├── API testing ├── Exploiting a mass assignment vulnerability │ └── README.md ├── Exploiting an API endpoint using documentation │ └── README.md ├── Exploiting server-side parameter pollution in a query string │ └── README.md └── Finding and exploiting an unused API endpoint │ └── README.md ├── Access Control ├── Insecure direct object references │ └── README.md ├── Method-based access control can be circumvented │ └── README.md ├── Multi-step process with no access control on one step │ └── README.md ├── README.md ├── Referer-based access control │ └── README.md ├── URL-based access control can be circumvented │ └── README.md ├── Unprotected admin functionality with unpredictable URL │ └── README.md ├── Unprotected admin functionality │ └── README.md ├── User ID controlled by request parameter with data leakage in redirect │ └── README.md ├── User ID controlled by request parameter with password disclosure │ └── README.md ├── User ID controlled by request parameter, with unpredictable user IDs │ └── README.md ├── User ID controlled by request parameter │ └── README.md ├── User role can be modified in user profile │ └── README.md └── User role controlled by request parameter │ └── README.md ├── Authentication ├── 2FA broken logic │ └── README.md ├── 2FA bypass using a brute-force attack │ └── README.md ├── 2FA simple bypass │ └── README.md ├── Broken brute-force protection, IP block │ └── README.md ├── Broken brute-force protection, multiple credentials per request │ └── README.md ├── Brute-forcing a stay-logged-in cookie │ └── README.md ├── Offline password cracking │ └── README.md ├── Password brute-force via password change │ └── README.md ├── Password reset broken logic │ └── README.md ├── Password reset poisoning via middleware │ └── README.md ├── README.md ├── Username enumeration via account lock │ └── README.md ├── Username enumeration via different responses │ └── README.md ├── Username enumeration via response timing │ └── README.md └── Username enumeration via subtly different responses │ └── README.md ├── Business logic vulnerabilities ├── Authentication bypass via encryption oracle │ └── README.md ├── Authentication bypass via flawed state machine │ └── README.md ├── Excessive trust in client-side controls │ └── README.md ├── Flawed enforcement of business rules │ └── README.md ├── High-level logic vulnerability │ └── README.md ├── Inconsistent handling of exceptional input │ └── README.md ├── Inconsistent security controls │ └── README.md ├── Infinite money logic flaw │ └── README.md ├── Insufficient workflow validation │ └── README.md ├── Low-level logic flaw │ └── README.md └── Weak isolation on dual-use endpoint │ └── README.md ├── CORS ├── CORS vulnerability with basic origin reflection │ └── README.md ├── CORS vulnerability with internal network pivot attack │ └── README.md ├── CORS vulnerability with trusted insecure protocols │ └── README.md ├── CORS vulnerability with trusted null origin │ └── README.md └── README.md ├── CSRF ├── Bypassing CSRF token validation │ ├── CSRF where token is duplicated in cookie │ │ └── README.md │ ├── CSRF where token is not tied to user session │ │ └── README.md │ ├── CSRF where token is tied to non-session cookie │ │ └── README.md │ ├── CSRF where token validation depends on request method │ │ └── README.md │ ├── CSRF where token validation depends on token being present │ │ └── README.md │ └── README.md ├── Bypassing Referer-based CSRF defenses │ ├── CSRF where Referer validation depends on header being present │ │ └── README.md │ ├── CSRF with broken Referer validation │ │ └── README.md │ └── README.md ├── Bypassing SameSite cookie restrictions │ ├── README.md │ ├── SameSite Lax bypass via method override │ │ └── README.md │ └── SameSite Strict bypass via client-side redirect │ │ └── README.md └── CSRF vulnerability with no defenses │ └── README.md ├── Clickjacking └── Basic clickjacking with CSRF token protection │ └── README.md ├── Command_injection ├── Blind OS command injection with out-of-band data exfiltration │ └── README.md ├── Blind OS command injection with out-of-band data exfiltration[whoami] │ └── README.md ├── Blind OS command injection with output redirection │ └── README.md ├── Blind OS command injection with time delays │ └── README.md ├── OS command injection, simple case │ └── README.md ├── notes.md └── writeup.md ├── Cross Site Scripting ├── Reflected XSS into HTML context with all tags blocked except custom ones │ └── README.md ├── Reflected XSS into HTML context with most tags and attributes blocked │ └── README.md ├── Reflected XSS into HTML context with nothing encoded │ └── README.md └── Stored XSS into HTML context with nothing encoded │ └── README.md ├── DOM-based vulnerabilities ├── DOM-based cookie manipulation │ └── README.md ├── DOM-based open redirection │ └── README.md └── README.md ├── Directory-traversal ├── File path traversal, traversal sequences stripped non-recursively │ └── README.md ├── File path traversal, validation of file extension with null byte bypass │ └── README.md ├── File path traversal, validation of start of path │ └── README.md ├── File_path_traversal,simple_case │ └── README.md ├── File_path_traversal,traversal-sequences_stripped_with_superfluous_URL-decode │ └── README.md └── File_path_traversal,traversal_sequences_blocked_with_absolute_path_bypass │ └── README.md ├── File_Upload ├── Remote code execution via polyglot web shell upload │ └── README.md ├── Remote code execution via web shell upload │ └── README.md ├── Web shell upload via Content-Type restriction bypass │ └── README.md ├── Web shell upload via extension blacklist bypass │ └── README.md ├── Web shell upload via obfuscated file extension │ └── README.md ├── Web shell upload via path traversal │ └── README.md └── Web shell upload via race condition │ └── README.md ├── HTTP Host header attacks ├── Basic password reset poisoning │ └── README.md ├── Host header authentication bypass │ └── README.md ├── Host validation bypass via connection state attack │ └── README.md ├── Routing-based SSRF │ └── README.md └── SSRF via flawed request parsing │ └── README.md ├── Information Disclosure ├── Authentication bypass via information disclosure │ └── README.md ├── Information disclosure in error messages │ └── README.md ├── Information disclosure in version control history │ └── README.md ├── Information disclosure on debug page │ └── README.md ├── README.md └── Source code disclosure via backup files │ └── README.md ├── Insecure Deserialization ├── Arbitrary object injection in PHP │ └── README.md ├── Exploiting Java Deserialization with Apache Commons │ └── README.md ├── Exploiting PHP deserialization with a pre-built gadget chain │ └── README.md ├── Exploiting Ruby deserialization using a documented gadget chain │ └── README.md ├── Modifying serialized data types │ └── README.md ├── Modifying serialized objects │ └── README.md └── Using application functionality to exploit insecure deserialization │ └── README.md ├── JWT ├── JWT authentication bypass via flawed signature verification │ └── README.md ├── JWT authentication bypass via jku header injection │ └── README.md ├── JWT authentication bypass via jwk header injection │ └── README.md ├── JWT authentication bypass via kid header path traversal │ └── README.md ├── JWT authentication bypass via unverified signature │ └── README.md └── JWT authentication bypass via weak signing key │ └── README.md ├── NoSQL injection ├── Detecting NoSQL injection │ └── README.md ├── Exploiting NoSQL injection to extract data │ └── README.md ├── Exploiting NoSQL operator injection to bypass authentication │ └── README.md ├── Exploiting NoSQL operator injection to extract unknown fields │ └── README.md └── README.md ├── Oauth ├── Authentication bypass via OAuth implicit flow │ └── README.md ├── Forced OAuth profile linking │ └── README.md ├── OAuth account hijacking via redirect_uri │ └── README.md ├── SSRF via OpenID dynamic client registration │ └── README.md └── Stealing OAuth access tokens via an open redirect │ └── README.md ├── README.md ├── Race Conditions ├── Bypassing rate limits via race conditions │ └── README.md └── Limit overrun race conditions │ └── README.md ├── SQL_injection ├── Blind_SQL_injection_with_conditional_errors │ └── README.md ├── Blind_SQL_injection_with_conditional_responses │ └── README.md ├── Blind_SQL_injection_with_out-of-band_data_exfiltration │ └── README.md ├── Blind_SQL_injection_with_out-of-band_interaction │ └── README.md ├── Blind_SQL_injection_with_time_delays │ └── README.md ├── Blind_SQL_injection_with_time_delays_and_information_retrieval │ └── README.md ├── README.md ├── SQL injection with filter bypass via XML encoding │ └── README.md ├── SQL_injection_UNION_attack,determining_the_number_of_columns_returned_by_the_query │ └── README.md ├── SQL_injection_UNION_attack,finding_a_column_containing_text │ └── README.md ├── SQL_injection_UNION_attack,retrieving_data_from_other_tables │ └── README.md ├── SQL_injection_UNION_attack,retrieving_multiple_values_in_a_single_column │ └── README.md ├── SQL_injection_attack,listing-the_database_contents_on_non-Oracle_databases │ └── README.md ├── SQL_injection_attack,listing_the_database_contents_on_Oracle │ └── README.md ├── SQL_injection_attack,querying_the_database_type_and_version_on_MySQL_and_Microsoft │ └── README.md ├── SQL_injection_attack,querying_the_database_type_and_version_on_Oracle │ └── README.md ├── SQL_injection_vulnerability_allowing_login_bypass │ └── README.md ├── SQL_injection_vulnerability_in_WHERE _clause_allowing_retrieval_of_hidden_data │ └── README.md └── Visible error-based SQL injection │ └── README.md ├── SSRF ├── Basic SSRF against another back-end system │ └── README.md ├── Basic SSRF against the local server │ └── README.md ├── Blind SSRF with Shellshock exploitation │ └── README.md ├── Blind SSRF with out-of-band detection │ └── README.md ├── README.md ├── SSRF with blacklist-based input filters │ └── README.md ├── SSRF with filter bypass via open redirection vulnerability │ └── README.md └── SSRF with whitelist-based input filter │ └── README.md ├── SSTI ├── Basic server-side template injection (code context) │ └── README.md ├── Basic server-side template injection │ └── README.md ├── README.md ├── Server-side template injection in a sandboxed environment │ └── README.md ├── Server-side template injection in an unknown language with a documented exploit │ └── README.md ├── Server-side template injection using documentation │ └── README.md └── Server-side template injection with information disclosure via user-supplied objects │ └── README.md ├── Web Cache Deception ├── Exploiting cache server normalization for web cache deception │ └── README.md ├── Exploiting origin server normalization for web cache deception │ └── README.md ├── Exploiting path delimiters for web cache deception │ └── README.md └── Exploiting path mapping for web cache deception │ └── README.md ├── WebSockets ├── Cross-site WebSocket hijacking │ └── README.md ├── Manipulating WebSocket messages to exploit vulnerabilities │ └── README.md └── Manipulating the WebSocket handshake to exploit vulnerabilities │ └── README.md └── XXE ├── Blind XXE with out-of-band interaction via XML parameter entities └── README.md ├── Blind XXE with out-of-band interaction └── README.md ├── Exploiting XInclude to retrieve files └── README.md ├── Exploiting XXE to perform SSRF attacks └── README.md ├── Exploiting XXE to retrieve data by repurposing a local DTD └── README.md ├── Exploiting XXE using external entities to retrieve files └── README.md ├── Exploiting XXE via image file upload └── README.md ├── Exploiting blind XXE to exfiltrate data using a malicious external DTD └── README.md └── Exploiting blind XXE to retrieve data via error messages └── README.md /API testing/Exploiting a mass assignment vulnerability/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/API testing/Exploiting a mass assignment vulnerability/README.md -------------------------------------------------------------------------------- /API testing/Exploiting an API endpoint using documentation/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/API testing/Exploiting an API endpoint using documentation/README.md -------------------------------------------------------------------------------- /API testing/Exploiting server-side parameter pollution in a query string/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/API testing/Exploiting server-side parameter pollution in a query string/README.md -------------------------------------------------------------------------------- /API testing/Finding and exploiting an unused API endpoint/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/API testing/Finding and exploiting an unused API endpoint/README.md -------------------------------------------------------------------------------- /Access Control/Insecure direct object references/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Access Control/Insecure direct object references/README.md -------------------------------------------------------------------------------- /Access Control/Method-based access control can be circumvented/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Access Control/Method-based access control can be circumvented/README.md -------------------------------------------------------------------------------- /Access Control/Multi-step process with no access control on one step/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Access Control/Multi-step process with no access control on one step/README.md -------------------------------------------------------------------------------- /Access Control/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Access Control/README.md -------------------------------------------------------------------------------- /Access Control/Referer-based access control/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Access Control/Referer-based access control/README.md -------------------------------------------------------------------------------- /Access Control/URL-based access control can be circumvented/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Access Control/URL-based access control can be circumvented/README.md -------------------------------------------------------------------------------- /Access Control/Unprotected admin functionality with unpredictable URL/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Access Control/Unprotected admin functionality with unpredictable URL/README.md -------------------------------------------------------------------------------- /Access Control/Unprotected admin functionality/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Access