This lab contains a SQL injection vulnerability in the product category filter. The results from the query are returned in the application's response, so you can use a UNION attack to retrieve data ...

When performing any kind of testing of web applications, you may encounter challenges relating to session handling and state. For example, the application may terminate the session being used for ...

Malware – short for ‘malicious software’ – refers to code, scripts, or other forms of software created with some malign intent. Types of malware attack campaigns include banking trojans, ransomware, ...

This lab stores the user's password hash in a cookie. The lab also contains an XSS vulnerability in the comment functionality. To solve the lab, obtain Carlos's stay-logged-in cookie and use it to ...

Adding authentication credentials for web app sites enables Burp Scanner to discover and audit content that is only accessible to authenticated users.

This lab demonstrates a stored DOM vulnerability in the blog comment functionality. To solve this lab, exploit this vulnerability to call the alert() function. Launching labs may take some time, ...

This website has an unauthenticated admin panel at /admin, but a front-end system has been configured to block external access to that path. However, the back-end application is built on a framework ...

Sensitive Data Exposure vulnerabilities can occur when a web application does not adequately protect sensitive information from being disclosed to attackers. This can include information such as ...

In this section, we'll explain dangling markup injection, how a typical exploit works, and how to prevent dangling markup attacks. Dangling markup injection is a technique for capturing data ...

In this section, we'll describe client-side JSON injection as related to the DOM, look at how damaging such an attack could be, and suggest ways to reduce your exposure to this kind of vulnerability.

This lab contains a reflected cross-site scripting vulnerability in the search query tracking functionality where angle brackets and double are HTML encoded and single quotes are escaped. To solve ...

For websites that adopt a password-based login process, users either register for an account themselves or they are assigned an account by an administrator. This account is associated with a unique ...