-
Cross-site WebSocket hijacking (CSWSH)
See the first link below to become familiar with various Cross-site WebSocket hijacking (CSWSH) attacks. If you are not familiar with Websocket vulnerabilities, take a look at the second link for more details. External Links Cross-site WebSocket hijacking (CSWSH) Testing for WebSockets security vulnerabilities References Icon made by Three musketeers...
-
Expert Lab: Reflected XSS in a JavaScript URL with some characters blocked
Lab Link Lab: Reflected XSS in a JavaScript URL with some characters blocked Lab Description This lab reflects your input in a JavaScript URL, but all is not as it seems. This initially seems like a trivial challenge; however, the application is blocking some characters in an attempt to prevent...
-
Expert Lab: Web Shell Upload via Race Condition
blogWeb Application SecurityWeb Security AcademyExpert LabsFile Upload VulnerabilitiesRace Condition VulnerabilitiesTurbo IntruderExiftool
Lab Link Lab: Web shell upload via race condition Lab Description This lab contains a vulnerable image upload function. Although it performs robust validation on any files that are uploaded, it is possible to bypass this validation entirely by exploiting a race condition in the way it processes them. To...