YouTube Twitter LinkedIn

YouTube Twitter LinkedIn

La Biblia del Hacking en Web
SQL Injection
Cross Site Scripting
ClickJacking
- ¿Clickjacking?
- Lab 1: Basic clickjacking with CSRF token protection
Access control vulnerabilities
Path traversal
XML external entity (XXE) injection
JWT
Server-side request forgery (SSRF)
- ¿SSRF?
- Lab 1: Basic SSRF against the local server
OS command injection
- ¿OS Command Injection?
- Lab 1: OS command injection, simple case
Authentication
- ¿Authentication?
- Lab 1: Username enumeration via different responses
HTTP request smuggling
- ¿HTTP request smuggling?
- Lab 1: HTTP request smuggling, confirming a CL.TE vulnerability via differential responses
Server-side template injection
- ¿Server-side template injection?
- Lab 1: Basic server-side template injection
DOM-based vulnerabilities
- Lab 1: DOM XSS using web messages
- Lab 2: DOM XSS using web messages and a JavaScript URL
WebSockets
- Lab #1: Manipulating WebSocket messages to exploit vulnerabilities
Prototype pollution
GraphQL
- Lab 1: Accessing private GraphQL posts
Web cache poisoning
- Lab 1: Web cache poisoning with an unkeyed header
CORS
- Lab #2 - CORS vulnerability with trusted null origin
- Lab 3: CORS vulnerability with trusted insecure protocols
API testing

Con tecnología de GitBook

En esta página

¿Te fue útil?

Cross Site Scripting

Lab 3: DOM XSS in document.write sink using source location.search

https://portswigger.net/web-security/cross-site-scripting/dom-based/lab-document-write-sink

AnteriorLab 2: Stored XSS into HTML context with nothing encoded SiguienteLab 4: DOM XSS in innerHTML sink using source location.search

Última actualización hace 10 meses

¿Te fue útil?