Control/Unprotected admin functionality/README.md -------------------------------------------------------------------------------- /Access Control/User ID controlled by request parameter with data leakage in redirect/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Access Control/User ID controlled by request parameter with data leakage in redirect/README.md -------------------------------------------------------------------------------- /Access Control/User ID controlled by request parameter with password disclosure/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Access Control/User ID controlled by request parameter with password disclosure/README.md -------------------------------------------------------------------------------- /Access Control/User ID controlled by request parameter, with unpredictable user IDs/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Access Control/User ID controlled by request parameter, with unpredictable user IDs/README.md -------------------------------------------------------------------------------- /Access Control/User ID controlled by request parameter/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Access Control/User ID controlled by request parameter/README.md -------------------------------------------------------------------------------- /Access Control/User role can be modified in user profile/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Access Control/User role can be modified in user profile/README.md -------------------------------------------------------------------------------- /Access Control/User role controlled by request parameter/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Access Control/User role controlled by request parameter/README.md -------------------------------------------------------------------------------- /Authentication/2FA broken logic/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Authentication/2FA broken logic/README.md -------------------------------------------------------------------------------- /Authentication/2FA bypass using a brute-force attack/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Authentication/2FA bypass using a brute-force attack/README.md -------------------------------------------------------------------------------- /Authentication/2FA simple bypass/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Authentication/2FA simple bypass/README.md -------------------------------------------------------------------------------- /Authentication/Broken brute-force protection, IP block/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Authentication/Broken brute-force protection, IP block/README.md -------------------------------------------------------------------------------- /Authentication/Broken brute-force protection, multiple credentials per request/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Authentication/Broken brute-force protection, multiple credentials per request/README.md -------------------------------------------------------------------------------- /Authentication/Brute-forcing a stay-logged-in cookie/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Authentication/Brute-forcing a stay-logged-in cookie/README.md -------------------------------------------------------------------------------- /Authentication/Offline password cracking/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Authentication/Offline password cracking/README.md -------------------------------------------------------------------------------- /Authentication/Password brute-force via password change/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Authentication/Password brute-force via password change/README.md -------------------------------------------------------------------------------- /Authentication/Password reset broken logic/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Authentication/Password reset broken logic/README.md -------------------------------------------------------------------------------- /Authentication/Password reset poisoning via middleware/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Authentication/Password reset poisoning via middleware/README.md -------------------------------------------------------------------------------- /Authentication/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Authentication/README.md -------------------------------------------------------------------------------- /Authentication/Username enumeration via account lock/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Authentication/Username enumeration via account lock/README.md -------------------------------------------------------------------------------- /Authentication/Username enumeration via different responses/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Authentication/Username enumeration via different responses/README.md -------------------------------------------------------------------------------- /Authentication/Username enumeration via response timing/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Authentication/Username enumeration via response timing/README.md -------------------------------------------------------------------------------- /Authentication/Username enumeration via subtly different responses/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Authentication/Username enumeration via subtly different responses/README.md -------------------------------------------------------------------------------- /Business logic vulnerabilities/Authentication bypass via encryption oracle/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Business logic vulnerabilities/Authentication bypass via encryption oracle/README.md -------------------------------------------------------------------------------- /Business logic vulnerabilities/Authentication bypass via flawed state machine/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Business logic vulnerabilities/Authentication bypass via flawed state machine/README.md -------------------------------------------------------------------------------- /Business logic vulnerabilities/Excessive trust in client-side controls/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Business logic vulnerabilities/Excessive trust in client-side controls/README.md -------------------------------------------------------------------------------- /Business logic vulnerabilities/Flawed enforcement of business rules/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Business logic vulnerabilities/Flawed enforcement of business rules/README.md -------------------------------------------------------------------------------- /Business logic vulnerabilities/High-level logic vulnerability/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Business logic vulnerabilities/High-level logic vulnerability/README.md -------------------------------------------------------------------------------- /Business logic vulnerabilities/Inconsistent handling of exceptional input/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Business logic vulnerabilities/Inconsistent handling of exceptional input/README.md -------------------------------------------------------------------------------- /Business logic vulnerabilities/Inconsistent security controls/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Business