Занятие 3. Основные атаки и паттерны

# Занятие 3. Основные атаки и паттерны Итоговая статистика ![](https://i.imgur.com/sC3Lj4m.png) ![](https://i.imgur.com/qqqGlWm.png) ![](https://i.imgur.com/QkUrnNn.png) ![](https://i.imgur.com/EXyqeZb.png) ![](https://i.imgur.com/v0lSHUu.png) ![](https://i.imgur.com/o5E55KS.png) ![](https://i.imgur.com/e05TzU0.png) ![](https://i.imgur.com/iERruH6.png) Lab: SQL injection vulnerability allowing login bypass ![](https://i.imgur.com/Ly07hZv.png) ![](https://i.imgur.com/HgFtDlm.png) Lab: SQL injection vulnerability in WHERE clause allowing retrieval of hidden data ![](https://i.imgur.com/bR4ahrk.jpg) ![](https://i.imgur.com/wGv00fj.png) Lab: SQL injection UNION attack, retrieving data from other tables ![](https://i.imgur.com/k5SnACI.png) ![](https://i.imgur.com/v6hJzpT.png) ![](https://i.imgur.com/wUm9q3w.png) ![](https://i.imgur.com/UvVkG3T.png) ![](https://i.imgur.com/O088DUS.png) Lab: SQL injection attack, querying the database type and version on MySQL and Microsoft ![](https://i.imgur.com/WnARpgK.png) ![](https://i.imgur.com/iya3RfH.png) ![](https://i.imgur.com/eCWJjxE.png) Lab: Stored XSS into HTML context with nothing encoded ![](https://i.imgur.com/ok1KHAF.png) ![](https://i.imgur.com/R5NFHti.png) Lab: DOM XSS in document.write sink using source ![](https://i.imgur.com/Yy84IDg.png) ![](https://i.imgur.com/5IzIgsV.png) Lab: Reflected XSS into a JavaScript string with angle brackets HTML encoded ![](https://i.imgur.com/Hl0LN1l.png) ![](https://i.imgur.com/n6Kb3K0.png) Lab: Reflected DOM XSS ![](https://i.imgur.com/GY9DHuJ.png) Lab: CSRF vulnerability with no defenses ![](https://i.imgur.com/PyUzALM.png) ![](https://i.imgur.com/lfcuAyX.png) ![](https://i.imgur.com/TMvkRgw.png) Lab: CSRF where token validation depends on request method ![](https://i.imgur.com/MaHiSdl.png) ![](https://i.imgur.com/rVvR8Uy.png) ![](https://i.imgur.com/QH0QpiQ.png) ![](https://i.imgur.com/s23Sjgh.png) ![](https://i.imgur.com/hWHW6AV.png) ![](https://i.imgur.com/svNwnis.png) ![](https://i.imgur.com/IUQWVfP.png) Lab: Basic SSRF against the local server ![](https://i.imgur.com/gnwiO7z.jpg) Lab: SSRF with filter bypass via open redirection vulnerability ![](https://i.imgur.com/1dfY0ry.png) Lab: OS command injection, simple case ![](https://i.imgur.com/6pcJrjg.png) Lab: File path traversal, simple case ![](https://i.imgur.com/aQKneZK.png) ![](https://i.imgur.com/RqRbSgL.png) ![](https://i.imgur.com/1hhLVLK.png) Lab: File path traversal, traversal sequences blocked with absolute path bypass ![](https://i.imgur.com/chn7W1S.png) ![](https://i.imgur.com/RDrNbdv.png)