PortSwigger2 年
Latest data privacy news and breaches
If scandals such as the 2018 Facebook breach have taught us anything, it’s that we don’t have full control of our personal data. As we increasingly live our lives online, we leave a digital footprint ...
PortSwigger5 年
Lab: SSRF with filter bypass via open redirection vulnerability
This lab has a stock check feature which fetches data from an internal system. To solve the lab, change the stock check URL to access the admin interface at http ...
PortSwigger5 年
Lab: File path traversal, traversal sequences blocked with absolute path bypass
Launching labs may take some time, please hold on while we build your environment. Practise exploiting vulnerabilities on realistic targets. Record your progression from Apprentice to Expert. See ...
PortSwigger4 年
Lab: 2FA broken logic
This lab's two-factor authentication is vulnerable due to its flawed logic. To solve the lab, access Carlos's account page.
PortSwigger1 年
Latest security penetration testing news
This page requires JavaScript for an enhanced user experience.
PortSwigger5 年
Lab: Exploiting cross-site scripting to capture passwords
This lab contains a stored XSS vulnerability in the blog comments function. A simulated victim user views all comments after they are posted. To solve the lab, exploit the vulnerability to exfiltrate ...
PortSwigger7 年
What is OS command injection?
In this example, a shopping application lets the user view whether an item is in stock in a particular store. This information is accessed via a URL: https://insecure ...
PortSwigger4 年
Lab: Clobbering DOM attributes to bypass HTML filters
This lab uses the HTMLJanitor library, which is vulnerable to DOM clobbering. To solve this lab, construct a vector that bypasses the filter and uses DOM clobbering ...
PortSwigger4 年
Vulnerabilities in multi-factor authentication
In this section, we'll look at some of the vulnerabilities that can occur in multi-factor authentication mechanisms. We've also provided several interactive labs to demonstrate how you can exploit ...
PortSwigger2 年
Latest Internet of Things (IoT) security news
These days, everything from your car to your shoes can be a ‘smart’ device, hence why cybersecurity for Internet of Things (IoT) products is a hot topic. Internet of Things security issues have even ...
PortSwigger5 年
Lab: File path traversal, traversal sequences stripped with superfluous URL-decode
This lab contains a path traversal vulnerability in the display of product images. The application blocks input containing path traversal sequences. It then performs a URL-decode of the input before ...
PortSwigger5 年
Exploiting HTTP request smuggling vulnerabilities
In this section, we'll describe various ways in which HTTP request smuggling vulnerabilities can be exploited, depending on the intended functionality and other behavior of the application. In some ...