logic vulnerabilities/Inconsistent security controls/README.md -------------------------------------------------------------------------------- /Business logic vulnerabilities/Infinite money logic flaw/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Business logic vulnerabilities/Infinite money logic flaw/README.md -------------------------------------------------------------------------------- /Business logic vulnerabilities/Insufficient workflow validation/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Business logic vulnerabilities/Insufficient workflow validation/README.md -------------------------------------------------------------------------------- /Business logic vulnerabilities/Low-level logic flaw/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Business logic vulnerabilities/Low-level logic flaw/README.md -------------------------------------------------------------------------------- /Business logic vulnerabilities/Weak isolation on dual-use endpoint/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Business logic vulnerabilities/Weak isolation on dual-use endpoint/README.md -------------------------------------------------------------------------------- /CORS/CORS vulnerability with basic origin reflection/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/CORS/CORS vulnerability with basic origin reflection/README.md -------------------------------------------------------------------------------- /CORS/CORS vulnerability with internal network pivot attack/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/CORS/CORS vulnerability with internal network pivot attack/README.md -------------------------------------------------------------------------------- /CORS/CORS vulnerability with trusted insecure protocols/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/CORS/CORS vulnerability with trusted insecure protocols/README.md -------------------------------------------------------------------------------- /CORS/CORS vulnerability with trusted null origin/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/CORS/CORS vulnerability with trusted null origin/README.md -------------------------------------------------------------------------------- /CORS/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/CORS/README.md -------------------------------------------------------------------------------- /CSRF/Bypassing CSRF token validation/CSRF where token is duplicated in cookie/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/CSRF/Bypassing CSRF token validation/CSRF where token is duplicated in cookie/README.md -------------------------------------------------------------------------------- /CSRF/Bypassing CSRF token validation/CSRF where token is not tied to user session/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/CSRF/Bypassing CSRF token validation/CSRF where token is not tied to user session/README.md -------------------------------------------------------------------------------- /CSRF/Bypassing CSRF token validation/CSRF where token is tied to non-session cookie/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/CSRF/Bypassing CSRF token validation/CSRF where token is tied to non-session cookie/README.md -------------------------------------------------------------------------------- /CSRF/Bypassing CSRF token validation/CSRF where token validation depends on request method/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/CSRF/Bypassing CSRF token validation/CSRF where token validation depends on request method/README.md -------------------------------------------------------------------------------- /CSRF/Bypassing CSRF token validation/CSRF where token validation depends on token being present/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/CSRF/Bypassing CSRF token validation/CSRF where token validation depends on token being present/README.md -------------------------------------------------------------------------------- /CSRF/Bypassing CSRF token validation/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/CSRF/Bypassing CSRF token validation/README.md -------------------------------------------------------------------------------- /CSRF/Bypassing Referer-based CSRF defenses/CSRF where Referer validation depends on header being present/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/CSRF/Bypassing Referer-based CSRF defenses/CSRF where Referer validation depends on header being present/README.md -------------------------------------------------------------------------------- /CSRF/Bypassing Referer-based CSRF defenses/CSRF with broken Referer validation/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/CSRF/Bypassing Referer-based CSRF defenses/CSRF with broken Referer validation/README.md -------------------------------------------------------------------------------- /CSRF/Bypassing Referer-based CSRF defenses/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/CSRF/Bypassing Referer-based CSRF defenses/README.md -------------------------------------------------------------------------------- /CSRF/Bypassing SameSite cookie restrictions/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/CSRF/Bypassing SameSite cookie restrictions/README.md -------------------------------------------------------------------------------- /CSRF/Bypassing SameSite cookie restrictions/SameSite Lax bypass via method override/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/CSRF/Bypassing SameSite cookie restrictions/SameSite Lax bypass via method override/README.md -------------------------------------------------------------------------------- /CSRF/Bypassing SameSite cookie restrictions/SameSite Strict bypass via client-side redirect/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/CSRF/Bypassing SameSite cookie restrictions/SameSite Strict bypass via client-side redirect/README.md -------------------------------------------------------------------------------- /CSRF/CSRF vulnerability with no defenses/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/CSRF/CSRF vulnerability with no defenses/README.md -------------------------------------------------------------------------------- /Clickjacking/Basic clickjacking with CSRF token protection/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Clickjacking/Basic clickjacking with CSRF token protection/README.md -------------------------------------------------------------------------------- /Command_injection/Blind OS command injection with out-of-band data exfiltration/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Command_injection/Blind OS command injection with out-of-band data exfiltration/README.md -------------------------------------------------------------------------------- /Command_injection/Blind OS command injection with out-of-band data exfiltration[whoami]/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Command_injection/Blind OS command injection with out-of-band data exfiltration[whoami]/README.md -------------------------------------------------------------------------------- /Command_injection/Blind OS command injection with output redirection/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Command_injection/Blind OS command injection with output redirection/README.md -------------------------------------------------------------------------------- /Command_injection/Blind OS command injection with time delays/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Command_injection/Blind OS command injection with time delays/README.md -------------------------------------------------------------------------------- /Command_injection/OS command injection, simple case/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Command_injection/OS command injection, simple case/README.md -------------------------------------------------------------------------------- /Command_injection/notes.