Skip to content
/ PortSwigger-LAB Public

A compendium of fundamental exploitation techniques from the PortSwigger Academy. Completed by members of the NTUT_is1ab team.

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

is1ab-web/PortSwigger-LAB

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

14 Commits
README.md
README.md
Β 
Β 
[483] About SSRF.md
[483] About SSRF.md
Β 
Β 
[Kkoebi] API write up.md
[Kkoebi] API write up.md
Β 
Β 
[Kkoebi] Web LLM attacks.md
[Kkoebi] Web LLM attacks.md
Β 
Β 

Repository files navigation

PortSwigger-LAB

πŸ”Ž Index

SQL injection

πŸ“‚ Labs

SQL injection vulnerability in WHERE clause allowing retrieval of hidden data -> write up

SQL injection vulnerability in WHERE clause allowing retrieval of hidden data -> write up

SQL SQL injection attack, querying the database type and version on Oracle -> write up

SQL injection attack, querying the database type and version on MySQL and Microsoft -> write up

SQL injection attack, listing the database contents on non-Oracle databases -> write up

SQL injection attack, listing the database contents on Oracle -> write up

SQL injection UNION attack, determining the number of columns returned by the query -> write up

SQL injection UNION attack, finding a column containing text -> write up

SQL injection UNION attack, retrieving data from other tables -> write up

SQL injection UNION attack, retrieving multiple values in a single column -> write up

