PortSwigger
November 2022
Link de la página: https://portswigger.net/web-security
SQL injection
| Nombre del reto |
Link |
| SQL injection vulnerability in WHERE clause allowing retrieval of hidden data |
Link |
| SQL injection vulnerability allowing login bypass |
Link |
| SQL injection UNION attack, determining the number of columns returned by the query |
Link |
| SQL injection UNION attack, finding a column containing text |
Link |
| SQL injection UNION attack, retrieving data from other tables |
Link |
| SQL injection UNION attack, retrieving multiple values in a single column |
Link |
| SQL injection attack, querying the database type and version on Oracle |
Link |
| SQL injection attack, querying the database type and version on MySQL and Microsoft |
Link |
| SQL injection attack, listing the database contents on non-Oracle databases |
Link |
| SQL injection attack, listing the database contents on Oracle |
Link |
| Blind SQL injection with conditional responses |
Link |
| Blind SQL injection with time delays |
Link |
| Blind SQL injection with out-of-band interaction |
Link |
Authentication vulnerabilities
| Nombre del reto |
Link |
| Username enumeration via different responses |
Link |
Directory traversal
| Nombre del reto |
Link |
| File path traversal, simple case |
Link |
| File path traversal, traversal sequences blocked with absolute path bypass |
Link |
| File path traversal, traversal sequences stripped non-recursively |
Link |
| File path traversal, traversal sequences stripped with superfluous URL-decode |
Link |
| File path traversal, validation of start of path |
Link |
| File path traversal, validation of file extension with null byte bypass |
Link |
OS command injection
| Nombre del reto |
Link |
| OS command injection, simple case |
Link |
| Blind OS command injection with time delays |
Link |
| Blind OS command injection with output redirection |
Link |
| Nombre del reto |
Link |
| Information disclosure in error messages |
Link |
| Information disclosure on debug page |
Link |
| Source code disclosure via backup files |
Link |
| Authentication bypass via information disclosure |
Link |
| Information disclosure in version control history |
Link |