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Command_injection/notes.md -------------------------------------------------------------------------------- /Command_injection/writeup.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Command_injection/writeup.md -------------------------------------------------------------------------------- /Cross Site Scripting/Reflected XSS into HTML context with all tags blocked except custom ones/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Cross Site Scripting/Reflected XSS into HTML context with all tags blocked except custom ones/README.md -------------------------------------------------------------------------------- /Cross Site Scripting/Reflected XSS into HTML context with most tags and attributes blocked/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Cross Site Scripting/Reflected XSS into HTML context with most tags and attributes blocked/README.md -------------------------------------------------------------------------------- /Cross Site Scripting/Reflected XSS into HTML context with nothing encoded/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Cross Site Scripting/Reflected XSS into HTML context with nothing encoded/README.md -------------------------------------------------------------------------------- /Cross Site Scripting/Stored XSS into HTML context with nothing encoded/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Cross Site Scripting/Stored XSS into HTML context with nothing encoded/README.md -------------------------------------------------------------------------------- /DOM-based vulnerabilities/ DOM-based cookie manipulation/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/DOM-based vulnerabilities/ DOM-based cookie manipulation/README.md -------------------------------------------------------------------------------- /DOM-based vulnerabilities/DOM-based open redirection/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/DOM-based vulnerabilities/DOM-based open redirection/README.md -------------------------------------------------------------------------------- /DOM-based vulnerabilities/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/DOM-based vulnerabilities/README.md -------------------------------------------------------------------------------- /Directory-traversal/File path traversal, traversal sequences stripped non-recursively/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Directory-traversal/File path traversal, traversal sequences stripped non-recursively/README.md -------------------------------------------------------------------------------- /Directory-traversal/File path traversal, validation of file extension with null byte bypass/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Directory-traversal/File path traversal, validation of file extension with null byte bypass/README.md -------------------------------------------------------------------------------- /Directory-traversal/File path traversal, validation of start of path/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Directory-traversal/File path traversal, validation of start of path/README.md -------------------------------------------------------------------------------- /Directory-traversal/File_path_traversal,simple_case/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Directory-traversal/File_path_traversal,simple_case/README.md -------------------------------------------------------------------------------- /Directory-traversal/File_path_traversal,traversal-sequences_stripped_with_superfluous_URL-decode/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Directory-traversal/File_path_traversal,traversal-sequences_stripped_with_superfluous_URL-decode/README.md -------------------------------------------------------------------------------- /Directory-traversal/File_path_traversal,traversal_sequences_blocked_with_absolute_path_bypass/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Directory-traversal/File_path_traversal,traversal_sequences_blocked_with_absolute_path_bypass/README.md -------------------------------------------------------------------------------- /File_Upload/Remote code execution via polyglot web shell upload/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/File_Upload/Remote code execution via polyglot web shell upload/README.md -------------------------------------------------------------------------------- /File_Upload/Remote code execution via web shell upload/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/File_Upload/Remote code execution via web shell upload/README.md -------------------------------------------------------------------------------- /File_Upload/Web shell upload via Content-Type restriction bypass/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/File_Upload/Web shell upload via Content-Type restriction bypass/README.md -------------------------------------------------------------------------------- /File_Upload/Web shell upload via extension blacklist bypass/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/File_Upload/Web shell upload via extension blacklist bypass/README.md -------------------------------------------------------------------------------- /File_Upload/Web shell upload via obfuscated file extension/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/File_Upload/Web shell upload via obfuscated file extension/README.md -------------------------------------------------------------------------------- /File_Upload/Web shell upload via path traversal/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/File_Upload/Web shell upload via path traversal/README.md -------------------------------------------------------------------------------- /File_Upload/Web shell upload via race condition/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/File_Upload/Web shell upload via race condition/README.md -------------------------------------------------------------------------------- /HTTP Host header attacks/Basic password reset poisoning/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/HTTP Host header attacks/Basic password reset poisoning/README.md -------------------------------------------------------------------------------- /HTTP Host header attacks/Host header authentication bypass/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/HTTP Host header attacks/Host header authentication bypass/README.md -------------------------------------------------------------------------------- /HTTP Host header attacks/Host validation bypass via connection state attack/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/HTTP Host header attacks/Host validation bypass via connection state attack/README.md -------------------------------------------------------------------------------- /HTTP Host header attacks/Routing-based