This write-up for the lab Information disclosure in version control history is part of my walkthrough series for PortSwigger’s Web Security Academy. Learning path: Server-side topics → Information disclosure Lab: Information disclosure in version control history | Web Security Academy Practise exploiting vulnerabilities on realistic targets. Record your progression from Apprentice to Expert. See where…portswigger.net

This write-up for the lab Authentication bypass via encryption oracle is part of my walk-through series for PortSwigger’s Web Security Academy. Learning path: Server-side topics → Business logic vulnerabilities Lab: Authentication bypass via encryption oracle | Web Security Academy This lab contains a logic flaw that exposes an encryption oracle to users. To solve the lab, exploit this flaw to gain…portswigger.net

This write-up for the lab DOM XSS in innerHTML sink using source location.search is part of my walkthrough series for PortSwigger’s Web Security Academy. Learning path: Client-side topics → Cross-site scripting Lab: DOM XSS in innerHTML sink using source location.search | Web Security Academy Practise exploiting vulnerabilities on realistic targets. Record your progression from Apprentice to Expert. See where…portswigger.net

This write-up for the lab SQL injection with filter bypass via XML encoding is part of my walk-through series for PortSwigger’s Web Security Academy. Learning path: Server-side topics → SQL injection Lab: SQL injection with filter bypass via XML encoding | Web Security Academy Identify the vulnerability Observe that the stock check feature sends the productId and storeId to the application in…portswigger.net

This write-up for the lab DOM XSS in document.write sink using source location.search is part of my walkthrough series for PortSwigger’s Web Security Academy. Learning path: Client-side topics → Cross-site scripting Lab: DOM XSS in document.write sink using source location.search | Web Security Academy Practise exploiting vulnerabilities on realistic targets. Record your progression from Apprentice to Expert. See where…portswigger.net

This write-up for the lab Source code disclosure via backup files is part of my walkthrough series for PortSwigger’s Web Security Academy. Learning path: Server-side topics → Information disclosure Lab: Source code disclosure via backup files | Web Security Academy This lab leaks its source code via backup files in a hidden directory. To solve the lab, identify and submit the…portswigger.net Python script: script.py

This write-up for the lab Basic server-side template injection (code context) is part of my walk-through series for PortSwigger’s Web Security Academy. Learning path: Advanced topics → Server-side template injection Lab: Basic server-side template injection (code context) | Web Security Academy Practise exploiting vulnerabilities on realistic targets. Record your progression from Apprentice to Expert. See where…portswigger.net

This write-up for the lab Stored XSS into HTML context with nothing encoded is part of my walkthrough series for PortSwigger’s Web Security Academy. Learning path: Client-side topics → Cross-site scripting Lab: Stored XSS into HTML context with nothing encoded | Web Security Academy Practise exploiting vulnerabilities on realistic targets. Record your progression from Apprentice to Expert. See where…portswigger.net