Description Link: https://portswigger.net/web-security/xxe/lab-exploiting-xxe-to-retrieve-files Writeup The website offers a check stock feature that displays the number of items of a spec...

Description Link: https://portswigger.net/web-security/csrf/lab-no-defenses Writeup We can login to our account with the credentials we have wiener:peter. Once logged it we are redirected...

Description Link : https://portswigger.net/web-security/cross-site-scripting/exploiting/lab-perform-csrf Writeup We log in as the wiener user and we are redirected to our account page (/my-acc...

Description Link: https://portswigger.net/web-security/cross-site-scripting/dom-based/lab-dom-xss-stored Writeup A comment feature is implemented within each post in the page We can test ea...

Description Link: https://portswigger.net/web-security/cross-site-scripting/contexts/lab-some-svg-markup-allowed Writeup We know the svg tag is going to be successful. We try <svg onlo...

Foothold Start with usual nmap enumeration >> nmap -sC -sV -oN nmap-initial 10.10.10.229 Starting Nmap 7.91 ( https://nmap.org ) at 2021-04-25 20:23 CEST Nmap scan report for 10.10.10.229 H...

Description Lab: https://portswigger.net/web-security/cross-site-scripting/contexts/lab-event-handlers-and-href-attributes-blocked Writeup So event handlers and href attribute are blacklis...

Reflected XSS into HTML context with all tags blocked except custom ones Description Link: https://portswigger.net/web-security/cross-site-scripting/contexts/lab-html-context-with-all-standard-ta...

Start with usual nmap enumeration nmap -sC -sV -oN nmap-initial 10.10.10.222 Port 22 and 80 open where an nginx server is listening. We visit the service on port 80. The page contains links to 2 ...

Start with usual nmap script to enumerate. nmap -sC -sV -oN nmap-initial 10.10.10.226 We see ssh open, a fitered 903 port and a webserver on 5000. We start by looking at port 5000. As we see from...