HackMD - Collaborative Markdown Knowledge Base

## Занятие 3. Основные атаки и паттерны ## SQL-injection уязвимости: ![](https://i.imgur.com/DxT5ic4.png) ### https://portswigger.net/web-security/sql-injection/lab-login-bypass ![](https://i.imgur.com/fpaJWMa.png) ### https://portswigger.net/web-security/sql-injection/lab-retrieve-hidden-data ![](https://i.imgur.com/7lyqXYL.png) ![](https://i.imgur.com/R4wr0kK.png) ### https://portswigger.net/web-security/sql-injection/union-attacks/lab-retrieve-data-from-other-tables ![](https://i.imgur.com/T0PfgTp.png) ![](https://i.imgur.com/JyqC2yz.png) ### https://portswigger.net/web-security/sql-injection/examining-the-database/lab-querying-database-version-mysql-microsoft ![](https://i.imgur.com/jttlIU8.png) ## XSS уязвимости: ### https://portswigger.net/web-security/cross-site-scripting/stored/lab-html-context-nothing-encoded ![](https://i.imgur.com/ub1ddYw.png) ![](https://i.imgur.com/gg8hDfw.png) ![](https://i.imgur.com/Zuom6sk.png) ### https://portswigger.net/web-security/cross-site-scripting/dom-based/lab-document-write-sink ![](https://i.imgur.com/bTUOlWh.png) ### https://portswigger.net/web-security/cross-site-scripting/contexts/lab-javascript-string-angle-brackets-html-encoded ![](https://i.imgur.com/htxUS1X.png) ### https://portswigger.net/web-security/cross-site-scripting/dom-based/lab-dom-xss-reflected ![](https://i.imgur.com/wjoVivZ.png) ## CSRF ### https://portswigger.net/web-security/csrf/lab-no-defenses ![](https://i.imgur.com/juyFaJm.png) ![](https://i.imgur.com/fIFSyQ7.png) ### https://portswigger.net/web-security/csrf/lab-token-validation-depends-on-request-method ![](https://i.imgur.com/9ADX40v.png) ## SSRF ### https://portswigger.net/web-security/ssrf/lab-basic-ssrf-against-localhost ![](https://i.imgur.com/YOJuzmE.png) ![](https://i.imgur.com/SWKGV0Q.png) ## https://portswigger.net/web-security/ssrf/lab-ssrf-filter-bypass-via-open-redirection ![](https://i.imgur.com/7x93EDR.png) ## RCE: ### https://portswigger.net/web-security/os-command-injection/lab-simple ![](https://i.imgur.com/t0qPLp5.png) ![](https://i.imgur.com/Ozd6cVx.png) ## Path traversal: ### https://portswigger.net/web-security/file-path-traversal/lab-simple ![](https://i.imgur.com/jZwlB4P.png) ### https://portswigger.net/web-security/file-path-traversal/lab-absolute-path-bypass ![](https://i.imgur.com/kmDbca0.png)