Karthikeyan Nagaraj14.6 Lab: CSRF Vulnerability where token validation depends on request methodThis lab’s email change functionality is vulnerable to CSRF. It attempts to block CSRF attacks, but only applies defenses to certain types…1h ago1h ago
Karthikeyan Nagaraj13.31 Lab: Exploiting XSS to perform CSRFThis lab contains a stored XSS vulnerability in the blog comments function. To solve the lab, exploit the vulnerability to perform a CSRF…1d ago1d ago
Karthikeyan Nagaraj13.30 Lab: Exploiting cross-site scripting to capture passwordsThis lab contains a stored XSS vulnerability in the blog comments function. A simulated victim user views all comments after they are…2d ago2d ago
Karthikeyan Nagaraj13.29 Exploiting cross-site scripting to steal cookiesThis lab contains a stored XSS vulnerability in the blog comments function. A simulated victim user views all comments after they are…3d ago3d ago
Karthikeyan Nagaraj13.28 Lab: Reflected XSS into a template literal with angle brackets, single, double quotes…This lab contains a reflected cross-site scripting vulnerability in the search blog functionality. The reflection occurs inside a template…4d ago4d ago
Karthikeyan Nagaraj13.27 Lab: Reflected XSS into a JavaScript string with a single quote and backslash-escapedThis lab contains a reflected cross-site scripting vulnerability in the search query tracking functionality. The reflection occurs inside a…5d ago5d ago
Karthikeyan NagarajWhat is prototype pollution?Prototype pollution is a JavaScript vulnerability that enables an attacker to add arbitrary properties to global object prototypes, which…6d ago6d ago
Karthikeyan Nagaraj29.9 Lab: Remote code execution via server-side prototype pollutionThis lab is built on Node.js and the Express framework. It is vulnerable to server-side prototype pollution because it unsafely merges…Jun 19Jun 19
Karthikeyan Nagaraj29.8 Lab: Bypassing flawed input filters for server-side prototype pollutionThis lab is built on Node.js and the Express framework. It is vulnerable to server-side prototype pollution because it unsafely merges…Jun 18Jun 18
Karthikeyan Nagaraj29.7 Lab: Detecting server-side prototype pollution without polluted property reflectionThis lab is built on Node.js and the Express framework. It is vulnerable to server-side prototype pollution because it unsafely merges…Jun 17Jun 17
