Home Web Application
Web Application
Cancel

Web Application

(Portswigger/WebAcademy) - DOM-Based Cross-Site Scripting (XSS)

Intro This post/writeup is all about the DOM-Based XSS Vulnerabilities. I’ll be using primarily Portswigger Web Academy Labs, but i do intent do throw other labs and writeups here as well. To lea...

Mar 25 7 min Web Application, Cross Site Scripting

(Portswigger/WebAcademy) - Stored Cross-Site Scripting (XSS)

Intro This post/writeup is all about the stored XSS Vulnerabilities. I’ll be using primarily Portswigger Web Academy Labs, but i do intent do throw other labs and writeups here as well. To learn ...

Jan 25 4 min Web Application, Cross Site Scripting

(Portswigger/WebAcademy) - DOM-based Vulnerabilities

Intro This post/writeup is all about the DOM-based Vulnerabilitiess. I’ll be using primarily Portswigger Web Academy Labs, but i do intent do throw other labs and writeups here as well. To learn ...

Jan 15 3 min Web Application, DOM-based Vulnerabilities

(Portswigger/WebAcademy) - Websockets

Intro This post/writeup is all about the insecure deserialization vulnerabilities. I’ll be using primarily Portswigger Web Academy Labs, but i do intent do throw other labs and writeups here as we...

Jan 15 2 min Web Application, Insecure Deserialization

(Portswigger/WebAcademy) - Insecure Deserialization vulnerabilities

Intro This post/writeup is all about the insecure deserialization vulnerabilities. I’ll be using primarily Portswigger Web Academy Labs, but i do intent do throw other labs and writeups here as we...

Jan 15 9 min Web Application, Insecure Deserialization

(Portswigger/WebAcademy) - Server-Side Template Injection vulnerabilities

Intro This post/writeup is all about the Clickjacking Vulnerabilities. I’ll be using primarily Portswigger Web Academy Labs, but i do intent do throw other labs and writeups here as well. To lear...

Jan 15 5 min Web Application, Clickjacking vulnerabilities

(Portswigger/WebAcademy) - Clickjacking vulnerabilities

Intro This post/writeup is all about the Clickjacking Vulnerabilities. I’ll be using primarily Portswigger Web Academy Labs, but i do intent do throw other labs and writeups here as well. To lear...

Jan 15 5 min Web Application, Clickjacking vulnerabilities

(Portswigger/WebAcademy) - OAuth 2.0 authentication vulnerabilities

Intro This post/writeup is all about the JWT Token Vulnerabilities. I’ll be using primarily Portswigger Web Academy Labs, but i do intent do throw other labs and writeups here as well. To learn m...

Jan 15 9 min Web Application, OAuth 2.0 authentication vulnerabilities

(Portswigger/WebAcademy) - JWT Token Vulnerabilities

Intro This post/writeup is all about the JWT Token Vulnerabilities. I’ll be using primarily Portswigger Web Academy Labs, but i do intent do throw other labs and writeups here as well. To learn m...

Jan 15 7 min Web Application, JWT Token Vulnerabilities

Vulnerable Lab by Tushar Kulkarni (@roottusk) - vAPI (writeup)

Intro This post is all about the vapi which is hosted on github and it has been created by Tushar Kulkarni. The Plan This vulnerable API has no Frontend like e.g., craPI, so i’ll just take docu...

Dec 21, 2022 8 min Web Application, API

Vulnerable Lab by OWASP - crAPI (Writeup)

Intro This post is all about the crAPI which is OWASP’s vulnerable web API application. It has few challenges across all TOP 10 API Vulnerabilities. In total 15 challenges/vulnerabilities and 2 sec...

Dec 21, 2022 14 min Web Application, API

(Portswigger/WebAcademy) - Cross-Origin Resource Sharing (CORS)

Intro This post/writeup is all about the Cross-Origin Resource Sharing or simply CORS. I’ll be using primarily Portswigger Web Academy Labs, but i do intent do throw other labs and writeups here a...

Dec 21, 2022 6 min Web Application, Cross-Origin Resource Sharing

(Portswigger/WebAcademy) - Cross-Site Request Forgery (CSRF)

Intro This post/writeup is all about the Cross-Site Request Forgery. I’ll be using primarily Portswigger Web Academy Labs, but i do intent do throw other labs and writeups here as well. To learn ...

