SQL injection
Lab: SQL injection vulnerability in WHERE clause allowing retrieval of hidden data
APPRENTICE
Lab: SQL injection vulnerability allowing login bypass
APPRENTICE
Lab: SQL injection UNION attack, determining the number of columns returned by the query
PRACTITIONER
Lab: SQL injection UNION attack, finding a column containing text
PRACTITIONER
Lab: SQL injection UNION attack, retrieving data from other tables
PRACTITIONER
Lab: SQL injection UNION attack, retrieving multiple values in a single column
PRACTITIONER
Cross-site scripting
Lab: Reflected XSS into HTML context with nothing encoded
APPRENTICE
Lab: Stored XSS into HTML context with nothing encoded
APPRENTICE
Lab: DOM XSS in document.write sink using source location.search
APPRENTICE
Server-side reqeust forgery (SSRF)
Lab: Basic SSRF against the local server
APPRENTICE
Lab: Basic SSRF against another back-end system
APPRENTICE
Drectory traversal
Lab: File path traversal, simple case
APPRENTICE
Lab: File path traversal, traversal sequences blocked with absolute path bypass
PRACTITIONER
Lab: File path traversal, traversal sequences stripped non-recursively
PRACTITIONER
Lab: File path traversal, traversal sequences stripped with superfluous URL-decode
PRACTITIONER
Lab: File path traversal, validation of start of path
PRACTITIONER
Lab: File path traversal, validation of file extension with null byte bypass
PRACTITIONER
Insecure deserialization
Lab: Modifying serialized objects
APPRENTICE
Business logic 취약점
Lab: Excessive trust in client-side controls
APPRENTICE
Lab: High-level logic vulnerability
APPRENTICE
File upload 취약점
Lab: Remote code execution via web shell upload
APPRENTICE
Lab: Web shell upload via Content-Type restriction bypass
APPRENTICE
