Lab 6: DOM XSS in jQuery Selector Sink Using a `hashchange` Event
Vulnerability Type: DOM-based Cross-Site Scripting (XSS) Attack Vector The vulnerable application uses…
Lab 5: DOM XSS in jQuery Anchor `href` Attribute Sink Using `location.search` Source
Vulnerability Type: DOM-based Cross-Site Scripting (XSS) Attack Vector The vulnerable application dynamically…
Lab 4: DOM XSS in `innerHTML` Sink Using Source `location.search`
Vulnerability Type: DOM-based Cross-Site Scripting (XSS) Attack Vector The vulnerable application dynamically…
Lab 3: DOM XSS in `document.write` Sink Using Source `location.search`
Vulnerability Type: DOM-based Cross-Site Scripting (XSS) Attack Vector The vulnerable application dynamically…
Lab 1: Reflected XSS into HTML Context with Nothing Encoded
Vulnerability Type: Reflected Cross-Site Scripting (XSS) Attack Vector The vulnerable application reflects…
Lab 2: Stored XSS into HTML Context with Nothing Encoded
Vulnerability Type: Stored Cross-Site Scripting (XSS) Attack Vector The vulnerable application stores…
Lab 8: SQL injection UNION attack, finding a column containing text
Methodology Conclusion This lab highlights how a simple marker string can reveal…
