Vishal – Medium

Vishal

Vishal

Solving Portswigger Academy: CSRF where token is not tied to user session

This lab’s email change functionality is vulnerable to CSRF. It uses tokens to try to prevent CSRF attacks, but they aren’t integrated into…

Oct 16

Solving Portswigger Academy: CSRF where token is not tied to user session

Oct 16

Vishal

Solving Portswigger Academy: CSRF where token validation depends on token being present

This lab’s email change functionality is vulnerable to CSRF.

Oct 15

Solving Portswigger Academy: CSRF where token validation depends on token being present

Oct 15

Vishal

Solving Portswigger Academy: CSRF where token validation depends on request method

This lab’s email change functionality is vulnerable to CSRF. It attempts to block CSRF attacks, but only applies defenses to certain types…

Oct 15

Solving Portswigger Academy: CSRF where token validation depends on request method

Oct 15

Vishal

Solving Portswigger Academy: CSRF vulnerability with no defenses

This lab’s email change functionality is vulnerable to CSRF.

Oct 14

Solving Portswigger Academy: CSRF vulnerability with no defenses

Oct 14

Vishal

Solving Portswigger Academy: Exploiting XSS to perform CSRF

This lab contains a stored XSS vulnerability in the blog comments function. To solve the lab, exploit the vulnerability to perform a CSRF…

Oct 13

Solving Portswigger Academy: Exploiting XSS to perform CSRF

Oct 13

Vishal

Solving Portswigger Academy: Exploiting cross-site scripting to capture passwords

This lab contains a stored XSS vulnerability in the blog comments function. A simulated victim user views all comments after they are…

Oct 13

Solving Portswigger Academy: Exploiting cross-site scripting to capture passwords

Oct 13

Vishal

Solving Portswigger Academy: Exploiting cross-site scripting to steal cookies

This lab contains a stored XSS vulnerability in the blog comments function. A simulated victim user views all comments after they are…

Oct 13

Solving Portswigger Academy: Exploiting cross-site scripting to steal cookies

Oct 13

Vishal

Solving Portswigger Academy: Reflected XSS into a JavaScript string with angle brackets and double…

This lab contains a reflected cross-site scripting vulnerability in the search query tracking functionality where angle brackets and double…

Oct 13

Solving Portswigger Academy: Reflected XSS into a JavaScript string with angle brackets and double…

Oct 13

Vishal

Solving Portswigger Academy: DOM XSS in AngularJS expression with angle brackets and double quotes…

This lab contains a DOM-based cross-site scripting vulnerability in a AngularJS expression within the search functionality.

Oct 6

Solving Portswigger Academy: DOM XSS in AngularJS expression with angle brackets and double quotes…

Oct 6

Vishal

Solving Portswigger Academy: DOM XSS in jQuery selector sink using a hashchange event

This lab contains a DOM-based cross-site scripting vulnerability on the home page. It uses jQuery’s $() selector function to auto-scroll to…

Oct 6

Solving Portswigger Academy: DOM XSS in jQuery selector sink using a hashchange event

Oct 6

Vishal

Vishal

Help
Status
About
Careers
Press
Blog
Privacy
Terms
Text to speech
Teams