Vulnerability Type: DOM-based Cross-Site Scripting (XSS) Attack Vector The vulnerable application dynamically sets the `href` attribute of an anchor (`<a>`) tag using untrusted input from `location.search` (URL parameters) without proper sanitization. By injecting a `javascript:`pseudo-protocol payload, an attacker can execute…
Vulnerability Type: DOM-based Cross-Site Scripting (XSS) Attack Vector The vulnerable application dynamically injects user-controlled input from `location.search` (URL parameters) into the DOM using the `innerHTML` property, without proper sanitization. This allows an attacker to inject arbitrary HTML/JavaScript, leading to script…
Vulnerability Type: DOM-based Cross-Site Scripting (XSS) Attack Vector The vulnerable application dynamically writes user-controlled input from `location.search` (URL parameters) into the DOM using `document.write`, without proper sanitization. This allows an attacker to inject arbitrary JavaScript by breaking out of the…
Vulnerability Type: Reflected Cross-Site Scripting (XSS) Attack Vector The vulnerable application reflects user input directly into the HTML response without encoding or sanitization, allowing arbitrary JavaScript execution. The attack vector leverages a simple search functionality where the input is embedded…
Vulnerability Type: Stored Cross-Site Scripting (XSS) Attack Vector The vulnerable application stores user input (e.g., comments) directly in the database and reflects it un-sanitized in the HTML response. Unlike reflected XSS, stored XSS persists on the server, affecting all users…
Methodology Conclusion This lab highlights how a simple marker string can reveal which result column accepts and displays text — a small but crucial discovery that enables further data extraction. The takeaway for developers is straightforward: never trust input, and…
Attack Vector Used Exploitation Steps Mitigation Strategies Conclusion This lab demonstrates how a UNION-based SQL injection can bypass column limitations by concatenating data into a single text-compatible column. Always secure applications with defensive coding practices and layered protections.
Attack Vector Used Exploitation Steps Mitigation Strategies Conclusion This lab demonstrates how a UNION-based SQL injection can bypass filters and extract sensitive data. Always secure applications with proper coding practices and defensive measures.
Introduction Lab 8 demonstrates a UNION-based SQL injection technique to identify which column in a multi-column query can display text. Using Burp Suite Repeater, the exercise injects a known marker string into each column to discover the text-capable column for…
Introduction Lab 7 demonstrates a practical UNION-based SQL injection technique to determine how many columns an application query returns. Using Burp Suite to intercept and replay requests, the exercise shows how iterative injection with NULL values in a UNION SELECT…
