The following is my documentation on PortSwigger’s Academy labs. End Goal: Create an injection that calls the alert() function This lab explores injecting a payload that takes advantage of the eval() function in JavaScript. But what is the eval() function? “The eval() function evaluates JavaScript code represented as a string and returns its completion value. […]
Solution for PortSwigger Academy Lab: Blind SQL injection with time delays and information retrieval
The following is my documentation on PortSwigger’s Academy labs. End Goal: Time-delayed Blind SQL injection to steal the password of the administrator In this lab, we are tasked to log in as the administrator of the website below by exploiting SQLi. There is some legwork we have to do first before we get there, however. […]
Solution for PortSwigger Academy Lab: DOM XSS in AngularJS expression with angle brackets and double quotes HTML encoded
The following is my documentation on PortSwigger’s Academy labs. End goal: Perform a XSS attack that executes an AngularJS expression and calls the alert function This lab is deceitfully easy. We can quickly find the solution for this online, copy and paste the payload, and solve it. Hell, PortSwigger’s own tutorial is only four steps […]
Solving PortSwigger’s lab: DOM XSS in document.write sink using source location.search inside a select element
The following is my documentation on PortSwigger’s Academy labs. End goal: Perform a cross-site scripting attack that breaks out of the select element and calls the alert function What you’ll need: <1> First, we navigate to a product page in the lab, right-click the “Check stock” button on the bottom of the page, and inspect […]
Capturing your first flag in Hacker101’s CTF
Solving Hacker101’s “A little something to get you started” Along with documenting my solutions and progress in PortSwigger Academy, I’ve decided to go back and document the flags I’ve captured in Hacker101’s CTF. Below is my solution to the first challenge: “A little something to get you started”. The difficulty here is “Trivial” and was […]
Reflected XSS into a JavaScript string with angle brackets HTML encoded
The following is my documentation on PortSwigger’s Academy labs. End goal: Perform a cross-site scripting attack that breaks out of the JavaScript string and calls the alert function Remember when we did this? Well this lab has accounted for our previous method of calling the alert function by placing our search queries into a JavaScript […]
Stored XSS into anchor href attribute with double quotes HTML-encoded
The following is my documentation on PortSwigger’s Academy labs. End Goal: Submit a comment that calls the alert function when the author name is clicked In our last lab, we called an alert function by injecting our payload into a search bar. Our “end goal” already alluded that we are likely going to take advantage […]
Reflected XSS into attribute with angle brackets HTML-encoded
The following is my documentation on PortSwigger’s Academy labs. Goal: Perform a cross-site scripting attack that injects an attribute and calls the “alert” function This was, overall, a simple and quick lab, but one that highlights why certain prevention methods are super important. We’ll begin, by taking a look at the website and then popping […]
DOM XSS in jQuery selector sink using a hashchange event
The following is my documentation on Portswigger’s Academy labs. Goal: Deliver an exploit that calls print() in the user’s browser. We are going to commit “blogger sin” and show you the solution first and work our way backward. That’s because I want to be helpful in my learning journey, but also because as someone who […]
Vulnerability Assessment Report (Example)
You can read this portfolio project as a PDF or continue to read it as a blog post below! 8th October 20XX System Description The server hardware consists of a powerful CPU processor and 128GB of memory. It runs on the latest version of Linux operating system and hosts a MySQL database management system. It […]