameter, with unpredictable user IDs | Web Security Academy This lab has a horizontal privilege escalation vulnerability on the user account page, but identifies users with GUIDs. To solve the lab, find the GUID for ... portswigger.net [..
https://portswigger.net/web-security/access-control/lab-user-id-controlled-by-request-parameter Lab: User ID controlled by request parameter | Web Security Academy This lab has a horizontal privilege escalation vulnerability on the user account page. To solve the lab, obtain the API key for the user carlos and submit ... portswigger.net [문제] [풀이] carlos의 API키를 제출하면 문제가 풀린다. 로그인하게 되면 유저이름과 API 키를..
https://portswigger.net/web-security/os-command-injection/lab-blind-time-delays Lab: Blind OS command injection with time delays | Web Security Academy This lab contains a blind OS command injection vulnerability in the feedback function. The application executes a shell command containing the user-supplied ... portswigger.net [문제] [풀이] feedback page에 OS command injection 취약점이 있다고 한다. OS command..
https://portswigger.net/web-security/cross-site-scripting/dom-based/lab-jquery-href-attribute-sink Lab: DOM XSS in jQuery anchor href attribute sink using location.search source | Web Security Academy This lab contains a DOM-based cross-site scripting vulnerability in the submit feedback page. It uses the jQuery library's $ selector function to find an ... portswigger.net [문제] [풀이] feddback page..
https://portswigger.net/web-security/file-path-traversal/lab-superfluous-url-decode Lab: File path traversal, traversal sequences stripped with superfluous URL-decode | Web Security Academy This lab contains a file path traversal vulnerability in the display of product images. The application blocks input containing path traversal sequences. It ... portswigger.net [문제] [풀이] 파일 경로를 우회하는 문제이다. 이미지..
