Lab: Remote code execution via web shell upload

Lab: Remote code execution via web shell uploadhttps://portswigger.net/web-security/file-upload/lab-file-upload-remote-code-execution-via-web-shell-upload Lab: Remote code execution via web shell upload | Web Security AcademyThis lab contains a vulnerable image upload function. It doesn't perform any validation on the files users upload before storing them on the server's ...portswigger.net File..

• format_list_bulleted 보안 취약점 진단 및 대응/Port Swigger:Lab
• · 2023. 12. 16.
• textsms

Lab: Blind SQL injection with conditional responses

Lab: Blind SQL injection with conditional responseshttps://portswigger.net/web-security/sql-injection/blind/lab-conditional-responses Lab: Blind SQL injection with conditional responses | Web Security AcademyThis lab contains a blind SQL injection vulnerability. The application uses a tracking cookie for analytics, and performs a SQL query containing the value ...portswigger.net Blind SQL Inject..

• format_list_bulleted 보안 취약점 진단 및 대응/Port Swigger:Lab
• · 2023. 12. 16.
• textsms

Lab: SQL injection vulnerability allowing login bypass

Lab: SQL injection vulnerability allowing login bypasshttps://portswigger.net/web-security/sql-injection/lab-login-bypass Lab: SQL injection vulnerability allowing login bypass | Web Security AcademyThis lab contains a SQL injection vulnerability in the login function. To solve the lab, perform a SQL injection attack that logs in to the application as ...portswigger.net SQL Injection 로그인 우회 관리자 ..

• format_list_bulleted 보안 취약점 진단 및 대응/Port Swigger:Lab
• · 2023. 12. 14.
• textsms

Lab: Reflected XSS into a JavaScript string with single quote and backslash escaped

Lab: Reflected XSS into a JavaScript string with single quote and backslash escapedhttps://portswigger.net/web-security/cross-site-scripting/contexts/lab-javascript-string-single-quote-backslash-escaped Lab: Reflected XSS into a JavaScript string with single quote and backslash escaped | Web Security AcademyThis lab contains a reflected cross-site scripting vulnerability in the search query trac..

• format_list_bulleted 보안 취약점 진단 및 대응/Port Swigger:Lab
• · 2023. 12. 13.
• textsms

Lab: DOM XSS in innerHTML sink using source location.search

Lab: DOM XSS in innerHTML sink using source location.search Lab: DOM XSS in innerHTML sink using source location.search | Web Security Academy (portswigger.net) Lab: DOM XSS in innerHTML sink using source location.search | Web Security Academy This lab contains a DOM-based cross-site scripting vulnerability in the search blog functionality. It uses an innerHTML assignment, which changes the HTML..

• format_list_bulleted 보안 취약점 진단 및 대응/Port Swigger:Lab
• · 2023. 12. 13.
• textsms

Lab: Stored XSS into HTML context with nothing encoded

Lab: Stored XSS into HTML context with nothing encoded https://portswigger.net/web-security/cross-site-scripting/stored/lab-html-context-nothing-encoded Lab: Stored XSS into HTML context with nothing encoded | Web Security Academy This lab contains a stored cross-site scripting vulnerability in the comment functionality. To solve this lab, submit a comment that calls the alert ... portswigger.ne..

• format_list_bulleted 보안 취약점 진단 및 대응/Port Swigger:Lab
• · 2023. 12. 13.
• textsms

취약점 진단과 실습환경 구성

취약점 진단이란? 체크리스트를 기반으로 취약점을 점검하는 것을 의미합니다. 1 URL 기준 보통 2~3일 정도 소요가 되며, 사이즈가 큰 URL의 경우 1주일 또는 그 이상이 걸릴 수도 있습니다. 취약점 진단 VS 모의해킹 취약점진단과 모의해킹의 차이 : "정보를 처음부터 알고 공격하는가?" 취약점 진단 모의해킹 취약점 항목 기반으로 화이트박스 형태의 공격 수행 시나리오 기반으로 블랙박스 형태의 공격 수행 담당자 정보요청 -> 정보수령 -> 공격수행 Zero Base 시간소요가 상대적으로 작다. 시간소요가 크다 1 URL 기준 보통 2~3일 1개 서비스 기준 최소 1개월~3개월 협의 취약점 진단 과정 실습환경구성 Burp Suite 설치 Burp Suite 다운로드 : https://portswigger..

• format_list_bulleted 보안 취약점 진단 및 대응/취약점
• · 2023. 12. 12.
• textsms