SSRF/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/HTTP Host header attacks/Routing-based SSRF/README.md -------------------------------------------------------------------------------- /HTTP Host header attacks/SSRF via flawed request parsing/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/HTTP Host header attacks/SSRF via flawed request parsing/README.md -------------------------------------------------------------------------------- /Information Disclosure/Authentication bypass via information disclosure/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Information Disclosure/Authentication bypass via information disclosure/README.md -------------------------------------------------------------------------------- /Information Disclosure/Information disclosure in error messages/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Information Disclosure/Information disclosure in error messages/README.md -------------------------------------------------------------------------------- /Information Disclosure/Information disclosure in version control history/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Information Disclosure/Information disclosure in version control history/README.md -------------------------------------------------------------------------------- /Information Disclosure/Information disclosure on debug page/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Information Disclosure/Information disclosure on debug page/README.md -------------------------------------------------------------------------------- /Information Disclosure/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Information Disclosure/README.md -------------------------------------------------------------------------------- /Information Disclosure/Source code disclosure via backup files/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Information Disclosure/Source code disclosure via backup files/README.md -------------------------------------------------------------------------------- /Insecure Deserialization/Arbitrary object injection in PHP/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Insecure Deserialization/Arbitrary object injection in PHP/README.md -------------------------------------------------------------------------------- /Insecure Deserialization/Exploiting Java Deserialization with Apache Commons/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Insecure Deserialization/Exploiting Java Deserialization with Apache Commons/README.md -------------------------------------------------------------------------------- /Insecure Deserialization/Exploiting PHP deserialization with a pre-built gadget chain/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Insecure Deserialization/Exploiting PHP deserialization with a pre-built gadget chain/README.md -------------------------------------------------------------------------------- /Insecure Deserialization/Exploiting Ruby deserialization using a documented gadget chain/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Insecure Deserialization/Exploiting Ruby deserialization using a documented gadget chain/README.md -------------------------------------------------------------------------------- /Insecure Deserialization/Modifying serialized data types/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Insecure Deserialization/Modifying serialized data types/README.md -------------------------------------------------------------------------------- /Insecure Deserialization/Modifying serialized objects/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Insecure Deserialization/Modifying serialized objects/README.md -------------------------------------------------------------------------------- /Insecure Deserialization/Using application functionality to exploit insecure deserialization/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Insecure Deserialization/Using application functionality to exploit insecure deserialization/README.md -------------------------------------------------------------------------------- /JWT/JWT authentication bypass via flawed signature verification/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/JWT/JWT authentication bypass via flawed signature verification/README.md -------------------------------------------------------------------------------- /JWT/JWT authentication bypass via jku header injection/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/JWT/JWT authentication bypass via jku header injection/README.md -------------------------------------------------------------------------------- /JWT/JWT authentication bypass via jwk header injection/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/JWT/JWT authentication bypass via jwk header injection/README.md -------------------------------------------------------------------------------- /JWT/JWT authentication bypass via kid header path traversal/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/JWT/JWT authentication bypass via kid header path traversal/README.md -------------------------------------------------------------------------------- /JWT/JWT authentication bypass via unverified signature/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/JWT/JWT authentication bypass via unverified signature/README.md -------------------------------------------------------------------------------- /JWT/JWT authentication bypass via weak signing key/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/JWT/JWT authentication bypass via weak signing key/README.md -------------------------------------------------------------------------------- /NoSQL injection/Detecting NoSQL injection/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/NoSQL injection/Detecting NoSQL injection/README.md -------------------------------------------------------------------------------- /NoSQL injection/Exploiting NoSQL injection to extract data/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/NoSQL injection/Exploiting NoSQL injection to extract data/README.md -------------------------------------------------------------------------------- /NoSQL injection/Exploiting NoSQL operator injection to bypass authentication/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/NoSQL injection/Exploiting NoSQL operator injection to bypass authentication/README.md -------------------------------------------------------------------------------- /NoSQL injection/Exploiting NoSQL operator injection to extract unknown fields/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/NoSQL injection/Exploiting NoSQL operator injection to extract unknown fields/README.md -------------------------------------------------------------------------------- /NoSQL injection/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/NoSQL injection/README.md -------------------------------------------------------------------------------- /Oauth/Authentication bypass via OAuth implicit flow/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Oauth/Authentication bypass via OAuth implicit flow/README.md -------------------------------------------------------------------------------- /Oauth/Forced OAuth profile linking/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Oauth/Forced OAuth profile linking/README.md -------------------------------------------------------------------------------- /Oauth/OAuth