Karthikeyan Nagaraj18.7 Lab: Clobbering DOM attributes to bypass HTML filtersThis lab uses the HTMLJanitor library, which is vulnerable to DOM clobbering. To solve this lab, construct a vector that bypasses the…21h ago21h ago
Karthikeyan Nagaraj18.6 Lab: Exploiting DOM clobbering to enable XSSThis lab contains a DOM-clobbering vulnerability. The comment functionality allows “safe” HTML. To solve this lab, construct an HTML…2d ago2d ago
Karthikeyan Nagaraj14.30 Lab: Reflected XSS protected by CSP, with CSP bypassThis lab uses CSP and contains a reflected XSS vulnerability. To solve the lab, perform a cross-site scripting attack that bypasses the CSP…3d ago3d ago
Karthikeyan NagarajWhat is CSP (content security policy)?In this section, we’ll explain what content security policy is, and describe how CSP can be used to mitigate against some common attacks |…3d ago3d ago
Karthikeyan Nagaraj14.28 Lab: Reflected XSS in a JavaScript URL with some characters blockedThis lab reflects your input in a JavaScript URL, but all is not as it seems. This initially seems like a trivial challenge; however, the…5d ago5d ago
Karthikeyan Nagaraj14.27 Lab: Reflected XSS with event handlers and href attributes blockedThis lab contains a reflected XSS vulnerability with some whitelisted tags, but all events and anchor href attributes are blocked. To solve…5d ago5d ago
Karthikeyan Nagaraj14.26 Lab: Reflected XSS with AngularJS sandbox escape and CSPThis lab uses CSP and AngularJS. To solve the lab, perform a cross-site scripting attack that bypasses CSP, escapes the AngularJS sandbox…Jul 20Jul 20
Karthikeyan Nagaraj14.25 Lab: Reflected XSS with AngularJS sandbox escape without stringsThis lab uses AngularJS in an unusual way where the $eval function is not available and you will be unable to use any strings in AngularJS…Jul 19Jul 19
Karthikeyan Nagaraj13.5 Lab: Exploiting server-side parameter pollution in a REST URLTo solve the lab, log in as the administrator and delete carlos. You’ll need to know: How to identify whether a user input is included in a…Jul 18Jul 18
Karthikeyan NagarajExploiting Server-Side Parameter Pollution in a REST URLUnderstanding and Mitigating Vulnerabilities in Modern Web ApplicationsJul 17Jul 17