
PortSwigger - SQL Injection vulnerabilities labs
PortSwigger Web Security Academy - SQL Injection vulnerabilities labs

PortSwigger Web Security Academy - SQL Injection vulnerabilities labs

A comprehensive, structured guide to understanding, exploiting, and preventing authentication vulnerabilities — covering 18 vulnerability classes, tools, commands, and step-by-step methodology.

PortSwigger Web Security Academy - Information Disclosure vulnerabilities labs

PortSwigger Web Security Academy - Access Control vulnerabilities labs

PortSwigger Web Security Academy - Authentication vulnerabilities labs
Walkthrough of the MonitorsFour machine – web app enumeration, Cacti RCE, Docker API abuse for root

A walkthrough of exploiting SQL Injection in a login form on Infinity platform. By injecting a boolean condition and switching comment syntax from -- to `#`, we bypassed authentication and gained access to the application.

A walkthrough of exploiting Second-Order SQL Injection in an update username feature on Infinity platform. By injecting into an UPDATE query, we escalated privileges from a regular user to admin without needing to know any credentials.

A walkthrough of exploiting Boolean-based SQL Injection in a registration form on Infinity platform. By crafting true/false conditions and automating character extraction with Python, we recovered user passwords from the database.

A walkthrough of exploiting a Boolean-based SQL Injection vulnerability in a login form on Infinity platform. By injecting a true condition into the username field, we bypassed authentication without knowing any credentials.

A walkthrough of exploiting a Union-based SQL Injection vulnerability in a broken search feature on Infinity platform. By identifying the correct number of columns and injecting into a POST parameter, we successfully dumped sensitive data from the database.

A walkthrough of exploiting a Union-based SQL Injection vulnerability in a broken search feature on Infinity platform. By identifying the correct number of columns and injecting into a POST parameter, we successfully dumped sensitive data from the database.