HackMD - Collaborative Markdown Knowledge Base

Практическая работа 3 1. SQL-injection уязвимости: https://portswigger.net/web-security/sql-injection/lab-login-bypass ![](https://i.imgur.com/Enp7UdZ.png) https://portswigger.net/web-security/sql-injection/lab-retrieve-hidden-data ![](https://i.imgur.com/z2fe5QN.png) https://portswigger.net/web-security/sql-injection/union-attacks/lab-retrieve-datafrom-other-tables ![](https://i.imgur.com/ZhOUVAG.png) https://portswigger.net/web-security/sql-injection/examining-the-database/labquerying-database-version-mysql-microsoft ![](https://i.imgur.com/TnEAwcV.png) 2. XSS уязвимости: https://portswigger.net/web-security/cross-site-scripting/stored/lab-html-contextnothing-encoded ![](https://i.imgur.com/jeVqMOw.png) https://portswigger.net/web-security/cross-site-scripting/dom-based/lab-documentwrite-sink ![](https://i.imgur.com/xYdhTEq.png) https://portswigger.net/web-security/cross-site-scripting/contexts/lab-javascriptstring-angle-brackets-html-encoded ![](https://i.imgur.com/gsvSZBC.png) https://portswigger.net/web-security/cross-site-scripting/dom-based/lab-dom-xssreflected ![](https://i.imgur.com/zhJYYQ1.png) 3. CSRF: https://portswigger.net/web-security/csrf/lab-no-defenses ![](https://i.imgur.com/FHJw8d1.png) https://portswigger.net/web-security/csrf/lab-token-validation-depends-on-requestmethod ![](https://i.imgur.com/sDdA7jk.png) 4. SSRF: https://portswigger.net/web-security/ssrf/lab-basic-ssrf-against-localhost ![](https://i.imgur.com/3ISTJwu.png) https://portswigger.net/web-security/ssrf/lab-ssrf-filter-bypass-via-open-redirection ![](https://i.imgur.com/MNM7dNi.png) 5. RCE: https://portswigger.net/web-security/os-command-injection/lab-simple ![](https://i.imgur.com/cjzH2Pz.png) 6. Path traversal: https://portswigger.net/web-security/file-path-traversal/lab-simple ![](https://i.imgur.com/5MHfijz.png) https://portswigger.net/web-security/file-path-traversal/lab-absolute-path-bypass ![](https://i.imgur.com/hOvepwQ.png)