![]()
https://portswigger.net/web-security/os-command-injection/lab-simple Lab: OS command injection, simple case | Web Security Academy This lab contains an OS command injection vulnerability in the product stock checker. The application executes a shell command containing user-supplied ... portswigger.net [문제] [풀이] 위 문제에서 제품에 들어가면 재고를 확인할 수 있는 서비스가 있다. 문제 설명에 보면 제품 ID가 포함된 쉘을 실행하여 재고 확인을 한다고 하는 것 같다..
![]()
https://portswigger.net/web-security/access-control/lab-unprotected-admin-functionality Lab: Unprotected admin functionality | Web Security Academy This lab has an unprotected admin panel. Solve the lab by deleting the user carlos. Solution Go to the lab and view robots.txt by appending /robots.txt to ... portswigger.net [문제] [풀이] 보호되지 않은 관리자 페이지가 존재한다. 관리자 페이지에 접근하여 carlos 계정을 삭제하면 문제가 풀린다. 먼저 ..
![]()
https://portswigger.net/web-security/access-control/lab-user-id-controlled-by-request-parameter-with-data-leakage-in-redirect Lab: User ID controlled by request parameter with data leakage in redirect | Web Security Academy This lab contains an access control vulnerability where sensitive information is leaked in the body of a redirect response. To solve the lab, obtain the API ... portswigger.n..
![]()
https://portswigger.net/web-security/file-path-traversal/lab-simple Lab: File path traversal, simple case | Web Security Academy This lab contains a file path traversal vulnerability in the display of product images. To solve the lab, retrieve the contents of the /etc/passwd file. ... portswigger.net [문제] [풀이] /etc/passwd 파일을 실행하면 문제가 풀리는 것 같다. url 파라미터에 바로 넣어보았지만 파일이 없다고 뜬다. 다른 방법이 있는 것 같다. 이미지..
![]()
https://portswigger.net/web-security/cross-site-scripting/stored/lab-html-context-nothing-encoded Lab: Stored XSS into HTML context with nothing encoded | Web Security Academy This lab contains a stored cross-site scripting vulnerability in the comment functionality. To solve this lab, submit a comment that calls the alert ... portswigger.net [문제] [풀이] 이 문제는 XSS 문제이다. 메인 페이지에는 딱히 XSS 공격할 취약점이 없어..
![]()
https://portswigger.net/web-security/cross-site-scripting/reflected/lab-html-context-nothing-encoded Lab: Reflected XSS into HTML context with nothing encoded | Web Security Academy This lab contains a simple reflected cross-site scripting vulnerability in the search functionality. To solve the lab, perform a cross-site scripting attack ... portswigger.net [문제] [풀이] XSS 문제다. Search 가능한 기능이 있어서 바..
![]()
https://portswigger.net/web-security/authentication/password-based/lab-username-enumeration-via-different-responses Lab: Username enumeration via different responses | Web Security Academy This lab is vulnerable to username enumeration and password brute-force attacks. It has an account with a predictable username and password, which can be ... portswigger.net [문제] [풀이] 문제는 brute force 문제이다. 긴말 ..
![]()
https://portswigger.net/web-security/sql-injection/lab-retrieve-hidden-data Lab: SQL injection vulnerability in WHERE clause allowing retrieval of hidden data | Web Security Academy This lab contains a SQL injection vulnerability in the product category filter. When the user selects a category, the application carries out a SQL query ... portswigger.net [문제] [풀이] 메인 페이지에 Refine your search: 부분이 ..
