Karthikeyan Nagaraj18.3 Using application functionality to exploit insecure deserializationThis lab uses a serialization-based session mechanism. A certain feature invokes a dangerous method on data provided in a serialized…20h ago20h ago
Karthikeyan Nagaraj18.2 Modifying Serialized Data TypesThis lab uses a serialization-based session mechanism and is vulnerable to authentication bypass as a result. To solve the lab, edit the…1d ago1d ago
Karthikeyan Nagaraj14.9 Lab: CSRF where token is tied to non-session cookieThis lab’s email change functionality is vulnerable to CSRF. It uses tokens to try to prevent CSRF attacks, but they aren’t fully…2d ago2d ago
Karthikeyan Nagaraj14.8 Lab: CSRF where token is duplicated in cookieThis lab’s email change functionality is vulnerable to CSRF. It attempts to use the insecure “double submit” CSRF prevention technique. To…3d ago3d ago
Karthikeyan Nagaraj14.7 Lab: CSRF where token is not tied to user sessionThis lab’s email change functionality is vulnerable to CSRF. It uses tokens to try to prevent CSRF attacks, but they aren’t integrated into…4d ago4d ago
Karthikeyan Nagaraj14.6 Lab: CSRF Vulnerability where token validation depends on request methodThis lab’s email change functionality is vulnerable to CSRF. It attempts to block CSRF attacks, but only applies defenses to certain types…5d ago5d ago
Karthikeyan Nagaraj13.31 Lab: Exploiting XSS to perform CSRFThis lab contains a stored XSS vulnerability in the blog comments function. To solve the lab, exploit the vulnerability to perform a CSRF…6d ago6d ago
Karthikeyan Nagaraj13.30 Lab: Exploiting cross-site scripting to capture passwordsThis lab contains a stored XSS vulnerability in the blog comments function. A simulated victim user views all comments after they are…Jun 24Jun 24
Karthikeyan Nagaraj13.29 Exploiting cross-site scripting to steal cookiesThis lab contains a stored XSS vulnerability in the blog comments function. A simulated victim user views all comments after they are…Jun 23Jun 23
Karthikeyan Nagaraj13.28 Lab: Reflected XSS into a template literal with angle brackets, single, double quotes…This lab contains a reflected cross-site scripting vulnerability in the search blog functionality. The reflection occurs inside a template…Jun 22Jun 22