Portswigger Academy is my go-to Platform to study and practice Web vulnerabilities. Out of every content available, the fact that it’s free is absolutely outstanding for the amount of resources it provides. Each lab write-up are available below with a note associated with the vulnerability.
/admin/delete?username=carlos Appreciation post
Server-side vulnerabilities
SQL injection
Server-side Request Forgery
I have been working on SSRF while studying Cloud environments. The potential risk of reaching internal resources is particularly high in these environments. Multiple labs are available to practice exploiting this vulnerability.
| Lab | Status | Redaction |
|---|---|---|
| basic ssrf against the local server | Solved | Published |
| basic ssrf against another back-end system | Solved | Published |
| blind ssrf with out-of-band detection | Solved | Published |
| ssrf with blacklist-based input filter | Solved | Published |
| ssrf with filter bypass via open redirection vulnerability | Solved | Published |
| blind ssrf with shellshock exploitation | Solved | Published |
| ssrf with whitelist-based input filter | Solved | Published |
XML external entity (XXE) injection
| Lab | Status | Redaction |
|---|---|---|
| exploiting xxe to perform ssrf attacks | Solved | Published |
Oauth authentication
| Lab | Status | Redaction |
|---|---|---|
| authentication bypass via oauth implicit flow | Solved | Published |
| ssrf via openid dynamic client registration | Unsolved | Unpublished |
| oauth account hijacking via redirect_uri | Unsolved | Unpublished |
| forced oauth profile linking | Unsolved | Unpublished |
| stealing oauth access tokens via an open redirect | Unsolved | Unpublished |
| stealing oauth access tokens via a proxy page | Unsolved | Unpublished |
HTTP Host header attacks
| Lab | Status | Redaction |
|---|---|---|
| routing-based ssrf | Solved | Published |
| ssrf via flawed request parsing | Solved | Published |
Client-side vulnerabilities
WebSockets
| Lab | Status | Redaction |
|---|---|---|
| Manipulating WebSocket messages to exploit vulnerabilities | Solved | Published |
| Manipulating the WebSocket handshake to exploit vulnerabilities | Solved | Unpublished |
| Cross-site WebSocket hijacking | Solved | Published |
DOM-based vulnerabilities
| Lab | Status | Redaction |
|---|---|---|
| dom based open redirection | Solved | Published |
Cross-site request forgery (CSRF)
| Lab | Status | Redaction |
|---|---|---|
| csrf vulnerability with no defenses | Solved | Published |
| csrf where token validation depends on request method | Solved | Published |
| csrf where token validation depends on token being present | Solved | Published |
| csrf where token is not tied to user session | Solved | Published |
| csrf where token is not tied to non-session cookie | Solved | Published |
| csrf where token is duplicated in cookie | Solved | Published |
| samesite lax bypass via method override | Solved | Published |
| samesite strict bypass via client-side redirect | Solved | Published |
| samesite strict bypass via sibling domain | Solved | Published |
| samesite lax bypass via cookie refresh | Solved | Published |
| csrf where referer validation depends on header being present | Solved | Published |
| csrf with broken referer validation | Solved | Published |