Burp Suite Academy: Exploiting XXE to perform SSRF attacksBurp Suite Academy
This lab has a "Check stock" feature that parses XML input and returns any unexpected values in the response.
The lab server is running a (simulated) EC2 metadata endpoint at the default URL, which is http://169.254.169.254/. This endpoint can be used to retrieve data about t
https://www.rffuste.com/2023/07/31/burp-suite-academy-exploiting-xxe-to-perform-ssrf-attacksburp-suite-academy/
#CTFs #burpSuiteAcademy
Burp Suite Academy: Exploiting XXE using external entities to retrieve filesBurp Suite Academy
This lab has a "Check stock" feature that parses XML input and returns any unexpected values in the response.
To solve the lab, inject an XML external entity to retrieve the contents of the /etc/passwd file.
Checking the req
https://www.rffuste.com/2023/07/24/burp-suite-academy-exploiting-xxe-using-external-entities-to-retrieve-filesburp-suite-academy/
#CTFs #burpSuiteAcademy
Burp Suite Academy: SQL injection vulnerability allowing login bypassBurp Suite Academy
This lab contains a SQL injection vulnerability in the login function.To solve the lab, perform a SQL injection attack that logs in to the application as the administrator user.
Click on "My account":
We can see that the request is sent b
https://www.rffuste.com/2023/07/10/burp-suite-academy-sql-injection-vulnerability-allowing-login-bypassburp-suite-academy/
#CTFs #burpSuiteAcademy
Burp Suite Academy – SQL injection vulnerability in WHERE clause allowing retrieval of hidden dataBurp Suite Academy
This lab contains a SQL injection vulnerability in the product category filter. When the user selects a category, the application carries out a SQL query like the following:
SELECT * FROM product
https://www.rffuste.com/2023/05/15/burp-suite-academy-sql-injection-vulnerability-in-where-clause-allowing-retrieval-of-hidden-databurp-suite-academy/
#CTFs #burpSuiteAcademy
This lab contains a SQL injection vulnerability in the product category filter. When the user selects a category, the application carries out a SQL query like the following: SELECT * FROM…
Burp Suite Academy – DOM XSS in document.write sink using source location.search inside a select elementBurp Suite Academy
This lab contains a DOM-based cross-site scripting vulnerability in the stock checker functionality.
It uses the JavaScript document.write function, which writes data out to the page.
https://www.rffuste.com/2023/05/08/burp-suite-academy-dom-xss-in-document-write-sink-using-source-location-search-inside-a-select-elementburp-suite-academy/
#CTFs #burpSuiteAcademy
Burp Suite Lab Academy – Stored XSS into anchor `href` attribute with double quotes HTML-encoded
This lab contains a stored cross-site scripting vulnerability in the comment functionality. To solve this lab, submit a comment that calls the alert function when the comment author name is clicked.
Access to the lab:
According
https://www.rffuste.com/2023/03/27/burp-suite-lab-academy-stored-xss-into-anchor-href-attribute-with-double-quotes-html-encoded/
#CTFs #burpSuiteAcademy
Burp Suite Academy Lab – Reflected XSS into attribute with angle brackets HTML-encoded
This lab contains a reflected cross-site scripting vulnerability in the search blog functionality where angle brackets are HTML-encoded. To solve this lab, perform a cross-site scripting attack that injects an attribute and calls the alert function.
https://www.rffuste.com/2023/02/06/burp-suite-academy-lab-reflected-xss-into-attribute-with-angle-brackets-html-encoded/
#CTFs #burpSuiteAcademy
<strong>BurpSuite Lab – DOM XSS in jQuery selector sink using a hashchange event</strong>
This lab contains a DOM-based cross-site scripting vulnerability on the home page. It uses jQuery's $() selector function to auto-scroll to a given post, whose title is passed via the location.hash property.
To solve the lab, deliver an exploit to the victim that ca
https://www.rffuste.com/2023/01/16/burpsuite-lab-dom-xss-in-jquery-selector-sink-using-a-hashchange-event/
#CTFs #burpSuiteAcademy
BurpSuite Lab – DOM XSS in jQuery anchor `href` attribute sink using `location.search` source
This lab contains a DOM-based cross-site scripting vulnerability in the submit feedback page. It uses the jQuery library's $selector function to find an anchor element, and changes its href attribute using data from location.search.
To solve thi
https://www.rffuste.com/2023/01/09/burpsuite-lab-dom-xss-in-jquery-anchor-href-attribute-sink-using-location-search-source/
#CTFs #burpSuiteAcademy
rffuste
