Lab 44
- Prototype Pollution 실습(2) - DOM XSS via an alternative prototype pollution vector (PortSwigger Academy)
- Prototype Pollution 실습(1) - DOM XSS via client-side prototype pollution (PortSwigger Academy)
- GraphQL 실습(5) - Performing CSRF exploits over GraphQL (PortSwigger Academy)
- GraphQL 실습(4) - Bypassing GraphQL brute force protections (PortSwigger Academy)
- GraphQL 실습(3) - Finding a hidden GraphQL endpoint (PortSwigger Academy)
- GraphQL 실습(2) - Accidental exposure of private GraphQL fields (PortSwigger Academy)
- GraphQL 실습(1) - Accessing private GraphQL posts (PortSwigger Academy)
- Race Conditions 실습(5) - Exploiting time-sensitive vulnerabilities (PortSwigger Academy)
- Race Conditions 실습(4) - Single-endpoint race conditions (PortSwigger Academy)
- Race Conditions 실습(3) - Multi-endpoint race conditions (PortSwigger Academy)
- Race Conditions 실습(2) - Bypassing rate limits via race conditions (PortSwigger Academy)
- Race Conditions 실습(1) - Limit overrun race conditions (PortSwigger Academy)
- Insecure Deserialization 실습(7) - Ruby Gadget Chain을 이용한 RCE (PortSwigger Academy)
- Insecure Deserialization 실습(6) - PHPGGC를 이용한 Signed Cookie 우회 (PortSwigger Academy)
- Insecure Deserialization 실습(5) - ysoserial을 이용한 Java gadget chain 공격 (PortSwigger Academy)
- Insecure Deserialization 실습(4) - Arbitrary Object Injection in PHP (PortSwigger Academy)
- Insecure Deserialization 실습(3) - Using application functionality (PortSwigger Academy)
- Insecure Deserialization 실습(2) - Modifying serialized data types (PortSwigger Academy)
- Insecure Deserialization 실습(1) - Modifying serialized objects (PortSwigger Academy)
- SSTI 실습(5) - user-supplied object를 통한 정보 유출 (PortSwigger Academy)
- SSTI 실습(4) - Unknown template engine + documented exploit (PortSwigger Academy)
- SSTI 실습(3) - Freemarker Template Injection으로 파일 삭제 (PortSwigger Academy)
- SSTI 실습(2) - Tornado Template Injection (Code Context)로 파일 삭제 (PortSwigger Academy)
- SSTI 실습(1) - ERB Template Injection을 이용한 파일 삭제 (PortSwigger Academy)
- CORS 실습(3) - Trusted insecure protocol을 이용한 데이터 탈취 (PortSwigger Academy)
- CORS 실습(2) - CORS vulnerability with trusted null origin (PortSwigger Academy)
- CORS 실습(1) - CORS vulnerability with basic origin reflection (PortSwigger Academy)
- Authentication 실습(10) - Password brute-force via password change (PortSwigger Academy)
- Authentication 실습(9) - Password reset poisoning via middleware (PortSwigger Academy)
- Authentication 실습(8) - Password reset broken logic (PortSwigger Academy)
- Authentication 실습(7) - Offline password cracking (PortSwigger Academy)
- Authentication 실습(6) - Brute-forcing a stay-logged-in cookie (PortSwigger Academy)
- Authentication 실습(5) - 2FA broken logic (PortSwigger Academy)
- Authentication 실습(4) - Username enumeration via account lock (PortSwigger Academy)
- Authentication 실습(3) - Broken Brute-force Protection (PortSwigger Academy)
- Authentication 실습(2) - Username enumeration via response (PortSwigger Academy)
- Authentication 실습(1) - Username enumeration via subtly different responses (PortSwigger Academy)
- JWT attacks 실습(4) - JWT authentication bypass via kid header path traversal (PortSwigger Academy)
- JWT attacks 실습(3) - JWT authentication bypass via jku header injection (PortSwigger Academy)
- JWT attacks 실습(2) - JWT authentication bypass via weak jwk header injection (PortSwigger Academy)
- JWT attacks 실습(1) - JWT authentication bypass via weak signing key (PortSwigger Academy)
- API Testing 실습(2) - Finding and exploiting an unused API endpoint (PortSwigger Academy)
- API Testing 실습(1) - Exploiting an API endpoint using documentation (PortSwigger Academy)
- SSPP 실습(1) - Exploiting server-side parameter pollution in a query string (PortSwigger Academy)