Portswigger web security academy:Server-side template injection(SSTI) 目录 Portswigger web security academy:Server-side template injection(SSTI) Basic server-side template injection Basic server-side template injection (code context) Server-side templa…
Portswigger web security academy:Reflected XSS 目录 Portswigger web security academy:Reflected XSS Reflected XSS into HTML context with nothing encoded Reflected XSS into HTML context with most tags and attributes blocked Reflected XSS into HTML contex…
Portswigger web security academy:WebSockets 目录 Portswigger web security academy:WebSockets Lab: Manipulating WebSocket messages to exploit vulnerabilities Lab: Manipulating the WebSocket handshake to exploit vulnerabilities Lab: Cross-site WebSocket…
Portswigger web security academy:Cross-origin resource sharing (CORS) 目录 Portswigger web security academy:Cross-origin resource sharing (CORS) 1 - CORS vulnerability with basic origin reflection 2 - CORS vulnerability with trusted null origin 3 - COR…
Portswigger web security academy:XML external entity (XXE) injection 目录 Portswigger web security academy:XML external entity (XXE) injection 1 - Exploiting XXE using external entities to retrieve files 2 - Exploiting XXE to perform SSRF attacks 3 - B…
Portswigger web security academy:Cross-site request forgery (CSRF) 目录 Portswigger web security academy:Cross-site request forgery (CSRF) 1 - CSRF vulnerability with no defenses 2 -CSRF where token validation depends on request method 3 - CSRF where t…
Portswigger web security academy:OAth authentication vulnerable 目录 Portswigger web security academy:OAth authentication vulnerable Authentication bypass via OAuth implicit flow Forced OAuth profile linking OAuth account hijacking via redirect_uri Ste…
Portswigger web security academy:Server-side request forgery (SSRF) 目录 Portswigger web security academy:Server-side request forgery (SSRF) Basic SSRF against the local server Basic SSRF against another back-end system SSRF with blacklist-based input…
Portswigger web security academy:Clickjacking (UI redressing) 目录 Portswigger web security academy:Clickjacking (UI redressing) 1 - Basic clickjacking with CSRF token protection 2 - Clickjacking with form input data prefilled from a URL parameter 3 -…
Portswigger web security academy:OS command injection 目录 Portswigger web security academy:OS command injection OS command injection, simple case Blind OS command injection with time delays Blind OS command injection with out put redirection Blind OS…