├── README.md ├── access-control └── README.md ├── authentication ├── README.md ├── passwords.txt └── usernames.txt ├── business-logic └── README.md ├── clickjacking ├── README.md └── exploits │ ├── base.html │ ├── csrf_token_protection.html │ ├── dom_based_xss.html │ ├── frame_buster_script.html │ ├── input_data_prefilled.html │ └── multistep.html ├── cors └── README.md ├── csrf └── README.md ├── directory-traversal └── README.md ├── dom-based └── README.md ├── file-upload-vulnerabilities ├── README.md └── exploits │ ├── dont-panic.jpg │ ├── file_get_contents.php │ └── polyglot.php ├── http-host-header └── README.md ├── http-request-smuggling ├── README.md ├── TIPS.md ├── countchar.py └── request.txt ├── information-disclosure └── README.md ├── oauth-authentication └── README.md ├── os-command-injection └── README.md ├── server-side-template-injection ├── README.md └── TIPS.md ├── sql-injection ├── README.md └── cheatsheet.md ├── ssrf └── README.md ├── web-cache-poisoning ├── README.md └── TIPS.md ├── websockets └── README.md ├── xss ├── README.md └── portswigger-cheatsheet.txt └── xxe ├── PAYLOADS.md └── README.md /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thelicato/portswigger-labs/HEAD/README.md -------------------------------------------------------------------------------- /access-control/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thelicato/portswigger-labs/HEAD/access-control/README.md -------------------------------------------------------------------------------- /authentication/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thelicato/portswigger-labs/HEAD/authentication/README.md -------------------------------------------------------------------------------- /authentication/passwords.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thelicato/portswigger-labs/HEAD/authentication/passwords.txt -------------------------------------------------------------------------------- /authentication/usernames.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thelicato/portswigger-labs/HEAD/authentication/usernames.txt -------------------------------------------------------------------------------- /business-logic/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thelicato/portswigger-labs/HEAD/business-logic/README.md -------------------------------------------------------------------------------- /clickjacking/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thelicato/portswigger-labs/HEAD/clickjacking/README.md -------------------------------------------------------------------------------- /clickjacking/exploits/base.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thelicato/portswigger-labs/HEAD/clickjacking/exploits/base.html -------------------------------------------------------------------------------- /clickjacking/exploits/csrf_token_protection.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thelicato/portswigger-labs/HEAD/clickjacking/exploits/csrf_token_protection.html -------------------------------------------------------------------------------- /clickjacking/exploits/dom_based_xss.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thelicato/portswigger-labs/HEAD/clickjacking/exploits/dom_based_xss.html -------------------------------------------------------------------------------- /clickjacking/exploits/frame_buster_script.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thelicato/portswigger-labs/HEAD/clickjacking/exploits/frame_buster_script.html -------------------------------------------------------------------------------- /clickjacking/exploits/input_data_prefilled.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thelicato/portswigger-labs/HEAD/clickjacking/exploits/input_data_prefilled.html -------------------------------------------------------------------------------- /clickjacking/exploits/multistep.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thelicato/portswigger-labs/HEAD/clickjacking/exploits/multistep.html -------------------------------------------------------------------------------- /cors/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thelicato/portswigger-labs/HEAD/cors/README.md -------------------------------------------------------------------------------- /csrf/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thelicato/portswigger-labs/HEAD/csrf/README.md -------------------------------------------------------------------------------- /directory-traversal/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thelicato/portswigger-labs/HEAD/directory-traversal/README.md -------------------------------------------------------------------------------- /dom-based/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thelicato/portswigger-labs/HEAD/dom-based/README.md -------------------------------------------------------------------------------- /file-upload-vulnerabilities/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thelicato/portswigger-labs/HEAD/file-upload-vulnerabilities/README.md -------------------------------------------------------------------------------- /file-upload-vulnerabilities/exploits/dont-panic.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thelicato/portswigger-labs/HEAD/file-upload-vulnerabilities/exploits/dont-panic.jpg -------------------------------------------------------------------------------- /file-upload-vulnerabilities/exploits/file_get_contents.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /file-upload-vulnerabilities/exploits/polyglot.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thelicato/portswigger-labs/HEAD/file-upload-vulnerabilities/exploits/polyglot.php -------------------------------------------------------------------------------- /http-host-header/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thelicato/portswigger-labs/HEAD/http-host-header/README.md -------------------------------------------------------------------------------- /http-request-smuggling/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thelicato/portswigger-labs/HEAD/http-request-smuggling/README.md -------------------------------------------------------------------------------- /http-request-smuggling/TIPS.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thelicato/portswigger-labs/HEAD/http-request-smuggling/TIPS.md -------------------------------------------------------------------------------- /http-request-smuggling/countchar.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thelicato/portswigger-labs/HEAD/http-request-smuggling/countchar.py -------------------------------------------------------------------------------- /http-request-smuggling/request.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thelicato/portswigger-labs/HEAD/http-request-smuggling/request.txt -------------------------------------------------------------------------------- /information-disclosure/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thelicato/portswigger-labs/HEAD/information-disclosure/README.md -------------------------------------------------------------------------------- /oauth-authentication/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thelicato/portswigger-labs/HEAD/oauth-authentication/README.md -------------------------------------------------------------------------------- /os-command-injection/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thelicato/portswigger-labs/HEAD/os-command-injection/README.md -------------------------------------------------------------------------------- /server-side-template-injection/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thelicato/portswigger-labs/HEAD/server-side-template-injection/README.md -------------------------------------------------------------------------------- /server-side-template-injection/TIPS.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thelicato/portswigger-labs/HEAD/server-side-template-injection/TIPS.md -------------------------------------------------------------------------------- /sql-injection/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thelicato/portswigger-labs/HEAD/sql-injection/README.md -------------------------------------------------------------------------------- /sql-injection/cheatsheet.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thelicato/portswigger-labs/HEAD/sql-injection/cheatsheet.md -------------------------------------------------------------------------------- /ssrf/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thelicato/portswigger-labs/HEAD/ssrf/README.md -------------------------------------------------------------------------------- /web-cache-poisoning/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thelicato/portswigger-labs/HEAD/web-cache-poisoning/README.md -------------------------------------------------------------------------------- /web-cache-poisoning/TIPS.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thelicato/portswigger-labs/HEAD/web-cache-poisoning/TIPS.md -------------------------------------------------------------------------------- /websockets/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thelicato/portswigger-labs/HEAD/websockets/README.md -------------------------------------------------------------------------------- /xss/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thelicato/portswigger-labs/HEAD/xss/README.md -------------------------------------------------------------------------------- /xss/portswigger-cheatsheet.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thelicato/portswigger-labs/HEAD/xss/portswigger-cheatsheet.txt -------------------------------------------------------------------------------- /xxe/PAYLOADS.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thelicato/portswigger-labs/HEAD/xxe/PAYLOADS.md -------------------------------------------------------------------------------- /xxe/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thelicato/portswigger-labs/HEAD/xxe/README.md --------------------------------------------------------------------------------