Dec 12, 2022 10 min Web Application, Cross-Site Request Forgery

(Portswigger/WebAcademy) - Web Cache Poisoning (Unkeyed Inputs)

Intro This post/writeup is all about the Web Cache Poisoning. I’ll be using primarily Portswigger Web Academy Labs, but i do intent do throw other labs and writeups here as well. To learn more on...

Oct 27, 2022 9 min Web Application, Web Cache Poisoning

(Portswigger/WebAcademy) - XXE Injection

Intro This post/writeup is all about the XXE Injection. I’ll be using primarily Portswigger Web Academy Labs, but i do intent do throw other labs and writeups here as well. What can we do with XX...

Oct 27, 2022 5 min Web Application, XXE Injection

(Portswigger/WebAcademy) - Server-side request forgery (SSRF)

Intro This post/writeup is all about the Server-side request forgery (SSRF). I’ll be using primarily Portswigger Web Academy Labs, but i do intent do throw other labs and writeups here as well. T...

Oct 24, 2022 5 min Web Application, Server-side Request Forgery

File Upload Vulnerabilities

Intro This post/writeup is all about the File Upload Vulnerabilities. I’ll be using primarily Portswigger Web Academy Labs, but i do intent do throw other labs and writeups here as well. TOC I...

Oct 9, 2022 6 min Web Application, File Upload Vulnerabilities

Broken Access Control

Intro This post/writeup is all about the Broken access control. I’ll be using primarily Portswigger Web Academy Labs, but i do intent do throw other labs and writeups here as well. Information di...

Oct 8, 2022 9 min Web Application, Broken Access Control

Information Disclosure

Intro This post/writeup is all about the Bussines Logic Vulnerabilities. I’ll be using primarily Portswigger Web Academy Labs, but i do intent do throw other labs and writeups here as well. Infor...

Oct 7, 2022 3 min Web Application, Information Disclosure

Business Logic Vulnerabilities

Intro This post/writeup is all about the Business Logic Vulnerabilities. I’ll be using primarily Portswigger Web Academy Labs, but i do intent do throw other labs and writeups here as well. Busin...

Oct 6, 2022 12 min Web Application, Bussines Logic Vulnerabilities

(Portswigger/WebAcademy) - Reflected Cross-Site Scripting (XSS)

Intro This post is dedicated to XSS related Labs at Portswigger Web Academy TOC Intro TOC Finding a XSS Reflected XSS into HTML context with nothing encoded Reflected ...

Oct 4, 2022 6 min Web Application, Cross Site Scripting

OS Command Injection

Intro This post/writeup is all about the OS Command Injection vulnerabilities. I’ll be using primarily Portswigger Web Academy Labs, but i do intent do throw other labs and writeups here as well. ...

Oct 3, 2022 4 min Web Application, OS Command Injection

Directory Traversal

Intro This post/writeup is all about the Directory Traversal vulnerabilities. I’ll be using primarily Portswigger Web Academy Labs, but i do intent do throw other labs and writeups here as well. ...

Oct 2, 2022 2 min Web Application, Directory Traversal

Vulnerable Password Reset

Intro This post/writeup is all about the Authentication vulnerabilities or Broken Authentication if we follow OWASP naming scheme. I’ll be using primarily Portswigger Web Academy Labs, but i do in...

Sep 30, 2022 6 min Web Application, Broken Authentication

Vulnerable Username-Password Authentication

Intro This post/writeup is all about the Authentication vulnerabilities or Broken Authentication if we follow OWASP naming scheme. I’ll be using primarily Portswigger Web Academy Labs, but i do in...

Sep 30, 2022 10 min Web Application, Broken Authentication

Multi-Factor Authentication (MFA)

Intro This post/writeup is all about the Authentication vulnerabilities or Broken Authentication if we follow OWASP naming scheme. I’ll be using primarily Portswigger Web Academy Labs, but i do in...

Sep 30, 2022 5 min Web Application, Broken Authentication

Other vulnerable Authentication Mechanismus

Intro This post/writeup is all about the Authentication vulnerabilities or Broken Authentication if we follow OWASP naming scheme. I’ll be using primarily Portswigger Web Academy Labs, but i do in...

Sep 30, 2022 2 min Web Application, Broken Authentication

Blind SQL Injection

Intro Lab at portswigger: Blind SQL Injection TOC Intro TOC Blind SQL injection with conditional responses Intro Finding the SQL Injection Database Enumeration ...

Sep 30, 2022 15 min Web Application, SQL Injection
Recently Updated