VishalSolving Portswigger Academy: CSRF where token is not tied to user sessionThis lab’s email change functionality is vulnerable to CSRF. It uses tokens to try to prevent CSRF attacks, but they aren’t integrated into…Oct 16Oct 16
VishalSolving Portswigger Academy: CSRF where token validation depends on token being presentThis lab’s email change functionality is vulnerable to CSRF.Oct 15Oct 15
VishalSolving Portswigger Academy: CSRF where token validation depends on request methodThis lab’s email change functionality is vulnerable to CSRF. It attempts to block CSRF attacks, but only applies defenses to certain types…Oct 15Oct 15
VishalSolving Portswigger Academy: CSRF vulnerability with no defensesThis lab’s email change functionality is vulnerable to CSRF.Oct 14Oct 14
VishalSolving Portswigger Academy: Exploiting XSS to perform CSRFThis lab contains a stored XSS vulnerability in the blog comments function. To solve the lab, exploit the vulnerability to perform a CSRF…Oct 13Oct 13
VishalSolving Portswigger Academy: Exploiting cross-site scripting to capture passwordsThis lab contains a stored XSS vulnerability in the blog comments function. A simulated victim user views all comments after they are…Oct 13Oct 13
VishalSolving Portswigger Academy: Exploiting cross-site scripting to steal cookiesThis lab contains a stored XSS vulnerability in the blog comments function. A simulated victim user views all comments after they are…Oct 13Oct 13
VishalSolving Portswigger Academy: Reflected XSS into a JavaScript string with angle brackets and double…This lab contains a reflected cross-site scripting vulnerability in the search query tracking functionality where angle brackets and double…Oct 13Oct 13
VishalSolving Portswigger Academy: DOM XSS in AngularJS expression with angle brackets and double quotes…This lab contains a DOM-based cross-site scripting vulnerability in a AngularJS expression within the search functionality.Oct 6Oct 6
VishalSolving Portswigger Academy: DOM XSS in jQuery selector sink using a hashchange eventThis lab contains a DOM-based cross-site scripting vulnerability on the home page. It uses jQuery’s $() selector function to auto-scroll to…Oct 6Oct 6