PortSwigger

https://portswigger.net/web-security/csrf/lab-no-defenses Lab: CSRF vulnerability with no defenses | Web Security Academy This lab's email change functionality is vulnerable to CSRF. To solve the lab, craft some HTML that uses a CSRF attack to change the viewer's email address ... portswigger.net [문제] [풀이] 문제 설명을 보면 이메일 변경 기능이 취약하고 csrf 공격 html 코드를 짜서 피의자의 이메일 주소를 변경 시키면 문제가 풀린다. 이번 문제에서는 서버가 주어..

https://portswigger.net/web-security/cross-site-scripting/dom-based/lab-innerhtml-sink Lab: DOM XSS in innerHTML sink using source location.search | Web Security Academy This lab contains a DOM-based cross-site scripting vulnerability in the search blog functionality. It uses an innerHTML assignment, which changes the HTML ... portswigger.net [문제] [풀이] 검색 결과를 확인해서 xss를 진행한다. 소스코드를 확인한다. 검색하게되면 밑..

https://portswigger.net/web-security/access-control/lab-user-role-controlled-by-request-parameter Lab: User role controlled by request parameter | Web Security Academy This lab has an admin panel at /admin, which identifies administrators using a forgeable cookie. Solve the lab by accessing the admin panel and using it to ... portswigger.net [문제] [풀이] 어드민 패널에 접속해서 carlos 계정을 삭제하면 문제가 풀린다. 그냥 /ad..

https://portswigger.net/web-security/cross-site-scripting/dom-based/lab-document-write-sink Lab: DOM XSS in document.write sink using source location.search | Web Security Academy This lab contains a DOM-based cross-site scripting vulnerability in the search query tracking functionality. It uses the JavaScript document.write function, ... portswigger.net [문제] [풀이] 검색창에서 XSS 시도해야 하는 것 같다. 일반적인 XS..

https://portswigger.net/web-security/ssrf/lab-basic-ssrf-against-localhost Lab: Basic SSRF against the local server | Web Security Academy This lab has a stock check feature which fetches data from an internal system. To solve the lab, change the stock check URL to access the admin interface at ... portswigger.net [문제] [풀이] 문제를 확인하면 재고를 확인하는 URL을 변경하라고 한다. Check stock 클릭하여 패킷을 확인하면 stockApi 값이 노..

https://portswigger.net/web-security/access-control/lab-unprotected-admin-functionality-with-unpredictable-url Lab: Unprotected admin functionality with unpredictable URL | Web Security Academy This lab has an unprotected admin panel. It's located at an unpredictable location, but the location is disclosed somewhere in the application. Solve the ... portswigger.net [문제] [풀이] 문제를 확인하면 보호되지 않은 URL..

https://portswigger.net/web-security/file-path-traversal/lab-sequences-stripped-non-recursively Lab: File path traversal, traversal sequences stripped non-recursively | Web Security Academy This lab contains a file path traversal vulnerability in the display of product images. The application strips path traversal sequences from the ... portswigger.net [문제] [풀이] 문제를 보면 이미지 경로에 취약점이 있다고 한다. 새 탭에서..

https://portswigger.net/web-security/file-path-traversal/lab-absolute-path-bypass Lab: File path traversal, traversal sequences blocked with absolute path bypass | Web Security Academy This lab contains a file path traversal vulnerability in the display of product images. The application blocks traversal sequences but treats the supplied ... portswigger.net [문제] [풀이] 이미지 경로에 취약점이 있다고 한다. 새 탭에서 이..