Yulia PopovCSRF vulnerability with no defenses — PortSwiggerThis lab’s email change functionality is vulnerable to CSRF.7h ago7h ago
Yulia PopovRemote code execution via web shell upload — PortSwiggerThis lab contains a vulnerable image upload function. It doesn’t perform any validation on the files users upload before storing them on…1d ago1d ago
Yulia PopovSSRF with whitelist-based input filter — PortSwiggerThis lab has a stock check feature which fetches data from an internal system.3d ago3d ago
Yulia PopovSSRF with blacklist-based input filter — PortSwiggerThis lab has a stock check feature which fetches data from an internal system.4d ago4d ago
Yulia PopovSQL injection attack, querying the database type and version on MySQL and Microsoft — PortSwiggerThis lab contains a SQL injection vulnerability in the product category filter. You can use a UNION attack to retrieve the results from an…4d ago4d ago
Yulia PopovBasic SSRF against another back-end system — PortSwiggerThis lab has a stock check feature which fetches data from an internal system.5d ago5d ago
Yulia PopovBasic SSRF against the local server — PortSwiggerThis lab has a stock check feature which fetches data from an internal system.Jul 12Jul 12
Yulia PopovExploiting XXE to perform SSRF attacks — PortSwiggerThis lab has a “Check stock” feature that parses XML input and returns any unexpected values in the response.Jul 12Jul 12
Yulia PopovReflected XSS into attribute with angle brackets HTML-encoded — PortSwiggerThis lab contains a reflected cross-site scripting vulnerability in the search blog functionality where angle brackets are HTML-encoded.Jul 10Jul 10