account hijacking via redirect_uri/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Oauth/OAuth account hijacking via redirect_uri/README.md -------------------------------------------------------------------------------- /Oauth/SSRF via OpenID dynamic client registration/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Oauth/SSRF via OpenID dynamic client registration/README.md -------------------------------------------------------------------------------- /Oauth/Stealing OAuth access tokens via an open redirect/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Oauth/Stealing OAuth access tokens via an open redirect/README.md -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/README.md -------------------------------------------------------------------------------- /Race Conditions/Bypassing rate limits via race conditions/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Race Conditions/Bypassing rate limits via race conditions/README.md -------------------------------------------------------------------------------- /Race Conditions/Limit overrun race conditions/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Race Conditions/Limit overrun race conditions/README.md -------------------------------------------------------------------------------- /SQL_injection/Blind_SQL_injection_with_conditional_errors/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/SQL_injection/Blind_SQL_injection_with_conditional_errors/README.md -------------------------------------------------------------------------------- /SQL_injection/Blind_SQL_injection_with_conditional_responses/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/SQL_injection/Blind_SQL_injection_with_conditional_responses/README.md -------------------------------------------------------------------------------- /SQL_injection/Blind_SQL_injection_with_out-of-band_data_exfiltration/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/SQL_injection/Blind_SQL_injection_with_out-of-band_data_exfiltration/README.md -------------------------------------------------------------------------------- /SQL_injection/Blind_SQL_injection_with_out-of-band_interaction/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/SQL_injection/Blind_SQL_injection_with_out-of-band_interaction/README.md -------------------------------------------------------------------------------- /SQL_injection/Blind_SQL_injection_with_time_delays/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/SQL_injection/Blind_SQL_injection_with_time_delays/README.md -------------------------------------------------------------------------------- /SQL_injection/Blind_SQL_injection_with_time_delays_and_information_retrieval/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/SQL_injection/Blind_SQL_injection_with_time_delays_and_information_retrieval/README.md -------------------------------------------------------------------------------- /SQL_injection/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/SQL_injection/README.md -------------------------------------------------------------------------------- /SQL_injection/SQL injection with filter bypass via XML encoding/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/SQL_injection/SQL injection with filter bypass via XML encoding/README.md -------------------------------------------------------------------------------- /SQL_injection/SQL_injection_UNION_attack,determining_the_number_of_columns_returned_by_the_query/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/SQL_injection/SQL_injection_UNION_attack,determining_the_number_of_columns_returned_by_the_query/README.md -------------------------------------------------------------------------------- /SQL_injection/SQL_injection_UNION_attack,finding_a_column_containing_text/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/SQL_injection/SQL_injection_UNION_attack,finding_a_column_containing_text/README.md -------------------------------------------------------------------------------- /SQL_injection/SQL_injection_UNION_attack,retrieving_data_from_other_tables/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/SQL_injection/SQL_injection_UNION_attack,retrieving_data_from_other_tables/README.md -------------------------------------------------------------------------------- /SQL_injection/SQL_injection_UNION_attack,retrieving_multiple_values_in_a_single_column/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/SQL_injection/SQL_injection_UNION_attack,retrieving_multiple_values_in_a_single_column/README.md -------------------------------------------------------------------------------- /SQL_injection/SQL_injection_attack,listing-the_database_contents_on_non-Oracle_databases/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/SQL_injection/SQL_injection_attack,listing-the_database_contents_on_non-Oracle_databases/README.md -------------------------------------------------------------------------------- /SQL_injection/SQL_injection_attack,listing_the_database_contents_on_Oracle/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/SQL_injection/SQL_injection_attack,listing_the_database_contents_on_Oracle/README.md -------------------------------------------------------------------------------- /SQL_injection/SQL_injection_attack,querying_the_database_type_and_version_on_MySQL_and_Microsoft/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/SQL_injection/SQL_injection_attack,querying_the_database_type_and_version_on_MySQL_and_Microsoft/README.md -------------------------------------------------------------------------------- /SQL_injection/SQL_injection_attack,querying_the_database_type_and_version_on_Oracle/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/SQL_injection/SQL_injection_attack,querying_the_database_type_and_version_on_Oracle/README.md -------------------------------------------------------------------------------- /SQL_injection/SQL_injection_vulnerability_allowing_login_bypass/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/SQL_injection/SQL_injection_vulnerability_allowing_login_bypass/README.md -------------------------------------------------------------------------------- /SQL_injection/SQL_injection_vulnerability_in_WHERE _clause_allowing_retrieval_of_hidden_data/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/SQL_injection/SQL_injection_vulnerability_in_WHERE _clause_allowing_retrieval_of_hidden_data/README.md -------------------------------------------------------------------------------- /SQL_injection/Visible error-based SQL injection/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/SQL_injection/Visible error-based SQL injection/README.md -------------------------------------------------------------------------------- /SSRF/Basic SSRF against another back-end system/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/SSRF/Basic SSRF against another back-end system/README.md -------------------------------------------------------------------------------- /SSRF/Basic SSRF against the local server/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/SSRF/Basic SSRF against the local server/README.md -------------------------------------------------------------------------------- /SSRF/Blind SSRF with Shellshock exploitation/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/SSRF/Blind SSRF with Shellshock exploitation/README.md -------------------------------------------------------------------------------- /SSRF/Blind SSRF with out-of-band detection/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/SSRF/Blind SSRF with out-of-band detection/README.md -------------------------------------------------------------------------------- /SSRF/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/SSRF/README.md -------------------------------------------------------------------------------- /SSRF/SSRF with blacklist-based input filters/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/SSRF/SSRF with blacklist-based input filters/README.md -------------------------------------------------------------------------------- /SSRF/SSRF with filter bypass via open redirection vulnerability/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/SSRF/SSRF with filter bypass via open redirection vulnerability/README.md -------------------------------------------------------------------------------- /SSRF/SSRF with whitelist-based input filter/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/SSRF/SSRF with whitelist-based input filter/README.md -------------------------------------------------------------------------------- /SSTI/Basic server-side template injection (code context)/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/SSTI/Basic server-side template injection (code context)/README.md -------------------------------------------------------------------------------- /SSTI/Basic server-side template injection/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/SSTI/Basic server-side template injection/README.md -------------------------------------------------------------------------------- /SSTI/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/SSTI/README.md -------------------------------------------------------------------------------- /SSTI/Server-side template injection in a sandboxed environment/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/SSTI/Server-side template injection in a sandboxed environment/README.md -------------------------------------------------------------------------------- /SSTI/Server-side template injection in an unknown language with a documented exploit/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/SSTI/Server-side template injection in an unknown language with a documented exploit/README.md -------------------------------------------------------------------------------- /SSTI/Server-side template injection using documentation/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/SSTI/Server-side template injection using documentation/README.md -------------------------------------------------------------------------------- /SSTI/Server-side template injection with information disclosure via user-supplied objects/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/SSTI/Server-side template injection with information disclosure via user-supplied objects/README.md -------------------------------------------------------------------------------- /Web Cache Deception/Exploiting cache server normalization for web cache deception/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Web Cache Deception/Exploiting cache server normalization for web cache deception/README.md -------------------------------------------------------------------------------- /Web Cache Deception/Exploiting origin server normalization for web cache deception/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Web Cache Deception/Exploiting origin server normalization for web cache deception/README.md -------------------------------------------------------------------------------- /Web Cache Deception/Exploiting path delimiters for web cache deception/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Web Cache Deception/Exploiting path delimiters for web cache deception/README.md -------------------------------------------------------------------------------- /Web Cache Deception/Exploiting path mapping for web cache deception/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/Web Cache Deception/Exploiting path mapping for web cache deception/README.md -------------------------------------------------------------------------------- /WebSockets/Cross-site WebSocket hijacking/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/WebSockets/Cross-site WebSocket hijacking/README.md -------------------------------------------------------------------------------- /WebSockets/Manipulating WebSocket messages to exploit vulnerabilities/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/WebSockets/Manipulating WebSocket messages to exploit vulnerabilities/README.md -------------------------------------------------------------------------------- /WebSockets/Manipulating the WebSocket handshake to exploit vulnerabilities/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/WebSockets/Manipulating the WebSocket handshake to exploit vulnerabilities/README.md -------------------------------------------------------------------------------- /XXE/Blind XXE with out-of-band interaction via XML parameter entities/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/XXE/Blind XXE with out-of-band interaction via XML parameter entities/README.md -------------------------------------------------------------------------------- /XXE/Blind XXE with out-of-band interaction/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/XXE/Blind XXE with out-of-band interaction/README.md -------------------------------------------------------------------------------- /XXE/Exploiting XInclude to retrieve files/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/XXE/Exploiting XInclude to retrieve files/README.md -------------------------------------------------------------------------------- /XXE/Exploiting XXE to perform SSRF attacks/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/XXE/Exploiting XXE to perform SSRF attacks/README.md -------------------------------------------------------------------------------- /XXE/Exploiting XXE to retrieve data by repurposing a local DTD/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/XXE/Exploiting XXE to retrieve data by repurposing a local DTD/README.md -------------------------------------------------------------------------------- /XXE/Exploiting XXE using external entities to retrieve files/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/XXE/Exploiting XXE using external entities to retrieve files/README.md -------------------------------------------------------------------------------- /XXE/Exploiting XXE via image file upload/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/XXE/Exploiting XXE via image file upload/README.md -------------------------------------------------------------------------------- /XXE/Exploiting blind XXE to exfiltrate data using a malicious external DTD/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/XXE/Exploiting blind XXE to exfiltrate data using a malicious external DTD/README.md -------------------------------------------------------------------------------- /XXE/Exploiting blind XXE to retrieve data via error messages/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sh3bu/Portswigger_labs/HEAD/XXE/Exploiting blind XXE to retrieve data via error messages/README.md --------------------------------------------------------------------------------