Introduction: Timing-based vulnerabilities represent a sophisticated class of side-channel attacks that exploit variations in response times to extract sensitive information. This lab demonstrates how applications can inadvertently leak the existence of valid user accounts through measurable differences in processing time. Unlike traditional enumeration methods…
Introduction: Password reset mechanisms serve as critical recovery pathways for users who have lost access to their accounts. However, flawed implementation of these systems can introduce severe vulnerabilities that allow attackers to hijack accounts without legitimate ownership. This lab demonstrates how broken…
PortSwigger Lab: 2FA Simple Bypass Introduction: Two-factor authentication (2FA) serves as a critical security layer for protecting user accounts, but improper implementation can render this protection ineffective. This lab demonstrates a common vulnerability where applications fail to properly enforce 2FA verification, allowing attackers to bypass the authentication…
Introduction: The “Blind OS Command Injection with Time Delays” lab, part of the PortSwigger Web Security Academy, explores a more advanced form of command injection where the application does not directly return command output. Instead, attackers infer successful exploitation through behavioral cues—such…
Introduction: The PortSwigger Web Security Academy provides guided labs where security professionals can practice identifying and exploiting common vulnerabilities in web applications. The lab titled “OS Command Injection, Simple Case” demonstrates a fundamental security flaw that allows attackers to execute operating system commands through a vulnerable…
Introduction: This lab demonstrates a Reflected Cross-Site Scripting (XSS) vulnerability where user input is embedded within a JavaScript string. While angle brackets<`,`>`) are HTML-encoded (preventing direct HTML injection), improper escaping allows attackers to escape the string context and execute arbitrary JavaScript. Below,…
Introduction: In this post, we’ll explore a Stored Cross-Site Scripting (XSS) vulnerability where malicious input is stored in a web application and later reflected in an anchor (`<a>`) tag’s `href` attribute. While double quotes (`”`) are HTML-encoded, the attacker can still inject…
Introduction In this post, we’ll dissect a common Cross-Site Scripting (XSS) vulnerability where user input is reflected into an HTML attribute, but angle brackets (`<`, `>`) are HTML-encoded. This scenario is often encountered in web applications that attempt to sanitize…
Vulnerability Type: DOM-based Cross-Site Scripting (XSS) Attack Vector The vulnerable application uses jQuery to dynamically process the URL fragment identifier (`#`) and injects it unsafely into the DOM. By exploiting the `hashchange` event, an attacker can trigger malicious JavaScript execution when…
Introduction: In this post, we’ll explore a Stored Cross-Site Scripting (XSS) vulnerability where malicious input is stored in a web application and later reflected in an anchor (`<a>`) tag’s `href` attribute. While double quotes (`”`) are HTML-encoded, the attacker can…
