Skip to content

yufongg/portswigger-labs

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

40 Commits
cors
cors
 
 
csrf
csrf
 
 
dom-based
dom-based
 
 
sqli
sqli
 
 
ssrf
ssrf
 
 
xss
xss
 
 
xxe
xxe
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 

Repository files navigation

Table of contents

Purpose

Run script to solve portswigger lab and for users to debug their payload.

Usage

Change lab_id and run script to solve.

SQL Injection (SQLi)

Title Difficulty Vulnerabilities Code
SQL injection vulnerability in WHERE clause allowing retrieval of hidden data Apprentice SQL Injection sqli1.py
SQL injection vulnerability allowing login bypass Apprentice SQL Injection sqli2.py
SQL injection attack, querying the database type and version on Oracle Practitioner SQL Injection sqli3.py
SQL injection attack, querying the database type and version on MySQL and Microsoft Practitioner SQL Injection sqli4.py
SQL injection attack, listing the database contents on non-Oracle databases Practitioner SQL Injection sqli5.py
SQL injection attack, listing the database contents on Oracle Practitioner SQL Injection sqli6.py
SQL injection UNION attack, determining the number of columns returned by the query Practitioner SQL Injection sqli7.py
SQL injection UNION attack, finding a column containing text Practitioner SQL Injection sqli8.py
SQL injection UNION attack, retrieving data from other tables Practitioner SQL Injection sqli9.py
SQL injection UNION attack, retrieving multiple values in a single column Practitioner SQL Injection sqli10.py
Blind SQL injection with conditional responses Practitioner SQL Injection sqli11.py
Blind SQL injection with conditional errors Practitioner SQL Injection sqli12.py
Visible error-based SQL injection Practitioner SQL Injection sqli13.py
Blind SQL injection with time delays Practitioner SQL Injection sqli14.py
Blind SQL injection with time delays and information retrieval Practitioner SQL Injection sqli15.py
sqli15_2.py
Blind SQL injection with out-of-band interaction Practitioner SQL Injection sqli16.py
Blind SQL injection with out-of-band data exfiltration Practitioner SQL Injection sqli17.py
SQL injection with filter bypass via XML encoding Practitioner SQL Injection sqli18.py

Cross-site Scripting (XSS)

Title Difficulty Vulnerabilities Code
Reflected XSS into HTML context with nothing encoded Apprentice XSS xss1.py
Stored XSS into HTML context with nothing encoded Apprentice XSS xss2.py
DOM XSS in document.write sink using source location.search Apprentice XSS xss3.py
DOM XSS in innerHTML sink using source location.search Apprentice XSS xss4.py
DOM XSS in jQuery anchor href attribute sink using location.search source Apprentice XSS xss5.py
DOM XSS in jQuery selector sink using a hashchange event Apprentice XSS xss6.py
Reflected XSS into attribute with angle brackets HTML-encoded Apprentice XSS xss7.py
Stored XSS into anchor href attribute with double quotes HTML-encoded Apprentice XSS xss8.py
Reflected XSS into a JavaScript string with angle brackets HTML encoded Apprentice XSS xss9.py
DOM XSS in document.write sink using source location.search inside a select element Practitioner XSS xss10.py
DOM XSS in AngularJS expression with angle brackets and double quotes HTML-encoded Practitioner XSS xss11.py
Reflected DOM XSS Practitioner XSS xss12.py
Stored DOM XSS Practitioner XSS xss13.py
Reflected XSS into HTML context with most tags and attributes blocked Practitioner XSS xss14.py
Reflected XSS into HTML context with all tags blocked except custom ones Practitioner XSS xss15.py
Reflected XSS with some SVG markup allowed Practitioner XSS xss16.py
Reflected XSS in canonical link tag Practitioner XSS xss17.py
Reflected XSS into a JavaScript string with single quote and backslash escaped Practitioner XSS xss18.py
Reflected XSS into a JavaScript string with angle brackets and double quotes HTML-encoded and single quotes escaped Practitioner XSS xss19.py
Stored XSS into onclick event with angle brackets and double quotes HTML-encoded and single quotes and backslash escaped Practitioner XSS xss20.py
Reflected XSS into a template literal with angle brackets, single, double quotes, backslash and backticks Unicode-escaped Practitioner XSS xss21.py
Exploiting cross-site scripting to steal cookies Practitioner XSS
CSRF		 xss22.py
xss22_2.py
Exploiting cross-site scripting to capture passwords Practitioner XSS
CSRF		 xss23.py
xss23_2.py
Exploiting XSS to bypass CSRF defenses Practitioner XSS
CSRF		 xss24.py

Cross-site Request Forgery (CSRF)

Title9 Difficulty Vulnerabilities Code
CSRF vulnerability with no defenses Apprentice CSRF csrf1.py
CSRF where token validation depends on request method Practitioner CSRF csrf2.py
CSRF where token validation depends on token being present Practitioner CSRF csrf3.py
CSRF where token is not tied to user session Practitioner CSRF csrf4.py
CSRF where token is tied to non-session cookie Practitioner CSRF
HTTP Header Injection		 csrf5.py
CSRF where token is duplicated in cookie Practitioner CSRF csrf6.py
SameSite Lax bypass via method override Practitioner CSRF
HTTP Method Spoofing		 csrf7.py
SameSite Strict bypass via client-side redirect Practitioner CSRF csrf8.py
SameSite Strict bypass via sibling domain Practitioner CSRF
CSWSH		 csrf9.py
csrf9_2.py
SameSite Strict bypass via sibling domain Practitioner CSRF
CSWSH		 csrf9.py
SameSite Lax bypass via cookie refresh Practitioner CSRF
SSO		 csrf10.py
CSRF where Referer validation depends on header being present Practitioner CSRF csrf11.py
CSRF with broken Referer validation Practitioner CSRF csrf12.py

DOM-Based Vulnerabilities

Title Difficulty Vulnerabilities Code
DOM XSS using web messages Practitioner DOM-Based dom-based1.py
DOM XSS using web messages and a JavaScript URL Practitioner DOM-Based dom-based2.py
DOM XSS using web messages and JSON.parse Practitioner DOM-Based dom-based3.py
DOM-based open redirection Practitioner DOM-Based dom-based4.py
DOM-based cookie manipulation Practitioner DOM-Based dom-based5.py

Cross-origin Resource Sharing (CORS)

Title Difficulty Vulnerabilities Code
CORS vulnerability with basic origin reflection Apprentice CORS cors1.py
cors1_2.py
CORS vulnerability with trusted null origin Apprentice CORS cors2.py
CORS vulnerability with trusted insecure protocols Practitioner CORS cors3.py
cors3_2.py

XML External Entity (XXE) Injection

Title Difficulty Vulnerabilities Code
Exploiting XXE using external entities to retrieve files Apprentice XXE xxe1.py
Exploiting XXE to perform SSRF attacks Apprentice XXE
SSRF		 xxe2.py
Blind XXE with out-of-band interaction Practitioner XXE xxe3.py
Blind XXE with out-of-band interaction via XML parameter entities Practitioner XXE xxe4.py
Exploiting blind XXE to exfiltrate data using a malicious external DTD Practitioner XXE xxe5.py
xxe5_2.py
Exploiting blind XXE to retrieve data via error messages Practitioner XXE xxe6.py
Exploiting XInclude to retrieve files Practitioner XXE xxe7.py
Exploiting XXE via image file upload Practitioner XXE xxe8.py

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages