-
Expert Lab: Reflected XSS in a JavaScript URL with some characters blocked
Lab Link Lab: Reflected XSS in a JavaScript URL with some characters blocked Lab Description This lab reflects your input in a JavaScript URL, but all is not as it seems. This initially seems like a trivial challenge; however, the application is blocking some characters in an attempt to prevent...
-
Expert Lab: Web Shell Upload via Race Condition
blog
Web Application Security
Web Security Academy
Expert Labs
File Upload Vulnerabilities
Race Condition Vulnerabilities
Turbo Intruder
Exiftool
Lab Link Lab: Web shell upload via race condition Lab Description This lab contains a vulnerable image upload function. Although it performs robust validation on any files that are uploaded, it is possible to bypass this validation entirely by exploiting a race condition in the way it processes them. To...
-
Hide Malicious Shell in Image File
links
Web Application Security
Web Security Academy
Labs
File Upload Vulnerabilities
Malicious Metadata
Exiftool
There are many ways to bypass flawed validation of file uploads to upload web shells on web applications, this link explains some ways like creating a polyglot image file containing malicious code in its metadata using tools like exiftool, this method is interesting, check it out. Also you can practice...