PortSwigger Lab: 2FA Simple Bypass Introduction: Two-factor authentication (2FA) serves as a critical security layer for protecting user accounts, but improper implementation can render this protection ineffective. This lab demonstrates a common vulnerability where applications fail to properly enforce 2FA verification, allowing attackers to bypass the authentication…
Introduction: The “Blind OS Command Injection with Time Delays” lab, part of the PortSwigger Web Security Academy, explores a more advanced form of command injection where the application does not directly return command output. Instead, attackers infer successful exploitation through behavioral cues—such…
Introduction: The PortSwigger Web Security Academy provides guided labs where security professionals can practice identifying and exploiting common vulnerabilities in web applications. The lab titled “OS Command Injection, Simple Case” demonstrates a fundamental security flaw that allows attackers to execute operating system commands through a vulnerable…
Introduction: In this post, we’ll explore a Stored Cross-Site Scripting (XSS) vulnerability where malicious input is stored in a web application and later reflected in an anchor (`<a>`) tag’s `href` attribute. While double quotes (`”`) are HTML-encoded, the attacker can still inject…
Introduction In this post, we’ll dissect a common Cross-Site Scripting (XSS) vulnerability where user input is reflected into an HTML attribute, but angle brackets (`<`, `>`) are HTML-encoded. This scenario is often encountered in web applications that attempt to sanitize…
Vulnerability Type: DOM-based Cross-Site Scripting (XSS) Attack Vector The vulnerable application uses jQuery to dynamically process the URL fragment identifier (`#`) and injects it unsafely into the DOM. By exploiting the `hashchange` event, an attacker can trigger malicious JavaScript execution when…
Introduction: In this post, we’ll explore a Stored Cross-Site Scripting (XSS) vulnerability where malicious input is stored in a web application and later reflected in an anchor (`<a>`) tag’s `href` attribute. While double quotes (`”`) are HTML-encoded, the attacker can…
Vulnerability Type: DOM-based Cross-Site Scripting (XSS) Attack Vector The vulnerable application uses jQuery to dynamically process the URL fragment identifier (`#`) and injects it unsafely into the DOM. By exploiting the `hashchange` event, an attacker can trigger malicious JavaScript execution…
Vulnerability Type: DOM-based Cross-Site Scripting (XSS) Attack Vector The vulnerable application dynamically sets the `href` attribute of an anchor (`<a>`) tag using untrusted input from `location.search` (URL parameters) without proper sanitization. By injecting a `javascript:`pseudo-protocol payload, an attacker can execute…
Vulnerability Type: DOM-based Cross-Site Scripting (XSS) Attack Vector The vulnerable application dynamically injects user-controlled input from `location.search` (URL parameters) into the DOM using the `innerHTML` property, without proper sanitization. This allows an attacker to inject arbitrary HTML/JavaScript, leading to script…
