# Portswigger Web Security Academy ###### tags: `Portswigger Web Security Academy` `Web` ## SQL - [SQL - APPRENTICE](https://hackmd.io/@SBK6401/BkL3DtCGn) - [SQL injection UNION attack, determining the number of columns returned by the query](https://hackmd.io/@SBK6401/HktsZgSX2) - [SQL injection UNION attack, determining the number of columns returned by the query](https://hackmd.io/@SBK6401/rkKZzxBmh) - [SQL injection UNION attack, retrieving data from other tables](https://hackmd.io/@SBK6401/S1hBzlSQ3) - [SQL injection UNION attack, retrieving multiple values in a single column](https://hackmd.io/@SBK6401/rkNKfgrX3) - [SQL injection attack, querying the database type and version on Oracle](https://hackmd.io/@SBK6401/HJlpGeHQh) - [SQL injection attack, querying the database type and version on MySQL and Microsoft](https://hackmd.io/@SBK6401/SJU1meH7h) - [SQL injection attack, listing the database contents on non-Oracle databases :four:](https://hackmd.io/@SBK6401/B1LeNlSQn) - [SQL injection attack, listing the database contents on Oracle](https://hackmd.io/@SBK6401/SyAfExSQn) ## XSS - [XSS - APPRENTICE](https://hackmd.io/@SBK6401/ry1WJnN7n) - [DOM XSS in `document.write` sink using source `location.search` inside a select element](https://hackmd.io/@SBK6401/rJhVHeSXn) - [Stored DOM XSS](https://hackmd.io/@SBK6401/H1NPHerX2) ## CSRF - [CSRF - APPRENTICE](https://hackmd.io/@SBK6401/SJ3l1nN7h) ### 針對CSRF Token與同源政策的繞過手段 - [CSRF where token validation depends on request method](https://hackmd.io/@SBK6401/Bk7Lm1SXn) - [CSRF where token validation depends on token being present](https://hackmd.io/@SBK6401/rJ3oNyBQ3) - [CSRF where token is not tied to user session](https://hackmd.io/@SBK6401/SJUDN1rmh) - Not Complete - [CSRF where token is duplicated in cookie]() - Not Complete - [CSRF with broken Referer validation]() ### Not Complete - [CSRF where token is tied to non-session cookie](https://hackmd.io/@SBK6401/SyMG9MBQ2) ## XXE - [XXE - APPRENTICE](https://hackmd.io/@SBK6401/S1IKXUwmn) - [Exploiting XXE via image file upload](https://hackmd.io/@SBK6401/SkOMdwPmn) - [Exploiting XInclude to retrieve files](https://hackmd.io/@SBK6401/H16Uf_D73) ### Blind XXE - [Blind XXE with out-of-band interaction](https://hackmd.io/@SBK6401/H1nC-QIN3) - [Blind XXE with out-of-band interaction via XML parameter entities](https://hackmd.io/@SBK6401/rJhwFKLE3) ### External Malicious Server - [Exploiting blind XXE to exfiltrate data using a malicious external DTD](https://hackmd.io/@SBK6401/S137CKUEh) - [Exploiting blind XXE to retrieve data via error messages](https://hackmd.io/@SBK6401/rJxFXsUN3) ## Deserialization - [Deserialization - APPRENTICE](https://hackmd.io/@SBK6401/S10Li5_Q2) - [Modifying serialized data types](https://hackmd.io/@SBK6401/B1m_Qjumn) - [Using application functionality to exploit insecure deserialization](https://hackmd.io/@SBK6401/r1H4cjuQ3) - [Arbitrary object injection in PHP](https://hackmd.io/@SBK6401/ryR-0i_X3)
{"metaMigratedAt":"2023-06-18T02:33:53.846Z","metaMigratedFrom":"Content","title":"Portswigger Web Security Academy","breaks":true,"contributors":"[{\"id\":\"507cd57e-1008-4e58-8e33-79854a8ea67c\",\"add\":3141,\"del\":165}]","description":"SQL - APPRENTICE"}
Expand menu