Introduction: The PortSwigger Web Security Academy provides guided labs where security professionals can practice identifying and exploiting common vulnerabilities in web applications. The lab titled “OS Command Injection, Simple Case” demonstrates a fundamental security flaw that allows attackers to execute operating system commands through a vulnerable…
Introduction: This lab demonstrates a Reflected Cross-Site Scripting (XSS) vulnerability where user input is embedded within a JavaScript string. While angle brackets<`,`>`) are HTML-encoded (preventing direct HTML injection), improper escaping allows attackers to escape the string context and execute arbitrary JavaScript. Below,…
Introduction: In this post, we’ll explore a Stored Cross-Site Scripting (XSS) vulnerability where malicious input is stored in a web application and later reflected in an anchor (`<a>`) tag’s `href` attribute. While double quotes (`”`) are HTML-encoded, the attacker can still inject…
Introduction In this post, we’ll dissect a common Cross-Site Scripting (XSS) vulnerability where user input is reflected into an HTML attribute, but angle brackets (`<`, `>`) are HTML-encoded. This scenario is often encountered in web applications that attempt to sanitize…
Vulnerability Type: DOM-based Cross-Site Scripting (XSS) Attack Vector The vulnerable application uses jQuery to dynamically process the URL fragment identifier (`#`) and injects it unsafely into the DOM. By exploiting the `hashchange` event, an attacker can trigger malicious JavaScript execution when…
Introduction: In this post, we’ll explore a Stored Cross-Site Scripting (XSS) vulnerability where malicious input is stored in a web application and later reflected in an anchor (`<a>`) tag’s `href` attribute. While double quotes (`”`) are HTML-encoded, the attacker can…
Introduction In this post, we’ll dissect a common Cross-Site Scripting (XSS) vulnerability where user input is reflected into an HTML attribute, but angle brackets (`<`, `>`) are HTML-encoded. This scenario is often encountered in web applications that attempt to sanitize…
Vulnerability Type: DOM-based Cross-Site Scripting (XSS) Attack Vector The vulnerable application uses jQuery to dynamically process the URL fragment identifier (`#`) and injects it unsafely into the DOM. By exploiting the `hashchange` event, an attacker can trigger malicious JavaScript execution…
Vulnerability Type: DOM-based Cross-Site Scripting (XSS) Attack Vector The vulnerable application dynamically sets the `href` attribute of an anchor (`<a>`) tag using untrusted input from `location.search` (URL parameters) without proper sanitization. By injecting a `javascript:`pseudo-protocol payload, an attacker can execute…
Vulnerability Type: DOM-based Cross-Site Scripting (XSS) Attack Vector The vulnerable application dynamically injects user-controlled input from `location.search` (URL parameters) into the DOM using the `innerHTML` property, without proper sanitization. This allows an attacker to inject arbitrary HTML/JavaScript, leading to script…