Blind SQL injection with conditional responses -> write up

Blind SQL injection with conditional errors -> write up

Visible error-based SQL injection -> write up

Blind SQL injection with time delays -> write up

Blind SQL injection with time delays and information retrieval -> write up

Blind SQL injection with out-of-band interaction -> write up

Blind SQL injection with out-of-band data exfiltration -> write up

SQL injection with filter bypass via XML encoding-> write up

Cross-site scripting

πŸ“‚ Labs

Cross-site scripting Lab1 -> write up

Cross-site scripting Lab2 -> write up

Cross-site scripting Lab3 -> write up

Cross-site scripting Lab4 -> write up

Cross-site scripting Lab5 -> write up

Cross-site scripting Lab6 -> write up

Cross-site scripting Lab7 -> write up

Cross-site scripting Lab8 -> write up

Cross-site scripting Lab9 -> write up

Cross-site scripting Lab10 -> write up

Cross-site scripting Lab11 -> write up

Cross-site scripting Lab12 -> write up

Cross-site scripting Lab13 -> write up

Cross-site scripting Lab14 -> write up

Cross-site scripting Lab15 -> write up

Cross-site scripting Lab16 -> write up

Cross-site scripting Lab17 -> write up

Cross-site scripting Lab18 -> write up

Cross-site scripting Lab19 -> write up

Cross-site scripting Lab20 -> write up

Cross-site scripting Lab21 -> write up

Cross-site scripting Lab22 -> write up

Cross-site scripting Lab23 -> write up

Cross-site scripting Lab24 -> write up

Cross-site scripting Lab25 -> write up

Cross-site scripting Lab26 -> write up

Cross-site scripting Lab27 -> write up

Cross-site scripting Lab28 -> write up

Cross-site scripting Lab29 -> write up

Cross-site scripting Lab30 -> write up

CSRF

πŸ“‚ Labs

Web CSRF Lab1 -> write up

Web CSRF Lab2 -> write up

Web CSRF Lab3 -> write up

Web CSRFLab4 -> write up

Clickjacking

πŸ“‚ Labs

Clickjacking Lab1 -> write up

Clickjacking Lab2 -> write up

Clickjacking Lab3 -> write up

Clickjacking Lab4 -> write up

Clickjacking Lab5 -> write up

DOM-based vulnerabilities

πŸ“‚ Labs

DOM-based vulnerabilities Lab1 -> write up

DOM-based vulnerabilities Lab2 -> write up

DOM-based vulnerabilities Lab3 -> write up

DOM-based vulnerabilities Lab4 -> write up

DOM-based vulnerabilities Lab5 -> write up

DOM-based vulnerabilities Lab6-> write up

DOM-based vulnerabilities Lab7 -> write up

CORS

πŸ“‚ Labs

CORS Lab1 -> write up

CORS Lab2 -> write up

CORS Lab3 -> write up

XML external entity (XXE) injection

πŸ“‚ Labs

XXE Lab1 -> write up

XXE Lab2 -> write up

XXE Lab3 -> write up

XXE Lab4 -> write up

XXE Lab5 -> write up

XXE Lab6 -> write up

XXE Lab7 -> write up

XXE Lab8 -> write up

XXE Lab9 -> write up

SSRF

πŸ“‚ Labs

SSRF Lab1 -> write up

SSRF Lab2 -> write up

SSRF Lab3 -> write up

SSRF Lab4 -> write up

SSRF Lab5 -> write up

SSRF Lab6 -> write up

SSRF Lab7 -> write up

HTTP request smuggling

πŸ“‚ Labs

HTTP request smuggling Lab1 -> write up

HTTP request smuggling Lab2 -> write up

HTTP request smuggling Lab3 -> write up

HTTP request smuggling Lab4 -> write up

HTTP request smuggling Lab5 -> write up

HTTP request smuggling Lab6 -> write up

HTTP request smuggling Lab7 -> write up

HTTP request smuggling Lab8 -> write up

HTTP request smuggling Lab9 -> write up

HTTP request smuggling Lab10 -> write up

HTTP request smuggling Lab11 -> write up

OS command injection

πŸ“‚ Labs

OS command injection Lab1 -> write up

OS command injection Lab2 -> write up

OS command injection Lab3 -> write up

OS command injection Lab4 -> write up

OS command injection Lab -> write up

Server-side template injection

πŸ“‚ Labs

Server-side template injection Lab1 -> write up

Server-side template injection Lab2 -> write up

Server-side template injection Lab3 -> write up

Server-side template injection Lab4 -> write up

Server-side template injection Lab5 -> write up

Server-side template injection Lab6 -> write up

Server-side template injection Lab7 -> write up

File path traversal

πŸ“‚ Labs

File path traversal Lab -> write up

File path traversal Lab2 -> write up

File path traversal Lab3 -> write up

File path traversal Lab4 -> write up

File path traversal Lab5 -> write up

File path traversal Lab6 -> write up

Access control vulnerabilities

πŸ“‚ Labs

Access control vulnerabilities Lab1 -> write up

Access control vulnerabilities Lab2 -> write up

Access control vulnerabilities Lab3 -> write up

Access control vulnerabilities Lab4 -> write up

Access control vulnerabilities Lab5 -> write up

Access control vulnerabilities Lab6 -> write up

Access control vulnerabilities Lab7 -> write up

Access control vulnerabilities Lab8 -> write up

Access control vulnerabilities Lab9 -> write up

Access control vulnerabilities Lab10 -> write up

Access control vulnerabilities Lab11 -> write up

Access control vulnerabilities Lab12 -> write up

Authentication vulnerabilities

πŸ“‚ Labs

Authentication vulnerabilities Lab1 -> write up

Authentication vulnerabilities Lab2 -> write up

Authentication vulnerabilities Lab3 -> write up

Authentication vulnerabilities Lab4 -> write up

Authentication vulnerabilities Lab5 -> write up

Authentication vulnerabilities Lab6 -> write up

Authentication vulnerabilities Lab7 -> write up

Authentication vulnerabilities Lab8 -> write up

Authentication vulnerabilities Lab9 -> write up

Authentication vulnerabilities Lab10 -> write up

Authentication vulnerabilities Lab11 -> write up

Authentication vulnerabilities Lab12 -> write up

Authentication vulnerabilities Lab13 -> write up

Authentication vulnerabilities Lab14 -> write up

WebSockets vulnerabilities

πŸ“‚ Labs

WebSockets vulnerabilities Lab1 -> write up

WebSockets vulnerabilities Lab2 -> write up

WebSockets vulnerabilities Lab3 -> write up

Insecure deserialization

πŸ“‚ Labs

Insecure deserialization Lab1 -> write up

Insecure deserialization Lab2 -> write up

Insecure deserialization Lab3 -> write up

Insecure deserialization Lab4 -> write up

Insecure deserialization Lab5 -> write up

Insecure deserialization Lab6 -> write up

Insecure deserialization Lab7 -> write up

Insecure deserialization Lab8 -> write up

Insecure deserialization Lab9 -> write up

Insecure deserialization Lab10 -> write up

Information disclosure

πŸ“‚ Labs

Information disclosure Lab1 -> write up

Information disclosure Lab2 -> write up

Information disclosure Lab3 -> write up

Information disclosure Lab4 -> write up

Information disclosure Lab5 -> write up

Business logic vulnerabilities

πŸ“‚ Labs

Business logic vulnerabilities Lab1 -> write up

Business logic vulnerabilities Lab2 -> write up

Business logic vulnerabilities Lab3 -> write up

Business logic vulnerabilities Lab4 -> write up

Business logic vulnerabilities Lab5 -> write up

Business logic vulnerabilities Lab6 -> write up

Business logic vulnerabilities Lab7 -> write up

Business logic vulnerabilities Lab8 -> write up

Business logic vulnerabilities Lab9 -> write up

Business logic vulnerabilities Lab10 -> write up

Business logic vulnerabilities Lab11 -> write up

JWT

πŸ“‚ Labs

JWT Lab1 -> write up

JWT Lab2 -> write up

NoSQL injection

πŸ“‚ Labs

NoSQL injection Lab1 -> write up

NoSQL injection Lab2 -> write up

NoSQL injection Lab3 -> write up

NoSQL injection Lab4 -> write up

API

πŸ“‚ Labs

API Lab1 -> write up

API Lab2 -> write up

API Lab3 -> write up

API Lab4 -> write up

Web LLM

πŸ“‚ Labs

Web LLM Lab1 -> write up

Web LLM Lab2 -> write up

Web LLM Lab3 -> write up

Web LLM La4 -> write up

About

A compendium of fundamental exploitation techniques from the PortSwigger Academy. Completed by members of the NTUT_is1ab team.

Resources

Readme
Activity
Custom properties

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Contributors 3

  •  
  •  
  •